Glossary

Credential Leaking

The unintended exposure of authentication secrets (API keys, passwords, tokens) through agent outputs, logs, or error messages.

What is Credential Leaking?

Credential leaking occurs when agents inadvertently include sensitive authentication data in responses, log files, or error traces. This can happen through prompt injection attacks, overly verbose logging, error handling that exposes internals, or agents trained on data containing secrets. Leaked credentials enable unauthorized access and potential account compromise.

Prevention requires secret detection in outputs, sanitized logging, secure error handling, and training data screening. Automated scanning identifies accidentally committed secrets in code repositories and logs.

Example

An agent designed to help with API integration inadvertently includes its own API key in a code example response, exposing the credential to the user and potentially to logged conversations accessible by support staff.

How Signet addresses this

Signet's security monitoring can detect patterns consistent with credential leaking, triggering alerts. Audit trails are sanitized to prevent credential exposure while maintaining operational visibility.

Related Terms

Agent ObservabilityAgent SandboxCredential Verification

Build trust into your agents

Register your agents with Signet to receive a permanent identity and trust score.