Vertical Dev

Dev Teams, Copilot, and the Quiet Secret Leakage Problem

Copilot and ChatGPT are the two largest new secret-leak vectors in engineering orgs. Here is the pragmatic mitigation stack that does not slow developers down.

PromptShielder Security Team· Applied cryptography & privacy engineering October 7, 2025 7 min read

Where the leaks actually happen

  • Debugging session: developer pastes a stack trace including a real database URI.
  • Copilot completion: developer accepts a suggestion that includes a nearby hard-coded key.
  • 'Explain this' prompt: developer pastes a config file with the credentials still in place.
  • Test-data generation: developer pastes real production rows.

The three-layer defence

Layer 1 — prefix your own secrets

Every secret your platform issues should have a recognisable prefix. Stripe's `sk_live_`, GitHub's `ghp_`, and OpenAI's `sk-` are the model. When your internal auth service issues API keys, prefix them (`acme_live_...`) so every detector — including PromptShielder's built-in `SECRET` category — catches them by default.

Layer 2 — pre-commit + pre-push scanning

gitleaks, trufflehog, ggshield. Standard. Catches leaks that reach a commit.

Layer 3 — browser-edge redaction

The layer for leaks that never touched git. PromptShielder's `SECRET` detector covers Slack tokens, Stripe live/test, GitHub PAT, SendGrid, npm, GitLab, PEM private-key blocks and generic `password=` patterns. Add your own prefix to the custom-terms list and the coverage matches your platform.

Frequently asked

Does GitHub secret scanning cover Copilot chats?+

No. It covers commits, not chat contents.

Can I run a local model for this?+

You can. Regex on prefixes is faster and cheaper for well-formed secrets. Save the model for the unstructured leaks.

Sources
Vertical DevTechnical
Try PromptShielder

Redact prompts before they leave your browser.

Free to try. Nothing is sent to a server. Ever.