Secrets & Data Leaks Detection

Data leaks often stem from hardcoded credentials, misconfigured access controls, or unencrypted data flows. This category covers vulnerabilities leading to the exposure of Personally Identifiable Information (PII), API keys, and enterprise secrets across modern software supply chains.

Verified by Precogs Threat Research

How does Precogs AI detect PII and hardcoded secrets?

Static regex rules often miss obfuscated secrets or produce massive false positives. Precogs AI uses AI-powered entropy analysis and contextual comprehension to detect 100+ secret types (from AWS keys to GCP service accounts) across source code, raw binaries, and CI/CD pipelines with high fidelity.

Explore Secrets & Data Leaks by Category

Deep-dive into specific areas of secrets & data leaks to understand the attack surfaces, common vulnerability patterns, and how Precogs AI provides protection.

By Secret Type

Cloud Provider Keys

AWS Access KeysAWS Access Key IDs and Secret Access Keys hardcoded in source, config files, or compiled binariesGCP Service AccountsGoogle Cloud service account JSON keys and OAuth tokens embedded in applicationsAzure CredentialsAzure AD client secrets, storage account keys, and SAS tokens in code repositories

Database & Infrastructure

Connection StringsDatabase connection URIs with embedded credentials for PostgreSQL, MySQL, MongoDB, Redis
Passwords & CertificatesPlaintext passwords and TLS certificates stored in config files and environment variables

Code & API Keys

SSH & PGP KeysPrivate SSH keys and PGP keys committed to repositories or embedded in Docker images
API TokensGitHub PATs, Slack bot tokens, Stripe API keys, and third-party service credentials

PII & Regulated Data

Credit Card NumbersPCI DSS violations from credit card numbers in logs, databases, or source code
SSN & National IDsSocial Security Numbers and government IDs exposed in data pipelines
Email & PIIGDPR/CCPA violations from personal data in logs, error messages, and analytics

By Source Location

Detection Surfaces

Source CodeHardcoded strings in .py, .js, .go, .java files detected pre-commit and in CI/CD pipelines
Git HistorySecrets committed and later removed are still in .git history — Precogs scans the full commit log
Compiled BinariesStrings extracted from compiled executables, shared libraries, and firmware images
Config Files.env, .kubeconfig, docker-compose.yml, terraform.tfvars, and other infrastructure configs

Vulnerability Types

CWE-522

HIGH

Insufficiently Protected Credentials

Credentials stored with weak protection mechanisms — weak hashing (MD5, SHA-1 without salt), insufficient access control...

CWE-538

HIGH

Insertion of Sensitive Information into Externally-Accessible File or Directory

Storing secrets, credentials, or PII in files accessible via web server (public directories, git repos, backup files, .e...

CWE-540

HIGH

Inclusion of Sensitive Information in Source Code

Embedding internal URLs, infrastructure details, or employee information in source code comments or string literals that...

CWE-615

HIGH

Inclusion of Sensitive Information in Source Code Comments

Developers leaving passwords, TODO notes with credentials, internal API endpoints, or database connection strings in cod...

CWE-327-PII

HIGH

Weak Cryptography Protecting PII

Using deprecated algorithms (MD5, SHA-1, DES) to encrypt or hash PII, making the data vulnerable to brute-force attacks ...

CWE-1004

HIGH

Sensitive Cookie Without HttpOnly Flag

Session cookies and authentication tokens set without HttpOnly flag, making them accessible to JavaScript and vulnerable...

CWE-614

HIGH

Sensitive Cookie in HTTPS Session Without Secure Attribute

Authentication cookies transmitted over HTTPS that lack the Secure flag, allowing them to be sent over unencrypted HTTP ...

CWE-548

HIGH

Exposure of Information Through Directory Listing

Web servers configured to display directory listings that expose file names, backup files, configuration files, and pote...

Page 2 of 2
Next →

Recently Discovered in Secrets & Data Leaks

Browse the latest vulnerabilities and exposures dynamically tracked to the Secrets & Data Leaks domain.

Compiling vulnerability feed...

Detect Secrets & Data Leaks Vulnerabilities Automatically

Precogs AI scans your code and binaries for Secrets & Data Leaks vulnerabilities and generates AutoFix PRs — no manual review needed.

Start Free Scan