Agent Hush: Open-source tool prevents AI coding agents from leaking sensitive data

Agent Hush is an open-source tool that silently catches sensitive data before it leaves your machine. It was created by a developer whose AI coding agent pushed sensitive data including API keys, server IPs, and personal information to a public GitHub repository while they were working on an infosec project.
What Agent Hush addresses
The developer discovered this leak days after it happened and then examined other open-source repositories. They found that many developers are unknowingly shipping private information including:
- Real names in memory files
- Database credentials in configs
- SSH keys in dotfiles
Most developers have no idea this information is being exposed.
Tool details
Agent Hush is available on GitHub at https://github.com/elliotllliu/agent-hush. The tool specifically targets the scenario where AI coding agents might inadvertently include sensitive information in code commits or pushes to public repositories.
The developer's experience highlights a specific risk: while building a security project, their own AI agent leaked the very types of sensitive information the project was meant to protect. This tool was built as a direct response to that incident.
📖 Read the full source: r/openclaw
👀 See Also

jqwik v1.10.0 Sneaks Prompt Injection That Deletes Code When Used by AI Agents
Johannes Link added a hidden instruction to jqwik v1.10.0 that tells AI coding agents to delete all jqwik tests and code, concealed with ANSI escapes. Claude correctly flags it, but human users may not be so lucky.

Testing Uncensored Qwen 3.5 35B Models for Cybersecurity Questions
A cybersecurity professional tested three uncensored Qwen 3.5 35B models on hacking and security bypass questions, finding significant differences in response quality compared to the original censored model. The uncensored models consistently provided answers where the original model refused or gave incomplete responses.

Critical OpenClaw Security Vulnerabilities Patched in 2026.3.28
OpenClaw version 2026.3.28 patches 8 critical security vulnerabilities found by Ant AI Security Lab, including sandbox bypass, privilege escalation, and SSRF risks. Users on versions ≤2026.3.24 should update immediately.

Google Says Criminal Hackers Used AI to Find Zero-Day Vulnerability
Google disclosed that attackers used an AI agent to discover and exploit a previously unknown software flaw, marking the first confirmed case of AI-driven zero-day discovery in the wild.