LeakLatch

LeakLatch is a web app (with optional CLI) that continuously scans the places secrets actually leak: application logs, CI/CD output, support tickets, chat exports, and object storage dumps. It connects to common cloud log sources (CloudWatch, Azure Monitor, GCP Logging), plus GitHub Actions logs and popular ticketing systems, then detects credentials, tokens, private keys, and sensitive identifiers using high-precision detectors and context rules. When a leak is found, it opens a remediation workflow: notify the right owner, auto-create a ticket, suggest rotation steps, and (when allowed) trigger automated revocation/rotation via cloud provider APIs. It also provides “blast radius” hints by mapping the leaked secret to the cloud resources it can access. This is an AI + traditional app: AI helps classify ambiguous findings and reduce noise, but deterministic rules handle most detection to keep false positives manageable.