AI Leak Checker

Prevent accidental exposure of API keys, passwords, and PII in AI chat interfaces

🛡️ AI Security for ChatGPT & Claude - Stop Data Leaks Before They Happen Accidentally pasting production secrets into AI chat platforms happens more than you think. One leaked API key can cost you thousands in unauthorized usage or compromised systems. AI Leak Checker is your personal secret scanner and credential protection system - catching sensitive data before you hit send, so you can use AI tools safely without the paranoia. Real-time data leak prevention for ChatGPT, Claude, and other AI platforms. 🎯 **What We Detect - 24+ Built-in Secret Scanners** **API Keys & Developer Credentials:** - OpenAI keys (sk-*, sk-proj-*) - AWS credentials (AKIA*, AWS_SECRET_ACCESS_KEY) - GitHub tokens (ghp_*, gho_*, github_pat_*) - Stripe API keys (sk_live_*, pk_live_*) - Google API keys, Firebase keys, Anthropic keys - Slack tokens, Docker Hub tokens, npm tokens - 20+ more API key patterns for popular services **Private Keys & Certificates:** - RSA private keys (PEM format) - EC private keys - OpenSSH private keys - PGP/GPG keys **Financial Data:** - Credit card numbers (Visa, Mastercard, Amex - Luhn validated) - IBAN (International Bank Account Numbers) **Personal Information (PII Scanner):** - Email addresses - UK phone numbers - UK National Insurance numbers - US Social Security Numbers - High-entropy secrets (passwords, tokens) ⚡ **How Our Data Leak Prevention Works** When you type or paste into ChatGPT or Claude, AI Leak Checker: 1. **Scans locally** - Pattern matching + entropy analysis in your browser 2. **Warns instantly** - Modal alert if sensitive information is detected 3. **Gives you control** - Choose to mask, send anyway, or cancel All detection happens on your device. Zero data egress. Your prompts never leave your browser. ✨ **Key Features - Developer Security Tool Built for Real-World Use** **Smart Detection Engine** - 24+ credential protection patterns with regex + entropy analysis - Context-aware scoring (boosts confidence when near keywords like "password:", "token:") - Low false positive rate (< 5%) through careful tuning - Works with code snippets, logs, config files, and plain text **Flexible Protection** - Three sensitivity levels: Low (strict patterns only), Medium (balanced), High (aggressive) - Enable or disable specific detector types (e.g., turn off email detection, keep API keys) - Custom allowlists for safe patterns (e.g., allow sk-test-* for test keys) - Per-site scanning configuration **One-Click Remediation** - **Mask & Continue**: Automatically redact secrets (e.g., `sk-abc123` → `[REDACTED_OPENAI_KEY]`) - **Send Anyway**: Override warning when you're certain it's safe - **Cancel**: Return to editing without submitting **Transparency & Statistics** - Real-time detection counters (blocked, redacted, bypassed) - Per-detector breakdown (see what's being caught) - Export statistics as CSV for compliance reporting - Clear all data at any time - Fully open source - audit the code yourself 🔧 **Easy Configuration** Click the extension icon to access settings: - Toggle 24+ individual detectors on/off - Adjust sensitivity level with one click - Add allowlist patterns with regex support - View detection statistics dashboard 📊 **Supported Platforms** ✅ **AI Chat Platforms**: ChatGPT (chat.openai.com, chatgpt.com), Claude (claude.ai) ✅ **Browsers**: Chrome, Edge, Brave, Arc, and all Chromium-based browsers 🔜 Coming Soon: Google Gemini, Microsoft Copilot, Perplexity AI 🔒 **Privacy-First by Design - Your Data Stays on Your Device** **Zero-Knowledge Architecture:** - All secret scanning happens **locally** in your browser - No prompt content storage - we never save what you type - No analytics, telemetry, or tracking - No data sent to external servers (not even anonymized) - Minimal permissions - only ChatGPT and Claude domains **Security Guarantees:** - Manifest V3 compliant (latest Chrome security standard) - Open source and auditable on GitHub - Regular security audits - No third-party dependencies with network access Read our full Privacy Policy: https://laypal.github.io/ai-leak-checker/privacy/ 📋 **Common Use Cases - Who Needs Data Leak Prevention?** **Developers & Engineers** - Review code snippets without exposing `.env` files or config secrets - Debug production issues without leaking database credentials - Share error logs without exposing API keys in stack traces **Support & Customer Success Teams** - Troubleshoot customer issues without leaking auth tokens - Share technical details without exposing customer PII - Use AI for ticket responses safely **Security & Compliance Officers** - Reduce risk of accidental data exposure to third-party AI services - GDPR/SOC2-friendly protection against PII leaks - Audit trail for security incident prevention **Marketers & Analysts** - Analyze customer data without accidentally sharing emails or phone numbers - Use AI for data insights without compliance violations - Protect customer PII during AI-assisted reporting **Students & Researchers** - Get homework help without exposing school credentials - Share academic work without leaking personal information - Use AI tutoring safely ⚙️ **Technical Details** **Performance:** - Lightweight: Under 1MB extension size - smaller than a typical photo - Fast: Scans in under 50ms - faster than you can blink - Non-blocking: Runs only when you interact with AI platforms **Architecture:** - Built with TypeScript for type safety and reliability - Manifest V3 compliant (modern Chrome extension standard) - Content scripts for DOM interception - Local-only detection engine (no ML/AI inference to preserve privacy) - Configurable via JSON (easy to extend) **Quality Assurance:** - 200+ unit tests for detection accuracy - E2E testing on real AI platforms - Property-based testing for edge cases - Continuous integration with automated testing 📚 **Getting Started - 2-Minute Setup** 1. **Install** the extension from Chrome Web Store 2. **Visit** ChatGPT or Claude 3. **Test** by pasting a sample API key (e.g., "My key is sk-test123") - you'll see the warning modal 4. **Configure** detectors in the extension popup to match your needs 5. **Use AI safely** - the extension runs silently in the background, only alerting when needed ⚡ **Join Developers Protecting Their Data** 🆚 **Why Choose AI Leak Checker Over Enterprise DLP?** **vs. Enterprise Data Loss Prevention (DLP) Tools:** - No complex deployment - install in 2 minutes, not 2 weeks - No performance overhead - only runs on AI chat sites - No proxy servers or network configuration - Free and open source - no per-seat licensing **vs. Post-Facto Logging Tools:** - **Prevents** leaks before they happen (vs. detecting after the fact) - **Blocks submission** at the browser level (vs. logging for audit) - **Privacy-preserving** - no central logging of sensitive data **vs. Manual Copy-Paste Review:** - **Instant feedback** - catches mistakes in real-time - **Comprehensive** - detects 24+ secret types you might miss - **Consistent** - never gets tired or distracted 🔗 **Open Source & Community** - **GitHub Repository**: https://github.com/laypal/ai-leak-checker - **Privacy Policy**: https://laypal.github.io/ai-leak-checker/privacy/ - **Report Issues**: https://github.com/laypal/ai-leak-checker/issues - **Contribute**: We welcome pull requests and feedback - **Roadmap**: See planned features and vote on priorities --- **Important Note**: AI Leak Checker is designed as a "seatbelt" for AI tools - essential protection for everyday use. It's not a comprehensive enterprise security platform, but provides robust protection against accidental credential leaks, API key exposure, and PII disclosure when using AI chat platforms. **Not a replacement for**: Enterprise DLP, secrets management systems (Vault, AWS Secrets Manager), or secure development practices. It's a complementary safety layer for developers using AI tools.