New capability for the Salt Illuminateโข platform moves discovery “From Code to Context,” identifying risky MCP servers and shadow APIs before deployment.
Salt Security, the leader in API security, launched GitHub Connect, the latest expansion of its industry-first Salt Cloud Connect capability. This launch is the latest step in Salt’s rapid pace of innovation to secure the Agentic AI Action Layer. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.
With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminateโข platform, extending visibility across the full API lifecycle. The new capability analyzes code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection.ย As Gartnerยฎ notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.” (Gartner,ย How MCP and the A2A Protocols Impact API Management, 25 August 2025.)
This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.
“AI agents and MCP servers have transformed how digital systems communicate and act,” saidย Nick Rago, VP of Product Strategy, Salt Security.ย “By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”
Modern code repositories are the blueprint for the API fabric, defining how applications and AI agents connect and behave. GitHub Connect empowers customers to:
- Proactively discover shadow APIs andย MCP serversย by analyzing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere.
- Extend posture governance “shift-left”ย by finding high-risk MCPs in private repositories and applying policy before they are deployed.
- Strengthen Salt’s unified risk modelย by applying the same Risk Score to APIs and MCPs discovered in code as those found in runtime.
“GitHub Connect demonstrates our commitment to continuous innovation,” saidย Michael Nicosia, Co-founder and COO, Salt Security.ย “By bringing repository-level insight into Salt Illuminateโข, we’re empowering organizations to secure the action layer of AI from development through production.”
