API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.
With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate platform, extending visibility across the full API lifecycle. The new capability analyses code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection. As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.”
This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.
Nick Rago, VP of Product Strategy, Salt Security, said: “AI agents and MCP servers have transformed how digital systems communicate and act. By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”
Modern code repositories have become the blueprint for the wider API ecosystem, shaping how applications and AI agents interact. GitHub Connect enables organisations to identify shadow APIs and MCP servers by analysing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere. It also supports a “shift-left” approach to governance by highlighting high-risk MCPs in private repositories so that policy can be applied before deployment. By bringing code-level insights into Salt’s unified risk model, it ensures that APIs and MCPs discovered in source code receive the same risk scoring as those identified at runtime.
The post Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories appeared first on IT Security Guru.