May 18, 2026
Your AI spilled the tea — and the keys
Sieve – scans Cursor/Claude chat history for leaked API keys
A panic button for people who accidentally spill passwords into AI chats
TLDR: Sieve is a Mac app that checks AI assistant chat history for accidentally exposed passwords and access keys, all without sending data off your computer. The early reaction is basically equal parts relief and embarrassment: people love the idea because many clearly fear they’ve already pasted something they shouldn’t have.
File this under modern developer nightmare fuel: a Mac app called Sieve promises to scan your AI chat history and catch secret passwords, login keys, and private access codes you may have accidentally pasted into tools like Claude, Cursor, Copilot, Windsurf, and Codex. The sales pitch is basically, “Yes, your chatbot memory might be a security disaster, and yes, we can check it before it blows up.” Even better for the privacy crowd, the app says everything happens on your computer only, with no cloud upload, no account, and no tracking.
And the tiny but telling community reaction? Instant recognition, mild panic, and a lot of ‘wow, this is painfully relatable.’ The strongest vibe wasn’t outrage at the app — it was people admitting they absolutely have messy setups full of secret files and have been letting AI tools roam around them anyway. One commenter practically burst in saying the timing was perfect because they were already frustrated, juggling secret-filled project files while using large language models — AI chatbots that help write code — for everything from server setup to automation. That comment reads like the entire mood of the thread: thank God someone finally made a broom for this mess.
The hot take lurking underneath is deliciously awkward: AI coding helpers save people tons of time, but they may also tempt users into casually tossing sensitive information into chat windows. The joke writes itself — the robots are helping build your system and maybe also collecting your worst copy-paste mistakes.
Key Points
- •Sieve scans local AI coding assistant histories and project `.env` files for exposed secrets such as API keys, tokens, passwords, and private keys.
- •The article says Sieve supports Claude Code, Cursor, VS Code Copilot, VS Code Insiders, Windsurf, and Codex, using specified local directories on macOS.
- •Sieve Vault stores rotated replacement secrets using macOS Keychain, with copying protected by Touch ID or the Mac login password.
- •Sieve includes a local MCP server for Claude Code and can run commands with vault-injected credentials without revealing raw secret values.
- •The product advertises privacy-by-design features including no network requests, no cloud sync, no account requirement, no telemetry, local SQLite findings storage, and Keychain-only secret storage.