Congress wants answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen.

Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information.

Security firm GitGuardian said it discovered a public GitHub repository last week that exposed credentials for privileged AWS GovCloud accounts and internal CISA systems dating back to November. The repository, apparently maintained by a contractor, was named “Private-CISA.” 

Krebs on Security first reported the incident.

“My main fear … is that a state actor will get the data and might be able to do bad stuff,” GitGuardian security researcher Guillaume Valadon told CyberScoop that he thought to himself upon discovering the leak, after concluding it was real; he initially thought it looked fake.

State-based attackers who obtained the credentials “might be able to gain persistence,” Valadon said, “so for me it’s even worse than an attacker destroying everything, having someone in a governmental system — it’s really, really bad.”

A House Homeland Security Committee aide said the panel is seeking a staff-level briefing from CISA on the matter.

Mississippi Rep. Bennie Thompson, the top Democrat on the Homeland Security Committee, and Delia Ramirez, the top Democrat on the panel’s cyber subcommittee, had separately demanded a briefing Tuesday in a letter to CISA’s acting director, Nick Andersen. 

They said they wanted to learn “how this serious security lapse occurred, any potential security consequences, remediation activities, corrective actions related to the contractor personnel involved, and efforts to monitor for and prevent similar activity from occurring in the future.”

Sen. Maggie Hassan, D-N.H., also sent a letter Tuesday to Andersen, seeking a classified briefing to answer questions about which systems were exposed, what forensic work CISA did to evaluate potential damage and what corrective action it has taken.

“This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches,” Hassan wrote in the missive first reported by Axios, particularly “regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure.”

Both letters pointed to personnel and budget cutbacks at the agency as a potential contributor to the incident.

CISA said it was looking into what happened.

“The Cybersecurity and Infrastructure Security Agency is aware of the reported exposure and is continuing to investigate the situation,” a spokesperson said. “Currently, there is no indication that any sensitive data was compromised as a result of this incident. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.” 

The repository was reportedly maintained by a contractor at Nightwing. A Nightwing spokesperson referred questions to CISA.

The kind of exposure that happened for CISA “is an unfortunately painful, but common and repeated, if not relentless, way that we see organizations inadvertently leak very sensitive credentials to the wider web,” said Ben Harris, founder of WatchTowr, a company that helps organizations detect such exposures.

Harris told CyberScoop he didn’t want to speculate on what attackers who obtained the credentials might be able to do with it, but he said that it would be “terrifying” if the contractor was transferring information from work to home, as one researcher theorized.

Dave Mitchell, senior director of threat intelligence at Infoblox, told CyberScoop the incident showed the importance of teams having controls and audits in place across their repositories.

“Of all the things that keep me up at night, misconfigurations in GitHub are a recurring nightmare. It’s critical for so many organizations — all it takes is one accidental upload or misconfiguration and you’ve signed yourself up for a major incident,” he said in a written statement. “No need for a threat actor to use advanced techniques to compromise you if the keys are already sitting on the counter.”

Travis Rosiek, public sector chief technology officer at Rubrik, noted that the timing of the issue aligned with the government shutdown that only recently resolved for DHS. He said the incident showed the federal government needs to prioritize resilience.

“A persistent shortage of cybersecurity talent, combined with funding lapses, high workforce turnover, and an increasingly complex threat landscape, created the perfect storm for this scenario,” he said in a written statement to CyberScoop. “No organization is immune, and we must ensure that the federal government, which is responsible for helping protect the nation’s critical infrastructure and enhancing our cybersecurity posture, remains fully operational 24-7, 365 days a year.”

Without minimizing the severity of the incident, some researchers who have looked at the leak said there are mitigating circumstances that make elements of it defensible or, at least, understandable.

CISA acted very swiftly to remove the repository, Valadon said, once he alerted them to the leak.

And even if CISA has the right policies in place, human error still can make it difficult to entirely avoid incidents like this, Harris said.

“The reality is this happens every single day to different organizations, including cybersecurity companies,” he said, noting it would be different if it was a pattern. “This is not exclusive to CISA. I don’t really think it reflects well if we saw this every single day with CISA. … It’s not ideal that it’s even happened once, but the reality is that cybersecurity is people, process, technology.”

CISA has had other security incidents in the past, including recently. The former acting director of the agency endured criticism for uploading sensitive contract data to ChatGPT last year. In 2024 the agency notified Congress of a breach of a chemical plant security tool.

Updated 5/20/26: to include more information on a House Homeland Security Committee briefing request.

The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first on CyberScoop.

The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities.

Wednesday brought a closed-door briefing for the House Homeland Security Committee from Anthropic. The chairman of the panel’s cybersecurity subcommittee said he is planning to hold a hearing on the topic. And committee Democrats are requesting a classified briefing with Anthropic.

