Firmis Labs
Back to Journal
Agentic SecurityJanuary 22, 2026·6 min read

Why Gitleaks Isn't Enough for AI Agent Security

Gitleaks is excellent at finding secrets in your code. But it doesn't understand that your MCP config just exposed those secrets to 5 connected AI tools.

TL;DR

  • Gitleaks is excellent - 18k stars, 700+ patterns, industry standard for secret scanning
  • But it treats agent configs as regular files. It doesn't understand agent topology.
  • Agent-aware scanning maps which tools can reach which credentials - context changes severity
  • Keep Gitleaks for your code. Add Firmis for your agent stack.

Gitleaks Is a Great Tool

Let's start here: if you're not running Gitleaks, start now. 18k+ GitHub stars, 700+ detection patterns, battle-tested across millions of repos. It's the industry standard for finding secrets in your codebase.

18k+
GitHub Stars
700+
Detection Patterns

This post isn't about replacing Gitleaks. It's about what it was never designed to do.

The Gap: Agent-Aware Detection

Gitleaks finds secrets. Firmis understands what can reach them.

Gitleaks finds

HIGH
AWS key in .env
Rule: aws-access-key-id

Found the secret. Job done.

Firmis finds

CRITICAL
AWS key in .env
→ Accessible to 5 MCP servers
→ 1 server has network access
→ Data exfiltration risk: high

Found the secret + what can reach it + what that means.

Finding the secret is step one. Knowing what can reach it is the part that matters.

What 'Agent-Aware' Means

  • Maps which tools can read which credentials
  • Understands that ~/.aws/credentials in an MCP config means ALL connected tools can access it
  • Detects that file access + network access = potential exfiltration vector
  • Traces the agent → tool → credential → network topology

What Gitleaks Misses in Agent Stacks

Tool poisoning patterns

Known-malicious tools

Permission over-grants

MCP server topology

Prompt injection payloads

Cross-platform threats

The Recommendation

Use Both

  • Keep Gitleaks for your codebase - it's excellent at what it does
  • Add Firmis for your agent stack - agent-aware scanning that understands topology
  • They're complementary: Gitleaks protects your code, Firmis protects your agent infrastructure

Generic secret scanning finds what's exposed. Agent-aware scanning tells you who can exploit it.

Previousmcp-scan vs Firmis: Which MCP Security Tool?
NextOpenClaw Security: Built-in Audit vs Full Stack Scanning

Try It Now

Find out if your agent stack is safe

One command. 30 seconds. Free.

$npx firmis-cli scan

Fix and Monitor included with Pro

View pricing