Lawmakers are demanding answers from CISA after a contractor intentionally published AWS GovCloud keys and internal agency secrets on a public GitHub repository. The exposed data included plaintext credentials to dozens of CISA systems, raising serious security concerns at the nation's top cybersecurity agency.

Sen. Maggie Hassan led the congressional inquiry, questioning how such a breach could occur at the agency responsible for protecting U.S. critical infrastructure. Rep. Bennie Thompson echoed concerns about a diminished security culture following massive workforce departures during the Trump administration. The incident coincides with CISA losing over a third of its staff and most senior leadership.

More than a week after discovery, CISA continues rotating exposed credentials, including an RSA private key that granted full access to the agency's GitHub organization. Security experts warn attackers could read private repositories, hijack CI/CD pipelines, and modify admin settings. The exposed secrets provided a roadmap for adversaries like China and Russia.

This incident exposes fundamental gaps in contractor oversight and technical safeguards. While GitHub offers policy controls to prevent credential exposure, determined individuals can circumvent protections using personal accounts. The breach demonstrates that insider threats remain challenging to detect and prevent, even at agencies tasked with leading national cybersecurity efforts.