Detection
Regex for known secret formats (AWS keys, GitHub tokens). Entropy-based for high-entropy strings. ML classifier for context.
Advertisement
Tools
TruffleHog, gitleaks, detect-secrets. Originally for code scan. Extended for AI outputs.
Advertisement
Action
Detect → block output → alert. Never let secret reach user.
Provider role
OpenAI + Anthropic sometimes filter leaked keys pre-response. But not comprehensive — deploy own layer.