Skip to main content

2 posts tagged with "api-keys"

View All Tags

Detection Engine Updates Version 2.136 + 2.137

calendar icon   Release Date: April 29, 2025

As AI adoption accelerates across organizations, securing API keys for platforms like Perplexity AI and Anthropic becomes increasingly critical. This update introduces specialized detectors for these emerging AI services alongside improvements to existing detectors and Azure cloud components.

New Detectors

Detector Improvements

  • LDAP CredentialsChecker Upgrade: Improved the LDAP checker to better distinguish between connection errors and invalid credentials. Updated ldap_credentials_assignment_with_dn to remove false positives.
  • JSON Web TokenDetector Upgrade: The detector will now detect all JWTs regardless of their contents.
  • Cloudinary API KeysDetector Upgrade: Extended charset of cloudinary_api_key_config to improve recall.
  • Auth0 KeysDetector Upgrade: Improved recall of the detector to detect more domains.
  • Claude API KeyDetector Upgrade: Refined regex for Claude API keys.
  • Riot Games API KeyChecker Updated: Banlist checker will be deleted.
  • LINE Notify TokenChecker Updated: Banlist checker as the service has been discontinued.

Detection Engine Updates Version 2.133

calendar icon   Release Date: February 27, 2025

This update introduces several critical security detectors for popular services, notably expanding OpenAI detection capabilities with new Project API Key, Admin API Key, and improved Service Account detection patterns. The addition of 1Password Service Account Token detection is equally significant, as both these services represent high-value security targets. OpenAI API keys provide access to powerful AI capabilities and could lead to substantial usage charges if compromised, while 1Password tokens could potentially expose entire password vaults containing sensitive credentials across an organization.

New Detectors

Improved Detection

  • OpenAI Service Account – Expanded pattern coverage for better identification.
  • Rails Master Key – Updated detection rules to minimize false positives.
  • GitHub Tokens – Improved recall and validation for GitHub authentication tokens.
  • Groq API Key – Enhanced detection rules for greater accuracy.
  • Artifactory Token – New checker added to improve detection effectiveness.
  • Generic Passwords – Excluded secrets containing ***** as they are likely false positives.
  • Dropbox Key – Detector group split into Dropbox Key and Dropbox Access Token for improved granularity.
  • FCM API Key – Validity check is no longer available since the API has been removed. While we can no longer retrieve the validity status for FCM secrets, we still detect the keys.