AI code assistants can leak credentials

Faiz Ahmed Farooqui published a threat model on dev.to that warns developers about leaking secrets when using AI code assistants [DevTo]. The model breaks the AI-assistance workflow into three leakage paths: explicit snippets, auto-attached context, and the model's own output. For example, a developer may paste a stack trace containing a live DATABASE_URL, or the model may echo back a credential into a commit message or PR description [DevTo].

The article contrasts free/consumer tiers, where inputs are retained and may be used for model training, with paid Pro, Team, and Enterprise plans that include contractual “no-training” guarantees [DevTo]. However, even with these guarantees, the prompt request traverses the provider's logging and abuse-detection infrastructure, which remains opaque.

To mitigate these risks, organizations should adopt a zero-trust prompt posture: mask all credentials with placeholders, enforce an AI-tool ignore file, and run a secret-scan before every prompt [DevTo]. This approach recognizes that the real risk isn't a rogue provider, but the unchecked data flow that any third-party service introduces. By taking these steps, developers can reduce the risk of credential exposure and protect their engineering pipelines.