(MENAFN- GlobeNewsWire - Nasdaq) BOSTON, Dec. 05, 2025 (GLOBE NEWSWIRE) -- Entro Security, a leading enterprise security platform for AI Agents & Non-Human Identities (NHIs), today detailed its role in helping enterprises detect and contain the impact of the Shai Hulud 2.0 software supply chain attack, which exposed hundreds of thousands of developer and CI/CD secrets affecting over 1,000 organizations.
The Shai Hulud 2.0 campaign has rapidly become one of the most significant npm supply chain incidents to date, compromising hundreds of open-source dependencies and mass publishing stolen credentials into attackers' public GitHub repositories. Hours after the campaign was publicly disclosed on November 24, 2025, by Aikido Security, Entro's research team cloned and analyzed over 30,000 Shai Hulud 2.0 repositories, tying exfiltrated data to 1,195 organizations worldwide, including major banks, governments and Fortune 500 technology companies. In many environments, high-value CI and cloud secrets remained valid more than 72 hours after the attack became public.
Early response: analysis and free secrets checker

As part of its initial response, Entro published a technical analysis of the attack that reframed the incident into a large-scale exposure of environments, non-human identities and secrets across CI pipelines, developer endpoints and cloud workloads.

To help defenders decide whether their own environments were caught in the blast radius, Entro also released “ Are My Secrets Out?”, a free online checker that lets organizations safely test whether their secrets appear in the Shai Hulud 2.0 dataset. The tool has been promoted broadly to the security community and is available to any organization. To date, there have been over 73,000 visits to the tool.
“Early analysis focused on the GitHub repos Shai Hulud created. What we saw in the raw data was something more serious, memory snapshots and environment dumps from real CI runners and developer machines, with live cloud and SaaS credentials still usable days later,” said Adam Cheriki, Entro's co-founder and CTO.“That is why we decided to publish our findings, ship a free checker and start proactively notifying affected organizations as fast as possible.”

Proactive outreach to hundreds of affected organizations

Based on the vast dataset and decoded environment artifacts, Entro initiated a responsible disclosure effort, reaching out directly to affected organizations as well as its own global customer base. The company prioritized environments where Entro validation showed that non-human identities and secrets remained live and usable.

One of the environments that ran Shai Hulud 2.0 malware belonged to Elastic, a leading search and security company and an Entro customer. In Elastic's public incident blog, Chief Information Security Officer Mandy Andress highlighted Entro's role in detecting the exposure:

“Through our partner, Entro, Elastic was made aware that an Elastic continuous integration (CI) pipeline had run the Shai Hulud 2.0 malware...”

The affected Elastic pipeline, used for GitOps automation, published data to a public GitHub repository. According to Elastic's disclosure, the company removed the compromised open-source dependency, identified impacted pipelines and users, and rotated all non-ephemeral secrets. Their investigation concluded there was no impact to Elastic customers and that the pipeline was not associated with any Elastic product.
Early public coverage of the campaign on Cyber Security News cited Entro's telemetry and research to quantify the impact.

Shai Hulud 2.0: a wake-up call for non-human identity security

“Shai Hulud 2.0 is a preview of how quickly malware can turn everyday pipelines into a full inventory of your secrets and non-human identities,” said Itzik Alvas, Co-founder and CEO at Entro Security.“If you only scan code, you are missing the real blast radius. You need to know which identities were exposed, what they can access and whether they have truly been revoked.”

Security teams can use Entro's “Are My Secrets Out?” tool to quickly test whether their secrets appear in the Shai Hulud 2.0 dataset, and then plug Entro into their environment for continuous discovery, monitoring and lifecycle management of AI agents, NHIs and secrets across cloud, CI/CD and SaaS.

For more information about Entro's Shai Hulud 2.0 research and response, visit entro.

About Entro Security

Entro is the leading enterprise security platform for AI Agents & Non-Human Identities. It discovers every API key, token, AI agent, and service account across the software development lifecycle. Entro then builds a contextual inventory that ties each machine identity or exposed secret to purpose, permissions, and human owners. Powered by the pioneering NHIDRTM engine, the platform detects behavioral anomalies for automated, risk-based remediation.

Entro delivers end-to-end governance, reduces identity sprawl, and secures agentic AI adoption. Trusted by global Fortune 500 enterprises, Entro has received numerous acknowledgments and recognitions including Gartner® Cool VendorTM within months of founding, CRN Stellar Startup and Startup achievement of the year (2025).

Media Contact:
Nirit Icekson
...rity

MENAFN05122025004107003653ID1110442385