Common secret patterns
Checks for AI provider keys, cloud credentials, package tokens, private keys, webhook URLs, signed URLs, bearer tokens, validated JWTs, and credential-bearing database URLs.
Built for the copy-paste moment.
The scanner is for prompts, logs, config snippets, and support/debugging text that may contain sensitive values.
Private-data warnings
Can also flag payment card, email, phone, and dashed US SSN patterns when those checks are useful for the prompt you are preparing.
Sanitized copy
Outputs a redacted version that keeps the structure of the text while replacing detected values with readable placeholders.
Local by design.
The free scanner runs in the browser tab. The launch extension uses static JavaScript and offline license activation for the core workflow.
No prompt upload
The scanner does not send prompt text to a backend, analytics SDK, or remote model call for detection.
Conservative detection
False positives matter. The detector avoids placeholder values, documentation examples, known test cards, invalid JWT-shaped strings, and UUID-like request IDs where possible.
Clear limits
This is a pattern-based safety check. It is not formal DLP, a secret inventory, or a guarantee that every possible secret will be found.
If a real key, token, password, private key, or signed URL may have been exposed, rotate it. Do not rely on any scanner as a substitute for credential rotation.
Start with the free scanner.
The demo is the lowest-friction way to test the detector and sanitizer before considering the installable browser extension.
Prompt Leak Guard reduces obvious accidental prompt leaks. It does not replace access controls, security review, or compliance review.