In early March, the GitGuardian cybersecurity research team joined several hundred cryptographers, security engineers, and practitioners in Taipei for the tenth edition of the Real World Cryptography Symposium (RWC 2026). Held from March 9 to 11, the conference lived up to its name: three dense days of talks grounded in the reality of production-deployed crypto-systems.
Beyond oolong drinking and the night markets, Taipei had more serious business to offer: GitGuardian was there to present our own research. We took the stage on Day 3 to share the findings behind "Private Key Leaks in the Wild", mapping 945,560 leaked private keys to 139,767 certificates through Certificate Transparency logs, evidence that key material escaping into the wild is not a niche incident but a systemic problem.
Extract from GitGuardian's presentation: four to five thousand certificates are compromised every year because of a leaked private key.
Across the three days, recurring themes emerged: the industry-wide migration toward post-quantum algorithms and its hard engineering trade-offs; formal verification maturing into a practical tool; privacy-enhancing technologies finding their way into production systems; and secure channels and PKI infrastructure proving more fragile than assumed. All talks are worth a read or a replay, and the recordings are already available online.
