LONDON, UK / AGILITYPR.NEWS / November 18, 2025 / Salt Security, the leader in API security, launched GitHub Connect, the latest expansion of its industry-first Salt Cloud Connect capability. This launch is the latest step in Salt’s rapid pace of innovation to secure the Agentic AI Action Layer. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms and applies the same proven ease of use to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact - now finding them in code before they are ever deployed.

With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate™ platform, extending visibility across the full API lifecycle. The new capability analyses code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritised by Salt's traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection. As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.” (Gartner, How MCP and the A2A Protocols Impact API Management, 25 August 2025.)

This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organisations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance and enables teams to reduce risk across the full API lifecycle.

“AI agents and MCP servers have transformed how digital systems communicate and act,” said Nick Rago, VP of Product Strategy, Salt Security. “By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”

Modern code repositories are the blueprint for the API fabric, defining how applications and AI agents connect and behave. GitHub Connect empowers customers to:

• Proactively discover shadow APIs and MCP servers by analysing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere.
• Extend posture governance "shift-left" by finding high-risk MCPs in private repositories and applying policy before they are deployed. 
• Strengthen Salt’s unified risk model by applying the same Risk Score to APIs and MCPs discovered in code as those found in runtime.

“GitHub Connect demonstrates our commitment to continuous innovation,” said Michael Nicosia, Co-founder and COO, Salt Security. “By bringing repository-level insight into Salt Illuminate™, we’re empowering organisations to secure the action layer of AI from development through production.”

Availability

GitHub Connect is available immediately as part of the  Salt Illuminate™ platform.

To learn more about GitHub Connect, visit our blog article.

Source: Gartner Report, How MCP and the A2A Protocols Impact API Management, by  Shameen Pillai, Mark O'Neill etc., Aug 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Salt Security: The Salt Security API Protection Platform delivers comprehensive, AI-powered security, enabling organizations to confidently manage and secure their APIs throughout their entire lifecycle, regardless of where they are deployed. By integrating its deep, contextual API threat detection with native AWS services like AWS WAF, Salt creates a powerful, closed-loop security system. Salt's platform provides panoramic and continuous discovery of the entire API Fabric, proactive API posture governance, and adaptive, real-time threat protection.