A committee aide who attended the briefing said it included a live demonstration of Mythos, “allowing members to see firsthand how advanced AI can identify and reason through software vulnerabilities. What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them.”

A number of key lawmakers, including top committee Democrat Bennie Thompson of Mississippi and GOP cyber subcommittee chair Andy Ogles of Tennessee, told CyberScoop they weren’t able to attend Wednesday’s briefing. A second source who attended said it was a “productive” meeting.

“Members on both sides were focused on preserving U.S. advantage in AI, which basically came down to preserving our edge on compute power,” the source said. “They were also asking questions about whether the federal government was using Mythos, including about where CISA is and the impact of the supply chain risk designation.”

The Hill reported that Wednesday’s briefing was led on the Anthropic side by Logan Graham, from the company’s frontier red team, and Josh Tilstra, from the firm’s national security programs and policy team. It follows another recent closed briefing with Anthropic and OpenAI for the House Homeland Security Committee.

Ogles told CyberScoop he plans to hold a hearing of his subcommittee related to Mythos, but wasn’t able to attend Wednesday’s briefing due to scheduling conflicts. The top Democrat on Ogle’s subcommittee, Delia Ramirez of Illinois, also was unable to join due to prior commitments, but she was set to receive a rundown from staff about Wednesday’s briefing, her office said.

There’s a divide on which federal agencies are using Mythos thus far. For example: CISA reportedly isn’t, but the National Security Agency is. 

The federal divide on its use follows a Department of Defense blacklist that labeled the company a “supply chain risk” after Anthropic resisted pressure from the Pentagon to use its Claude AI model in ways the company opposed. The department says it has been using Mythos to identify cyber vulnerabilities despite the blacklist.

A turf battle is brewing within the Trump administration over testing of AI models, The Washington Post reported this week. Connecticut Rep. Jim Himes, the top Democrat on the House Intelligence Committee, said this week that it would be ‘insane” for U.S. spy agencies not to have early access to advanced AI models.

The Mythos briefing came one day after OpenAI announced its own cybersecurity initiative.

The committee aide said that “as the PRC aggressively works to close the AI innovation gap with the United States, the committee remains focused on ensuring that America’s AI leadership translates into a durable national security advantage, not a temporary lead that adversaries can copy, steal, or rapidly commoditize.”

Updated 5/13/26: to include comment from a committee aide who attended the briefing.

The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop.

Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation.

Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference.

Ramirez first won election to Congress in 2022 and was reelected in 2024. She has served as the vice ranking member of the committee since 2023. She is now the ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection.

She has leveled criticisms during committee hearings about the Trump administration’s personnel cutbacks at the Cybersecurity and Infrastructure Security Agency, and was critical of how data was secured under the administration’s Department of Government Efficiency initiative led by Elon Musk.

“Under a Musk and Trump presidency, it’s clear that the security of Americans’ information is not a priority. I mean, a private civilian with no security clearance bullied his way into the Treasury, set up private servers, and stole sensitive information from an agency. If that isn’t a national security crisis, a cybersecurity  crisis –then I don’t know what is,” Ramirez said at an early 2025 hearing. “The true threat to our homeland security is ‘fElon’ Musk, Trump, and their blatant misuse of power to steal information and coerce employees to leave agencies.”

She cosponsored legislation last year meant to strengthen the cybersecurity workforce by promoting measures to help workers from underrepresented and disadvantaged communities to join the field.

But she also had criticisms of U.S. cybersecurity under the Biden administration, including of Microsoft’s role in the SolarWinds breach.

In a statement about her appointment Tuesday, Ramirez took aim at at Trump, Vice President JD Vance, Department of Homeland Security Secretary Markwayne Mullin and White House homeland security adviser Stephen Miller.

“It’s clear that the security of our communities’ information, federal networks, and critical infrastructure have not been priorities” under them, she said. “Between the security failures of DOGE, the abuses of immigrant families’ data, and the decimation of CISA’s workforce and resources, Republicans have demonstrated a lack of interest in safeguarding our nation’s cybersecurity and our residents’ civil rights and privacy. In neglecting necessary oversight, Republicans have deregulated emerging technologies, allowed bad actors to profit from violations of our civil rights, and consented to the weaponization of government systems. It is more critical than ever that we assert our Congressional authority and disrupt the blatant corruption making us all less safe.”

Swalwell left the position following his resignation from Congress as a representative from California amid allegations of sexual misconduct.

Her ascension completes a full leadership turnover for the subcommittee. Rep. Andy Ogles, R-Tenn., took over the gavel late last year after former chairman Andrew Garbarino, R-N.Y., took over as chairman of the full committee.

The subcommittee is set to hold a hearing Wednesday on CISA and its role as the sector risk management agency for a number of critical infrastructure sectors.

Updated 4/28/26: to include comment from Ramirez.

The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop.