Millions of Developers Are Feeding Their API Keys to AI — Are You One of Them?

You open a project in VS Code. Claude Code is active in the terminal. You click on a line in your .env file — maybe to copy a value, maybe just to check something. You highlight the line: STRIPE_SECRET_KEY=sk_live_4xKj2... That key is now in the AI's context window. It will be sent to Anthropic's servers on the next request. No warning appeared. No prompt asked for confirmation. It just happened. This is not a theoretical vulnerability. It is the default behaviour of every AI coding assistant with file access — Claude Code, GitHub Copilot, Cursor, Codeium. The tools that make you faster are also the tools that can silently exfiltrate your production credentials. The Three Attack Surfaces 1. File Reads AI coding assistants operate inside your project directory. They are designed to read files to understand context — your codebase, your config, your dependencies. The problem is that the same directory where your source code lives is also where your secrets live. Files that are routinely