Login

u/dan_l2

▲ 2 r/Information_Security

AI API key patterns in public GitHub code: 189K to 435K

I’ve been tracking aggregate GitHub code search counts for common AI provider key prefixes.

July 2025 snapshot: 189,600 potential matches. Latest snapshot: 435,608.

These are not confirmed active keys. The count can include examples, revoked keys, test strings, and false positives. No secrets or repository contents are stored.

Still, the direction is concerning as AI keys increasingly connect to agents, tools, email, databases, and workflows.

Curious how others are handling prevention and rotation in practice.

reddit.com
u/dan_l2 — 5 days ago
▲ 6 r/devsecops

AI API key matches in public GitHub code went from 189K to 435K

Last July I tracked 189,600 potential AI API key matches in public GitHub code search.

The latest snapshot is 435,608.

Important caveat: these are potential matches, not confirmed active keys. They can include examples, revoked keys, test strings, and false positives. No secrets or repository contents are stored.

Still, the trend seems worth discussing: as AI agents connect to email, databases, MCP servers, and production workflows, leaked provider keys become more than a billing problem.

Curious how teams here are handling this in practice: pre-commit scanning, GitHub secret scanning, CI gates, key rotation, developer training, something else?

reddit.com
u/dan_l2 — 5 days ago
▲ 3 r/SideProject

I wanted to keep vibe coding from the bathroom, so I built this

The problem: every time I walked away from my laptop, my coding agent would immediately need one tiny approval, clarification, or “should I continue?” like it had separation anxiety.

So I built Armorer Gauntlet: a mobile PWA for controlling local coding-agent sessions from your phone.

It lets you scan a QR code, pair your phone, see sessions, send instructions, approve supported requests, and get push notifications when the agent needs you.

The agent still runs on your own machine. Your phone does not get your laptop credentials. The relay is self-hosted, and messages are end-to-end encrypted between the phone and daemon.

Technically it’s a pocket control plane for local agents.

Spiritually it is bathroom-driven development.

Repo:

https://github.com/ArmorerLabs/Armorer-Gauntlet

Would love feedback, feature ideas, or bug reports from anyone else trying to let their agents cook while they are away from the keyboard.

u/dan_l2 — 8 days ago
▲ 13 r/OppoFindN6+2 crossposts

Looking for a slim / premium case

Any recommendations? I wasn't a big fan of the stock case, so I'm currently going caseless. I'm looking for something nice that offers better grip while still maintaining a slim profile

reddit.com
u/dan_l2 — 11 days ago