Stop API Keys Being Pasted into ChatGPT
Credentials should not be rewritten or summarised. They should be blocked. When an API key, access token or password appears in a prompt, it should never reach a third-party AI service. Not sanitised. Blocked.
Ventrin is a Chrome extension that scans and sanitises employee prompts locally in the browser before they are sent to ChatGPT, Claude, Gemini or Copilot. When sensitive content is detected, Ventrin warns the employee, rewrites the prompt automatically, or blocks the send — depending on your team's policy. Sensitive data never leaves the device unintentionally. Admins see every risk event in a central dashboard.
Why API keys in AI prompts are a serious risk
Developers regularly use AI tools to debug code, review logic and solve integration problems. The fastest way to get a useful answer is to paste the actual code — including configuration, environment variables and authentication strings.
An API key exposed to a third-party AI service is effectively a leaked credential. It may appear in that provider's usage logs. It could be extracted from a shared chat. In organisations where session data is used for model training, the key could persist beyond the immediate interaction.
Credential exposure through AI tools is a growing attack surface that most security tooling does not currently monitor.
AWS access keys, GCP service account credentials and Azure tokens with broad access.
OpenAI API keys, Anthropic keys and similar tokens that carry billing and data access rights.
Stripe secret keys, PayPal tokens and other payment API credentials.
GitHub personal access tokens, GitLab CI tokens and deployment keys.
Bearer tokens, JWT secrets and session tokens used for internal service authentication.
RSA private keys, SSH keys, database passwords and plaintext credentials.
How Ventrin detects and blocks credentials
Ventrin uses pattern-based detection to recognise API key formats, token strings, private key blocks and password patterns. When a credential is detected in a prompt, Ventrin blocks the send immediately. The prompt does not proceed to the AI tool.
Credentials are different from PII. PII can often be generalised. A credential cannot. Rewriting "sk-proj-abc123" into "[API key]" and sending that version still tells the AI tool that a key exists and may provide enough context to cause harm. Ventrin's policy for credentials is always block.
Every credential detection event is logged in the admin dashboard with severity, type and timestamp.
Key Ventrin features for this use case
Recognises format patterns for major providers: AWS, GCP, OpenAI, Stripe, GitHub and more.
Credentials are blocked, not rewritten. The prompt cannot be sent until the key is removed.
Runs locally. The credential string never leaves the device through the AI tool pathway.
Every credential detection is a high-severity event in the admin log. Immediate admin visibility.
Block rules for credentials are always on. Admins can adjust surrounding context rules by team.
Security leads can review blocked events, identify repeat patterns and tighten developer workflows.
Credential and secrets detection matrix
How Ventrin handles each credential type detected in a prompt.
| Credential type | Pattern | Risk level | Action | Ventrin handling | Log event |
|---|---|---|---|---|---|
| AWS Access Key | AKIA[0-9A-Z]{16} |
Critical | Block | Detected by format pattern. Prompt blocked immediately. High-severity event logged. | CREDENTIAL_BLOCK |
| GCP Service Key | JSON key file content |
Critical | Block | Service account JSON blocks detected by structure. Prompt blocked. Admin alerted. | CREDENTIAL_BLOCK |
| OpenAI API Key | sk-[A-Za-z0-9]{48} |
High | Block | Detected by sk- prefix and length. Prompt blocked. Billing and data risk flagged. | CREDENTIAL_BLOCK |
| Stripe Secret Key | sk_live_[A-Za-z0-9]{24} |
Critical | Block | Live and test key formats both detected. Live keys flagged as critical. Block applied. | CREDENTIAL_BLOCK |
| GitHub Token | ghp_[A-Za-z0-9]{36} |
High | Block | Personal access and fine-grained tokens detected by format. Code access risk. Blocked. | CREDENTIAL_BLOCK |
| Bearer Token | Authorization: Bearer [token] |
High | Block | Auth header patterns detected in pasted code or curl commands. Blocked with warning. | CREDENTIAL_BLOCK |
| Password String | password=, pwd=, passwd= |
High | Block | Common password variable patterns detected in config or code snippets. Blocked. | CREDENTIAL_BLOCK |
| Private Key Block | -----BEGIN RSA PRIVATE KEY----- |
Critical | Block | PEM-format private key headers detected. Any key block causes immediate block. Critical event. | CREDENTIAL_BLOCK |
Built for teams that cannot afford a data incident
Local-first detection
The scanning model runs in your browser, not on our servers. Sensitive content never leaves the device for analysis.
No data egress
Ventrin does not receive, store or process your team's prompt content. Only risk event metadata is logged.
Configurable policy controls
Warn, sanitise or block based on content type and team role. Full control over how the extension behaves.
Admin event logs
Every flagged event is recorded with risk type, action and timestamp. Provides the audit trail your compliance process needs.
Protect your team's AI use from the browser
Ventrin deploys as a Chrome extension. No proxy, no network change, no IT project. Most teams are protected on the same day.
Frequently asked questions
Sanitising a credential removes the value but may still tell the AI tool that a key was present and what service it related to. That context has value in a security attack. More importantly, a block ensures the developer addresses the root cause: credentials should not be in prompts. Rewriting them does not teach the right behaviour.
That is the correct behaviour. Ventrin's goal is to prevent accidental exposure, not to prevent developers from getting help with debugging. The block prompts the developer to remove the credential and rephrase the question without it — which is exactly what they should do.
Ventrin detects credentials based on patterns associated with major services. For custom internal token formats, admins can add custom pattern rules in the policy engine. This allows teams with proprietary credential formats to extend detection to cover internal systems.
Yes. Ventrin scans the full prompt content, including code blocks, configuration snippets and JSON pasted into the prompt. If a credential pattern is found within a block of code, the prompt is still blocked.
Pattern-based credential detection is generally high precision. Strings that match API key formats but are not actual credentials may occasionally be flagged. Admins can review false positive events in the log and adjust sensitivity rules. The default posture for credentials is always to block.
CI/CD secret scanning catches credentials in source code commits. Ventrin catches them at the AI prompt box, which is a different exposure point. Developers who would never commit a key to a repository may still paste it into ChatGPT. Both controls are needed.
Let your team use AI without leaking sensitive data.
Join legal and professional teams already using Ventrin to protect their AI use. Browser-based, locally detected, fast to deploy.