Sieve: Local Secret Scanner for AI Coding Tool Chat Histories

Sieve is a macOS app that detects leaked secrets (API keys, tokens, passwords) from AI coding assistant chat histories. It targets a blind spot: while standard git scanners miss these local transcript stores, Sieve reads SQLite databases and plaintext files where agents record their actions.
What it scans
- Claude Code (~/.claude/)
- Cursor (Application Support/Cursor/)
- VS Code Copilot (Application Support/Code/)
- VS Code Insiders (Application Support/Code - Insiders/)
- Windsurf (Application Support/Windsurf/)
- Codex (~/.codex/)
- .env files in your project directories
Key features
- 100% local scanning — no network requests, no telemetry, no account required.
- Severity-based flagging of detected secrets.
- Redaction directly in VS Code SQLite chat databases (.vscdb), with timestamped backups before changes.
- Vault — new secret values stored in macOS Keychain, never exposed; copying requires Touch ID or login password.
- MCP integration — a local MCP server for Claude Code to check for exposed secrets, query findings, and run commands with vault-injected credentials without revealing raw secret values.
- Open source core (SieveCore).
Permissions model
Sieve uses macOS security-scoped bookmarks. On first launch, you grant read access to each tool's folder via a standard Open dialog. No further prompts after initial grant.
Practical concern
AI coding tools routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript/state files — unencrypted, outside .gitignore, persisted indefinitely. Sieve fills the gap that gitleaks and detect-secrets miss.
Available on the Mac App Store for $9.99. Requires macOS 13.0 or later. Size: 4 MB.
📖 Read the full source: HN AI Agents
👀 See Also

Google Reports AI-Powered Hacking Reached Industrial Scale in 3 Months
Google's threat intelligence group found criminal and state groups are using commercial AI models (Gemini, Claude, OpenAI) to refine and scale attacks. A group nearly leveraged a zero-day for mass exploitation, and others are experimenting with the unguarded OpenClaw agent.

Malicious Google Ad Targets Claude Code Installation
A malicious Google ad appears as the top result for 'install claude code' searches, attempting to trick users into running suspicious terminal commands. The ad was still active as of March 15, 2026, and the author narrowly avoided executing the code.

Claude Code Finds 23-Year-Old Linux Kernel Vulnerability
Anthropic researcher Nicholas Carlini used Claude Code to discover multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had been hidden for 23 years. The AI found the bugs with minimal oversight by scanning the entire kernel source tree.

FreeBSD Kernel RCE via kgssapi.ko Stack Buffer Overflow (CVE-2026-4747)
A stack buffer overflow in FreeBSD's kgssapi.ko module allows remote kernel RCE with root shell via NFS server. The vulnerability affects FreeBSD 13.5, 14.3, 14.4, and 15.0 versions before specific patches.