Is Your Claude Code Leaking API Keys? Free Release of 'Mamoru Secret' Plugin to Prevent Secret Leaks
MONO BRAIN Inc. has released "Mamoru Secret," a free plugin for the AI coding tool "Claude Code," designed to detect and block secret leaks such as API keys and access tokens in real time. This aims to strengthen countermeasures against new information leakage pathways emerging with the use of AI agents.
📋 Article Processing Timeline
- 📰 Published: June 14, 2026 at 23:10
- 🔍 Collected: June 14, 2026 at 14:18
- 🤖 AI Analyzed: June 14, 2026 at 14:21 (2 min after Collected)
MONO BRAIN Inc. has released "Mamoru Secret," a free plugin for the AI coding tool "Claude Code," which detects and blocks secret leaks such as API keys, access tokens, and passwords.
"Mamoru Secret" real-time scans prompt transmissions, Bash command executions, file writings, and command outputs that occur during Claude Code's operation, preventing authentication information from being mixed into the AI agent's context or deliverables.
The convenience of Claude Code also creates new pathways for secret information leaks.
AI coding agents like Claude Code significantly streamline code generation, research, and modification tasks. However, they also create new information leakage pathways that did not exist in traditional development workflows.
If these include API keys or access tokens, authentication information may be unintentionally incorporated into the AI agent's context and remain in logs, deliverables, or external service integration processes.
In daily development work, secrets naturally find their way into the AI agent's execution path.
"Hooks" are effective for preventing secret leaks.
In the era of AI coding, examining before and after Git commits is no longer sufficient for secret countermeasures.
Authentication information can be passed to the AI agent through prompts or command outputs before it is committed. Therefore, it is crucial to monitor the AI agent precisely when it is actually operating.
Claude Code provides a Hooks feature that allows processing to be inserted before and after user input or tool execution.
"Mamoru Secret," a plugin for easy introduction of secret leak countermeasures.
"Mamoru Secret" is a secret leak countermeasure plugin developed for Claude Code.
After installation, it is automatically integrated into Claude Code's Hooks, enabling secret protection without changing the development workflow.
It also supports web UI detection history confirmation, whitelist management, and false positive feedback functions.
The design is based on continuous operation for both individual and team use.
For governance functions such as detection log management, member management, and policy settings for teams, please feel free to contact us via the inquiry form.
Confirmation of zero leaks in 153 detection test patterns.
"Mamoru Secret"'s detection engine supports 109 major types of API key and token formats, including OpenAI, Anthropic, AWS, GitHub, Stripe, and Slack.
By combining regular expressions, high entropy detection, and key name heuristics, it broadly detects both known service-specific keys and generic secret-like strings.
In automated tests using 153 patterns of secret fixtures, all 153 cases were successfully detected, confirming zero detection leaks.
Verification of false positives on 780,000 files using a proprietary developed model.
Secret detection tools should not simply increase detection sensitivity. If they excessively detect code identifiers, dummy values, hash values, and template variables, they will become tools that only hinder developers' work.
"Mamoru Secret" conducted verification on 100 OSS repositories and 780,461 files. Based on the 19,258 actual false positive patterns collected there, it is equipped with an XGBoost-based false positive reduction model.
By re-evaluating secret likelihood based on features such as token length, entropy, character class ratio, CamelCase transition count, and contextual keywords, it achieves both high-sensitivity detection and false positive suppression.
About AI Security Platform "MODEL SAFE"
"MODEL SAFE" is an AI security platform that prevents prompt injection, external linkage risks, confidential information leakage, and agent runaway in enterprise use of AI agents and AI coding tools.
It comprehensively monitors AI input/output, permissions, external communications, and execution logs to support companies' safe AI utilization.
MONO BRAIN Inc. Company Overview
Representative Director: Masanori Kato
Business: Development and provision of the AI security and governance platform "MODEL SAFE".
"Mamoru Secret" real-time scans prompt transmissions, Bash command executions, file writings, and command outputs that occur during Claude Code's operation, preventing authentication information from being mixed into the AI agent's context or deliverables.
The convenience of Claude Code also creates new pathways for secret information leaks.
AI coding agents like Claude Code significantly streamline code generation, research, and modification tasks. However, they also create new information leakage pathways that did not exist in traditional development workflows.
If these include API keys or access tokens, authentication information may be unintentionally incorporated into the AI agent's context and remain in logs, deliverables, or external service integration processes.
In daily development work, secrets naturally find their way into the AI agent's execution path.
"Hooks" are effective for preventing secret leaks.
In the era of AI coding, examining before and after Git commits is no longer sufficient for secret countermeasures.
Authentication information can be passed to the AI agent through prompts or command outputs before it is committed. Therefore, it is crucial to monitor the AI agent precisely when it is actually operating.
Claude Code provides a Hooks feature that allows processing to be inserted before and after user input or tool execution.
"Mamoru Secret," a plugin for easy introduction of secret leak countermeasures.
"Mamoru Secret" is a secret leak countermeasure plugin developed for Claude Code.
After installation, it is automatically integrated into Claude Code's Hooks, enabling secret protection without changing the development workflow.
It also supports web UI detection history confirmation, whitelist management, and false positive feedback functions.
The design is based on continuous operation for both individual and team use.
For governance functions such as detection log management, member management, and policy settings for teams, please feel free to contact us via the inquiry form.
Confirmation of zero leaks in 153 detection test patterns.
"Mamoru Secret"'s detection engine supports 109 major types of API key and token formats, including OpenAI, Anthropic, AWS, GitHub, Stripe, and Slack.
By combining regular expressions, high entropy detection, and key name heuristics, it broadly detects both known service-specific keys and generic secret-like strings.
In automated tests using 153 patterns of secret fixtures, all 153 cases were successfully detected, confirming zero detection leaks.
Verification of false positives on 780,000 files using a proprietary developed model.
Secret detection tools should not simply increase detection sensitivity. If they excessively detect code identifiers, dummy values, hash values, and template variables, they will become tools that only hinder developers' work.
"Mamoru Secret" conducted verification on 100 OSS repositories and 780,461 files. Based on the 19,258 actual false positive patterns collected there, it is equipped with an XGBoost-based false positive reduction model.
By re-evaluating secret likelihood based on features such as token length, entropy, character class ratio, CamelCase transition count, and contextual keywords, it achieves both high-sensitivity detection and false positive suppression.
About AI Security Platform "MODEL SAFE"
"MODEL SAFE" is an AI security platform that prevents prompt injection, external linkage risks, confidential information leakage, and agent runaway in enterprise use of AI agents and AI coding tools.
It comprehensively monitors AI input/output, permissions, external communications, and execution logs to support companies' safe AI utilization.
MONO BRAIN Inc. Company Overview
Representative Director: Masanori Kato
Business: Development and provision of the AI security and governance platform "MODEL SAFE".
FAQ
What kind of tool is Mamoru Secret?
It's a free plugin that detects and blocks real-time leaks of secret information like API keys when using Claude Code.
Why is there a risk of secret leakage with Claude Code?
AI agents create new information leakage pathways not present in traditional development, where authentication info can be unintentionally incorporated into the AI's context.
What are the main features of Mamoru Secret?
Real-time scanning, detection history, whitelist management, and false positive feedback, automatically integrated with Claude Code's Hooks feature.
How accurate is the detection?
It supports 109 types of API key formats, with zero leaks confirmed in 153 test patterns. False positives were also verified on 780,000 files.
What is MODEL SAFE?
It's an AI security platform designed to prevent security risks like prompt injection and data leakage during enterprise use of AI agents and AI coding tools.