Looking for some unfiltered feedback from anyone actually using a context- and runtime-focused CSPM in production.
What are your biggest day-to-day pain points? Where does the marketing hype fall short?
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
- Github 5:18 AM · May 20, 2026
Update !
Dark Web Informer says "GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed
A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data.
The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity.
━━━━━━━━━━━━━━━━━━━━
Target: GitHub
Country: United States
Sector: Technology / Software Development / Source Code
Incident Type: Alleged Source Code Sale
Claimed Exposure: Around 4,000 private repositories
Actor: TeamPCP
Price: Offers over $50,000
━━━━━━━━━━━━━━━━━━━━"
TeamPCP hit them via VSCode extension:
https://www.aikido.dev/blog/github-breached-vs-code-extension
Thanks rowrowrobot for Info!
I recently saw a teammate about to paste a huge sales CSV into ChatGPT just to "clean the formatting." It hit me then: we’re all moving fast with AI, but we’re essentially flying blind when it comes to accidental data leaks.
Existing firewalls are usually too clunky, so we built DarkBarrier. The goal was to make something that actually understands context—it won't bug you over a grocery list, but it'll step in if it sees a sensitive sales forecast.
You can set it to a hard block or just a friendly "nudge," and even brand it so it feels like a helpful internal tool rather than a generic error message.
Curious how you’re all handling this? Are you blocking AI entirely, or just hoping for the best?
I recently saw a teammate about to paste a huge sales CSV into ChatGPT just to "clean the formatting." It was a massive wake-up call. We all want our teams to move fast with AI, but most companies are essentially flying blind when it comes to accidental data leaks.
I looked for a solution that wasn't a clunky corporate firewall, but couldn't find anything that balanced security with actual productivity. So, we built DarkBarrier.
The core of what we built is a context-aware "nudge." It’s smart enough to know the difference between a grocery list and a proprietary sales forecast, so it only steps in when it actually matters. We made it flexible—companies can set hard blocks for high-risk data or just friendly warnings for everything else.
As AI adoption becomes the standard, the "to block or not to block" dilemma is becoming a massive hurdle for scaling safely.
I’d love to hear from this group—how are you seeing your portfolio companies or the firms you follow manage this risk? Are they clamping down, or is there a shift toward more nuanced governance?
Watch In Action
youtube[dot]com/watch?v=vX0C5-k6G0c