Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Every AI coding agent writes the secrets you paste straight to a plaintext history file — and nobody scans it

0
Medium
Security-newscybersecurityreddit
Published: 07/13/2026 (07/13/2026, 17:34:42 UTC)
Source: Reddit Cybersecurity

Description

Many AI coding agents log user inputs, including secrets such as API keys and credentials, to local plaintext history files. These logs are reused as context by the agents, causing secrets to persist and potentially be exposed. There is currently no widespread scanning or auditing of these history files for leaked secrets. An open-source tool named agentsweep has been developed to detect and redact secrets from these local history files for multiple AI coding agents.

Reddit Discussion

r/cybersecurity·posted by u/Ishannaik
00

Pen-testers and blue-teamers: your devs are pasting API keys, DB URLs, .env contents, and cloud creds into Claude Code / Cursor / Copilot chat all day. Those tools log the conversation to a local plaintext file — and re-read it as context, so the secret keeps resurfacing long after.

I wrote an open-source CLI (agentsweep) that:

- Scans agent history with ~191 detection rules (ported from gitleaks) plus a BIP-39 seed-phrase detector

- Covers ~30 agents (Claude Code, Cursor, Codex, Cline, Aider, Windsurf, and more)

- Redacts in place with atomic writes, .bak backups, post-write validation, and full undo

- Read-only by default; nothing destructive without a typed confirm

Curious how your orgs currently handle secrets leaking into AI-tool history, and whether anyone is auditing it yet.

https://github.com/Ishannaik/agent-sweep/

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 18:02:35 UTC

Technical Analysis

AI coding agents like Claude Code, Cursor, Copilot, and others store user-pasted secrets (API keys, database URLs, .env contents, cloud credentials) in local plaintext history files. These files are read repeatedly by the agents to provide context, causing secrets to remain accessible long after initial input. There is no indication that these history files are routinely scanned or audited for sensitive data leakage. The issue affects multiple AI coding agents and poses a risk of secret exposure on developer machines. A community-developed CLI tool, agentsweep, uses detection rules to scan and redact secrets from these history files safely.

Potential Impact

The impact is the potential unintended exposure of sensitive secrets stored in plaintext on local developer machines. These secrets could be accessed by unauthorized users or malware if the local environment is compromised. The persistence of secrets in agent history files increases the risk of accidental leakage or misuse. However, there is no evidence of active exploitation in the wild at this time.

Mitigation Recommendations

No official patches or vendor advisories are available for this issue. Organizations should audit their use of AI coding agents and assess whether secrets are being stored in plaintext history files. The open-source tool agentsweep can be used to scan and redact secrets from these files safely. Developers should avoid pasting sensitive secrets into AI coding agents or use environment variables and secure vaults instead. Regularly reviewing and cleaning local history files is recommended until official mitigations are provided.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a55282f68715ace43999c24

Added to database: 07/13/2026, 18:02:23 UTC

Last enriched: 07/13/2026, 18:02:35 UTC

Last updated: 07/14/2026, 02:47:28 UTC

Views: 14

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses