LeakSnitch Logo

What We Detect

LeakSnitch scans what you type, paste, and upload on supported AI sites. High-risk secrets are stopped before they leave your browser. Other matches show a warning so you can decide.

All scanning runs locally in the extension. We do not send your prompts to our servers. Critical leaks (API keys, passwords, JWTs, and similar) are blocked even before you sign in. Sign in to unlock warnings, stats, and enterprise features.

Text We Catch

  • API keys, tokens, secrets (OpenAI, Anthropic, Stripe, AWS, OAuth, JWT, Hugging Face)
  • Passwords and environment variables, including natural phrases like "my password is …"
  • Database URIs (Postgres, MongoDB, MySQL, Redis, and more) and internal URLs
  • PII and sensitive IDs (Aadhaar, PAN, credit cards, emails, phones)
  • Financial, medical, student identifiers, and UPI IDs
  • Authorization headers and session cookies
  • DevOps workflow paths and config files that often contain secrets

High-confidence matches are blocked. Medium-risk items (many emails and phone numbers) trigger a warning.

Files We Scan

Scanned client-side before upload:

  • Text-like: .txt, .md, .log, .env, .ini, .cfg, .conf, .properties, .toml
  • Data/config: .json, .yaml/.yml, .xml, .csv, Dockerfile (and Containerfile), .yarnrc, .npmrc, .gradle
  • Code/web: .html/.htm, .js/.ts/.jsx/.tsx, .py, .rb, .php, .java, .go, .rs, .sh, .bat, .ps1, .sql
  • Office: .docx, .xlsx
  • PDF: basic text from uncompressed PDFs

Text files are read up to about 2MB. PDFs and office files up to about 4–6MB per file for speed.

API Keys, Tokens & Secrets

  • OAuth-style tokens (GitHub, Google, Slack, and similar prefixes)
  • API keys (OpenAI, Anthropic, Hugging Face, Google Cloud)
  • Payment secrets (Stripe live/test keys)
  • JWT and Bearer tokens
  • Passwords and environment variables
  • Database connection strings

If it unlocks something, we treat it as critical.

Web, SaaS & Cloud Oddities

  • Authorization and cookie headers with session material
  • Admin URLs with tokens in the query string
  • Internal doc references (Notion, Google Docs, Confluence)
  • S3 and GCS paths
  • Analytics and tracking IDs
  • CI workflow config paths under GitHub, GitLab, and similar

Unclean URLs and headers are flagged before they reach the model.

Personal, Financial & Medical

  • Bank accounts with IFSC
  • Medical and prescription references
  • Student roll numbers and grades
  • Invoice and tax IDs (GSTIN, TIN)
  • Employee and customer IDs
  • UPI IDs and payment links

Validated IDs (Aadhaar, cards) are treated as high risk.

IDs, Codes & Numbers

  • Aadhaar numbers (checksum validated)
  • Credit card numbers (Luhn validated)
  • PAN cards
  • Phone numbers (India and US formats)
  • Email addresses (warning tier in normal mode)

Strict mode in the extension treats more matches as blocks.

Browser & Tracking Data

  • User-Agent strings, IP addresses in debug output, and session identifiers

Useful when pasting logs or HAR snippets into a chat.

Custom Patterns & Company Secrets

  • Custom regex patterns (Enterprise)
  • Company-specific formats you define
  • Internal codes and proprietary strings

Add your own rules in the extension Detection tab when you have Enterprise access.

Redact Mode

Turn on Redact Mode and values like password: secret123 can be replaced with REDACTED before text is sent. Works with built-in and disclosure patterns.

How Detection Works

Pattern + context

Regex for known formats, plus phrases like "my API key is" so natural language leaks are caught.

Real-time

Runs as you type or paste on supported AI sites, with no server round trip.

Tiered response

Critical secrets are blocked. Medium risk shows a warning. You stay in control for edge cases.

Ready to Protect Your Secrets?

Install the extension and keep sensitive data out of AI chats.

Join Discord