What is Secret Scanning (Tool Output)?

Secrets in code and configuration are a perennial security problem. GitHub reports detecting over 100 million leaked secrets in repositories in a single year. When AI agents read files, query APIs, or interact with development tools, they encounter these secrets in tool responses — and without scanning, the secrets enter the agent's context.

Once a secret is in the agent's context window, it can propagate in several dangerous ways. The agent may include the secret in a subsequent tool call — passing an API key to a logging service, or embedding a database password in a generated configuration file. The secret may appear in the agent's response to the user, in chat logs, or in telemetry data. Each propagation path is a potential leak.

The problem is amplified by the range of tools agents use. A file system tool reading .env files, a git tool showing commit diffs, a database tool returning configuration tables, or an API tool fetching cloud metadata — all are common sources of accidentally exposed secrets. The agent does not know that a string is a secret; it treats all context equally.

Secret scanning at the tool output layer catches exposed secrets before they enter the agent's context. Known secret patterns — API key formats, JWT structures, private key headers, connection string formats — are detected and redacted or blocked. This prevents the agent from ever seeing the secret, eliminating the propagation risk entirely.

Intercept can scan tool responses for secret patterns before they reach the agent. Output policies define regex patterns matching common secret formats — AWS keys, GitHub tokens, database connection strings, private key blocks — and redact or block responses containing matches. This prevents secrets from entering the agent's context window, regardless of which tool returned them. The audit trail logs detection events (without the secret itself) for security team review.