Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency, is facing a congressional firestorm after a contractor published the keys to the kingdom on a public website. According to KrebsOnSecurity, a CISA contractor created a GitHub repository named 'Private-CISA' that contained plaintext passwords and AWS GovCloud keys for federal systems. Senator Maggie Hassan has demanded an immediate briefing, calling the lapse a 'serious security failure' at the very agency responsible for protecting the nation's digital walls.

This administrative suicide coincided with a massive supply-chain attack that breached GitHub itself. The Microsoft-owned platform confirmed that 3,800 internal code repositories were accessed after an employee installed a malicious software extension. Security researchers at BleepingComputer have linked the breach to a hacker group called TeamPCP, which is currently selling the stolen data for $50,000 on cybercrime forums.

This paper identifies the thread linking these events as the terminal failure of public-sector digital sovereignty. Following the leak of federal master keys, President Trump signed an executive directive that effectively leases the nation's cybersecurity to private labs like OpenAI and Anthropic. The state has admitted it cannot keep its own passwords in a desk drawer, and has responded by handing the keys to Silicon Valley monopolies.

In a series of posts on X, GitHub admitted it was investigating the 'Mini Shai-Hulud' worm that poisoned developer libraries. The breach was live for only 18 minutes, yet it was enough to exfiltrate thousands of internal documents. The 'Cognitive Enclosure' is now complete; the government has surrendered its defense to the same private entities that stand to profit from the collapse of public infrastructure.