Secret scanning for AI coding tools
Developers increasingly rely on AI coding tools like Cursor and Claude Code to write and modify code. These tools can inadvertently expose secrets: a developer might paste credentials into a prompt, or the AI agent might read a file or run a command that contains API keys or tokens. Once a secret reaches the AI model, it may be logged, cached, or sent to third-party services.
ggshield integrates with AI coding tools through their hook systems to scan interactions in real time. When a secret is detected, ggshield blocks the action before it reaches the model and tells the developer to remove the secret.
How it works
AI coding tools support hooks: custom commands that run at specific points during an AI interaction. ggshield registers as a hook and scans content at three stages:
| Stage | What it does | Behavior |
|---|---|---|
| Prompt submission | Scans the user's prompt before it is sent to the AI model | Blocks the prompt if secrets are found |
| Pre-tool use | Scans commands, file reads, and MCP calls before the AI executes them | Blocks the action if secrets are found |
| Post-tool use | Scans tool outputs after execution | Sends a desktop notification if secrets are found |
ggshield uses the same detection engine as all other scanning commands, covering over 500 types of secrets.
Prerequisites
ggshieldversion 1.49.0 or later- A GitGuardian API key (see Getting started)
- One of the supported AI coding tools: Cursor, Claude Code, or VS Code with GitHub Copilot
Installation
ggshield provides a one-command installer that writes the correct hook configuration for each tool.
Cursor
$ ggshield install -t cursor -m global
This writes hooks to your global .cursor/hooks.json file. To install for the current project only:
$ ggshield install -t cursor -m local
The generated configuration registers ggshield on all three hook stages (prompt submission, pre-tool use, and post-tool use).
Claude Code
$ ggshield install -t claude-code -m global
This writes hooks to your global .claude/settings.json file. To install for the current project only:
$ ggshield install -t claude-code -m local
The generated configuration registers ggshield on all three hook stages (prompt submission, pre-tool use, and post-tool use).
VS Code with GitHub Copilot
$ ggshield install -t copilot -m global
This writes hooks to your global VS Code settings. To install for the current project only:
$ ggshield install -t copilot -m local
The generated configuration registers ggshield on all three hook stages (prompt submission, pre-tool use, and post-tool use).
If you already have hook configurations for the target tool, ggshield merges its hooks into the existing file without touching other hooks. Use --force to overwrite ggshield's own hooks (for example, if they were customized and you want to reset them).
What the developer sees
When ggshield detects a secret, the AI coding tool displays a blocking message. For example, in Cursor:
Detected 1 secret
- Google API Key (valid): AIzaSyC****************-*********d5oii7Y
Please remove the secrets from the content before proceeding.
The prompt or action is blocked until the developer removes the secret and retries.
For post-tool-use detections (where the action already ran), ggshield sends a desktop notification alerting the developer.
Handling false positives
If ggshield blocks an action on a secret that is a known false positive, you can tell ggshield to ignore it:
$ ggshield secret ignore --last-found
This adds the detected secret to your .gitguardian.yaml ignore list. Future scans (including AI hook scans) will skip it.
Uninstallation
To remove the hooks, delete the ggshield entries from the tool's configuration file:
- Cursor:
.cursor/hooks.json - Claude Code:
.claude/settings.json - VS Code with GitHub Copilot: VS Code settings
See also
- ggshield secret scan ai-hook reference: CLI reference for the underlying scan command
- Getting started with ggshield: Installation and authentication
