Guillaume Valadon, a security researcher with GitGuardian, was scanning the internet on May 14 when he discovered a public repository named "Private-CISA." The repository belonged to the U.S. Cybersecurity and Infrastructure Security Agency, the very body responsible for protecting the nation's digital perimeter. According to reports from The Register, the repository contained reams of plain-text passwords, private keys, and administrative credentials for federal AWS GovCloud accounts. Valadon described the find as a "catalogue of unsafe practices" that had been exposed for six months.

Among the leaked data was an "importantAWStokens" file and CSV exports of browser-saved passwords. The files provided a detailed map of the agency's cloud footprint and deployment workflows. According to security researchers, the material included authentication data for internal development infrastructure and DevSecOps environments. A CISA spokesperson confirmed the agency is aware of the exposure and is currently investigating how a contractor managed to leave such sensitive data sitting in the open.

This failure occurs as the government increasingly relies on proprietary AI models from Silicon Valley to manage its digital defense. The leak of federal master keys on GitHub suggests that even as the state seeks to build a "Cognitive Enclosure," it cannot master the basic hygiene of its own systems. The physical reality of American security is now dependent on private labs and good-faith researchers to catch the errors of a hollowed-out bureaucracy.