frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Sieve – scans Cursor/Claude chat history for leaked API keys

https://apps.apple.com/us/app/sieve-secret-scanner/id6767409365?mt=12
9•helpful_human•2h ago
Background: I was using Cursor to set up an OpenAI integration.The agent read my .env file, added the key to the config, and everything worked. What I didn't think about: that key was now sitting in a plaintext SQLite database at ~/Library/ApplicationSupport/Cursor/User/workspaceStorage/..

AI coding tools (Cursor, Claude Code, Copilot, Cline) routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript/state files — unencrypted, outside .gitignore, persisted indefinitely.

Standard secret scanners (gitleaks, detect-secrets) scan git repos. Nobody scans AI transcript stores. That's the gap.

Sieve scans those files locally on your Mac. Flags exposed keys by severity. Redacts them in-place. Stores fingerprints in Keychain — never plaintext. Covers Cursor, Claude Code, Claude Desktop, Copilot, Cline, Roo Cline, Windsurf, Gemini CLI, and .env files.

Happy to answer questions about how the SQLite parsing works or the detection rules.

Comments

epistasis•19m ago
Great timing, I was just getting frustrated about this today. I've got a pyinfra secrets.py and another project with an .env for logins for grabbing and moving data. I use LLMs on both of them extensively (having an LLM setup all my proxmox VMs and LXC containers and configure them without doing that yak shaving has been amazing.)

It would be nice to use something like SOPS[1] + age right from the start, so I don't feel like I need to go rotate all those keys.

It's one thing to have it stored locally on your own box, and another to have it off in the training data of a hugely-overvalued gigantic corporation that's going to do anything it can to survive in the coming years.

[1] https://github.com/getsops/sops

The last six months in LLMs in five minutes

https://simonwillison.net/2026/May/19/5-minute-llms/
151•yakkomajuri•4h ago•80 comments

Click (2016)

https://clickclickclick.click/
250•andrewzeno•6h ago•60 comments

Anyone on the Internet Can Ring Your Doorbell

https://www.abgeo.dev/blog/anyone-can-ring-your-doorbell
55•jrdres•2d ago•18 comments

PyTorch Landscape

https://pytorch.landscape2.io
11•salamo•1h ago•0 comments

Codex-Maxxing

https://jxnl.co/writing/2026/05/10/codex-maxxing/
16•dnw•1h ago•3 comments

Regex Chess: A 2-ply minimax chess engine in 84,688 regular expressions

https://nicholas.carlini.com/writing/2025/regex-chess.html
76•surprisetalk•4d ago•12 comments

Anthropic acquires Stainless

https://www.anthropic.com/news/anthropic-acquires-stainless
408•tomeraberbach•12h ago•281 comments

War game exposed U.S. vulnerability to low-tech warfare

https://nsarchive.gwu.edu/news/2024-11-01/rigged-war-game-exposed-us-vulnerability-low-tech-warfare
36•KnuthIsGod•3h ago•33 comments

Cursor Introduces Composer 2.5

https://cursor.com/blog/composer-2-5
88•asar•12h ago•47 comments

Turn your Android phone into a ham radio transceiver

https://www.kv4p.com/
17•krupan•2d ago•0 comments

Pope Leo XIV’s first encyclical Magnifica humanitas to be published May 25

https://www.vaticannews.va/en/pope/news/2026-05/pope-leo-xiv-first-encyclical-magnifica-humanitas...
169•cucho•6h ago•100 comments

Peter Salus has died

https://www.tuhs.org/pipermail/tuhs/2026-May/033750.html
98•speckx•2h ago•8 comments

1024000^2 Blocks, 2B2T Minecraft Server World Download Project, and Discoveries

https://github.com/2b2tplace/1m_release
124•exploraz•15h ago•77 comments

We stopped AI bot spam in our GitHub repo using Git's –author flag

https://archestra.ai/blog/only-responsible-ai
451•ildari•14h ago•202 comments

Show HN: Files.md – Open-source alternative to Obsidian

https://github.com/zakirullin/files.md
601•zakirullin•16h ago•294 comments

The quiet renovation at Bitwarden

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden
600•DaSHacka•2d ago•268 comments

Hyperpolyglot Lisp: Common Lisp, Racket, Clojure, Emacs Lisp

https://hyperpolyglot.org/lisp
148•veqq•10h ago•34 comments

We let AIs run radio stations

https://andonlabs.com/blog/andon-fm
218•lukaspetersson•11h ago•179 comments

Show HN: Number Gacha, a gacha game distilled to its essence

https://isabisabel.com/gacha/
106•babel16•5d ago•42 comments

When can the C++ compiler devirtualize a call?

https://quuxplusone.github.io/blog/2021/02/15/devirtualization/
42•lionkor•1d ago•9 comments

Project Glasswing: what Mythos showed us

https://blog.cloudflare.com/cyber-frontier-models/
309•Fysi•16h ago•121 comments

Peter Neumann has died

https://www.tuhs.org/pipermail/tuhs/2026-May/033748.html
8•pabs3•2h ago•1 comments

Earth's Radio Bubble: Every signal we've ever sent into space

https://www.thescientificdrop.com/2026/05/earths-radio-bubble-every-signal-weve.html
59•jonbaer•21h ago•30 comments

Elon Musk has lost his lawsuit against Sam Altman and OpenAI

https://techcrunch.com/2026/05/18/elon-musk-has-lost-his-lawsuit-against-sam-altman-and-openai/
886•nycdatasci•12h ago•444 comments

Two computers, one monitor, zero fiddling (2025)

https://alexplescan.com/posts/2025/08/16/kvm/
191•ankitg12•3d ago•110 comments

Show HN: Hsrs – Type-Safe Haskell Bindings Generator for Rust

https://github.com/harmont-dev/hsrs
4•suis_siva•1h ago•0 comments

Why is it called Kent House?

https://diamondgeezer.blogspot.com/2026/05/kent-house.html
9•susam•2d ago•1 comments

Agora-1: The Multi-Agent World Model

https://odyssey.ml/introducing-agora-1
95•olivercameron•10h ago•18 comments

Alignment pretraining: AI discourse creates self-fulfilling (mis)alignment

https://arxiv.org/abs/2601.10160
42•anigbrowl•8h ago•17 comments

LLMCap – A proxy that hard-stops LLM API calls when you hit a dollar cap

https://www.llmcap.io/
4•cfaruk•1h ago•0 comments