DETECTION RULES
Back to HomeWhat we block.
Every detection pattern is publicly transparent. No black boxes, no opaque rules - security teams can inspect, test, and verify every single pattern.
Detection patterns by category
All patterns are validated through regex matching, checksum validation (Luhn, Verhoeff), and Shannon entropy analysis to minimize false positives.
Credentials & Secrets
- API Keys (AWS, GCP, OpenAI, Anthropic, Stripe, HuggingFace)
- Tokens (JWT, OAuth, Bearer, Session Cookies, Base64 Auth)
- Database URLs & SSH Private Keys
- Slack Webhooks & S3/GCS Paths
Financial & Tax Data
- Credit/Debit Cards (Luhn)
- Bank Account + IFSC
- UPI IDs
- Payment QR Links
- GSTIN, TIN, Invoice/Tax IDs
Personal & Corporate PII
- Emails, Phone Numbers (US/IN), Aadhaar (Verhoeff), PAN, GPS
- Employee/Student IDs, Medical/Insurance numbers
- Internal .corp URLs, Confluence/Notion/SharePoint links
- Google Analytics IDs, Browser Fingerprints
File scanning included
Detection isn't limited to typed prompts. LeakSnitch scans uploaded files - spreadsheets, config files, PDFs, Office documents, code archives - for the same sensitive patterns. File content is read locally, scanned in real time, and never leaves your device.
Disclosure & File Parsing
- Natural language spills ("here is the secret...")
- High-entropy strings (entropy > 4.5)
- Parsed secrets from .env, JSON, YAML, and DevOps CI/CD configs
Monitored AI Platforms
How detection severity works
Every detection is scored on a 0-100 scale. Context signals boost confidence, questions reduce it.
Definitive secret exposure - passwords, API keys, tokens, credentials
Potential sensitive data - phone numbers, addresses, internal URLs
Contextual signals - generic data patterns with lower confidence