Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories

New capability for the Salt Illuminate™ platform moves discovery “From Code to Context,” identifying risky MCP servers and shadow APIs before deployment.

Salt Security, the leader in API security, launched GitHub Connect, the latest expansion of its industry-first Salt Cloud Connect capability. This launch is the latest step in Salt’s rapid pace of innovation to secure the Agentic AI Action Layer. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.

With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate™ platform, extending visibility across the full API lifecycle. The new capability analyzes code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection.  As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.” (Gartner, How MCP and the A2A Protocols Impact API Management, 25 August 2025.)

This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.

“AI agents and MCP servers have transformed how digital systems communicate and act,” said Nick Rago, VP of Product Strategy, Salt Security. “By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”

Modern code repositories are the blueprint for the API fabric, defining how applications and AI agents connect and behave. GitHub Connect empowers customers to:

• Proactively discover shadow APIs and MCP servers by analyzing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere.
• Extend posture governance “shift-left” by finding high-risk MCPs in private repositories and applying policy before they are deployed.
• Strengthen Salt’s unified risk model by applying the same Risk Score to APIs and MCPs discovered in code as those found in runtime.

“GitHub Connect demonstrates our commitment to continuous innovation,” said Michael Nicosia, Co-founder and COO, Salt Security. “By bringing repository-level insight into Salt Illuminate™, we’re empowering organizations to secure the action layer of AI from development through production.”

Availability

GitHub Connect is available immediately as part of the  Salt Illuminate™ platform.

To learn more about GitHub Connect, visit our blog article.

Source: Gartner Report, How MCP and the A2A Protocols Impact API Management, by  Shameen Pillai, Mark O’Neill etc., Aug 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Salt Security: The Salt Security API Protection Platform delivers comprehensive, AI-powered security, enabling organizations to confidently manage and secure their APIs throughout their entire lifecycle, regardless of where they are deployed. By integrating its deep, contextual API threat detection with native AWS services like AWS WAF, Salt creates a powerful, closed-loop security system. Salt’s platform provides panoramic and continuous discovery of the entire API Fabric, proactive API posture governance, and adaptive, real-time threat protection.

Media Contact
Dr. Karl Bateson
karlb@salt.security