Even when a developer is careful to use a .env file, the moment a key is mentioned in a chat or read by the agent to debug a connection, it is recorded in one of the IDE caches (~/.claude, ~/.codex, ~/.cursor, ~/.gemini, ~/.antigravity, ~/.copilot etc)

Within these logs I found API keys and access tokens were sitting in plain text, completely unencrypted and accessible to anyone who knows where to target when attacking.

I made an open source tool called Sweep, as part of my immunity-agent repo (self-adaptive agent). Sweep is designed to find these hidden leaks in your AI tool configurations. Instead of just deleting your history, it moves any found secrets into an encrypted vault and redact the ones used in history.

We also thought about exploring post hook options but open to more ideas

Honestly thought Claude would at least encrypt before storing but this is dangerous