R
Rune
Sign InGet Started
All Threats
criticalData Exfiltration·Detected in 6% of agent outputs

Secret and Credential Exposure in AI Agent I/O

Secret exposure happens when API keys, passwords, tokens, or private keys appear in agent inputs or outputs. This can occur accidentally — a user pastes code containing credentials — or through deliberate extraction attacks. Once exposed in an LLM conversation, secrets may be logged, cached, or sent to third-party services.

How It Works

1
Accidental input

Users paste code snippets, configuration files, or logs containing hardcoded secrets

2
Tool output leaking

Agent calls a tool that returns environment variables, config files, or database contents with embedded credentials

3
Prompt injection extraction

Attacker tricks agent into reading and outputting .env files, config.yaml, or other secret stores

4
Training data echoing

LLM regurgitates secrets it memorized from training data

Real-World Scenario

A developer asks an AI coding assistant to "fix the authentication in my app" and pastes their entire auth module, including a hardcoded Stripe API key (sk_live_...). The key is now in the LLM provider's logs, the monitoring dashboard, and potentially in training data.

Example Payload

The database credentials are password="SuperSecret123!" and the API key is sk_live_4eC39HqLyjWDarjtT1zdp7dc

This is an example for educational purposes. Rune detects and blocks payloads like this in real-time.

How Rune Detects This

L1 Pattern Scanning

Regex patterns detect Stripe keys (sk_live_*), GitHub tokens (ghp_*), AWS keys (AKIA*), private key headers (-----BEGIN PRIVATE KEY-----), and plaintext passwords.

L1 PII Scanning

Also catches SSNs, credit card numbers, and other PII that often co-occurs with credential exposure.

Policy Engine

Policies can block tool calls that access known secret stores (.env, /etc/shadow, credentials.json) and flag outputs containing high-entropy strings.

Mitigations

  • Scan both inputs and outputs for known secret patterns before processing
  • Redact detected secrets in logs and monitoring dashboards
  • Never store credentials in system prompts — use secure environment variable injection
  • Restrict agent file system access to prevent reading credential files

Related Threats

Data Exfiltration

How attackers use AI agents to steal sensitive data through tool calls, network requests, and output manipulation. Prevention strategies for production agents.

PII Exposure

How personally identifiable information (SSN, credit cards, addresses) leaks through AI agent inputs and outputs, and how to prevent it.

Protect your agents from secret exposure

Add Rune to your agent in under 5 minutes. Scans every input and output for secret exposure and 6 other threat categories.

Start Free — 10K Events/Month Read the Docs