BotBeat
...
← Back

> ▌

SieveSieve
PRODUCT LAUNCHSieve2026-05-19

Sieve: New macOS App Scans AI Chat Histories for Leaked API Keys

Key Takeaways

  • ▸Sieve detects leaked API keys, tokens, and passwords in AI chat histories from Claude Code, Cursor, VS Code Copilot, and other assistants
  • ▸Privacy-by-design architecture keeps all scanning local with no cloud sync, account requirement, or telemetry
  • ▸Includes Vault feature for secure secret storage and MCP integration with Claude Code for programmatic secret checking
Source:
Hacker Newshttps://apps.apple.com/us/app/sieve-secret-scanner/id6767409365?mt=12↗

Summary

Sieve, a new macOS application, addresses a critical security vulnerability facing developers who use AI coding assistants. The app scans local chat histories from Claude Code, Cursor, VS Code Copilot, Windsurf, and other AI tools to identify accidentally leaked secrets including API keys, tokens, passwords, and private keys before they can be exploited.

Developed by Sunitha Vaishnavi Nalainthran, Sieve implements a privacy-first approach with all scanning occurring locally on the user's Mac—no data leaves the device and no cloud sync or account is required. Beyond detection, the tool offers a Vault feature for secure secret storage backed by macOS Keychain, redaction capabilities for found secrets in chat databases, and integration with Claude Code via a local MCP server.

The tool directly addresses a significant blind spot in developer security: chat histories with AI assistants often inadvertently contain sensitive credentials from copy-pasted code, error messages, or autocomplete suggestions. With developers increasingly relying on AI coding assistants, Sieve provides an essential defense against the accidental exposure of authentication credentials.

  • Open-source core (SieveCore) and macOS-native integration via security-scoped bookmarks

Editorial Opinion

Sieve fills a critical gap in developer security that will only grow more important as AI assistants become central to development workflows. The privacy-first approach is commendable—respecting that developers' chat histories are sensitive data while providing the security benefit is exactly the right tradeoff. As AI tool adoption accelerates, expect to see similar secret-scanning tools emerge for other platforms.

CybersecurityStartups & FundingAI Safety & AlignmentPrivacy & Data

Comments

Suggested

LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
OpenAIOpenAI
INDUSTRY REPORT

Investigation Uncovers AI-Generated Deepfakes in Lily Jay Foundation Charity Fraud

2026-07-04
AppleApple
RESEARCH

Researchers Discover Six Vulnerabilities in Apple AirDrop and Google/Samsung Quick Share Protocols

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us