BigID is the first and only data security platform to discover, classify, and secure sensitive data inside AI instruction files

BigID, the leading data security and AI governance platform, announced support for Markdown (.md) file scanning and classification. With this capability, BigID becomes the only DSPM solution capable of discovering, classifying, and securing sensitive data embedded in the AI instruction files that power today’s coding tools, agent frameworks, and developer workflows.

The Problem: A Blind Spot Security Teams Don’t Know They Have

As vibe coding and AI-native development become standard enterprise practice, a new class of sensitive artifact has emerged: the AI instruction file. These Markdown documents tell AI models how to behave, what systems to access, and how to handle business-critical operations. Common examples include Claude skills, Cursor rules, GitHub Copilot instructions, MCP server configurations, and custom agent system prompts.

Marketing Technology News: MarTech Interview with Miguel Lopes, CPO @ TrafficGuard

By design, developers load instruction files with the context that makes AI tools effective:

• Internal API structures and access patterns
• Database schema details and authentication flows
• Proprietary business logic and deployment architecture
• Credentials, tokens, and API keys

These files are plaintext Markdown: human-readable, but invisible to every DLP and DSPM tool on the market. Traditional security tools were built for structured data. They cannot parse what’s inside an unstructured .md file, and most organizations have no idea how many of these files exist across their repositories, shared drives, and developer environments.

What BigID Now Enables

With Markdown file support, BigID delivers end-to-end visibility and control over AI instruction files across the enterprise:

• Discovery: Find .md files across cloud storage, code repositories, collaboration platforms, and developer workstations
• Classification: Identify sensitive data within Markdown content, including PII, credentials, API keys, proprietary IP, and internal access patterns
• Risk scoring: Assess exposure by file, data type, and owner, and prioritize what needs immediate action
• Remediation: Restrict access, quarantine files, alert data owners, and integrate with existing security workflows
• Broad format coverage: Claude skills, Cursor rules, GitHub Copilot instructions, MCP server configurations, and custom agent system prompts

Marketing Technology News: Is the Traditional CDP Already Out of Date?

Why It Matters Now

Vibe coding — the practice of directing AI coding assistants with natural language to generate entire applications — has dramatically accelerated how fast instruction files proliferate and how much sensitive context ends up inside them. The faster developers move with AI, the more they front-load instruction files with internal system context to get better output. The volume of these files is growing faster than any manual review process can handle.

Traditional DLP and DSPM tools cannot keep up. They excel at structured data: databases, cloud buckets, SaaS platforms with defined schemas. A credential fragment inside a developer instruction narrative will not match a DLP pattern. An API key embedded in a workflow description goes undetected. The result is a fast-growing layer of sensitive data living in repositories and shared drives, outside the reach of every security control in place.

“Markdown files are the new shadow data,” said Dimitri Sirota, CEO of BigID. “They are everywhere in modern development environments, human-readable but invisible to security tools, and they contain more sensitive context than most security teams realize. BigID can now find, classify, and protect what is inside them, and that matters enormously as agentic AI becomes the default way enterprises build software.”