You pasted a failing curl into Copilot chat to ask why it returns 401. The paste included the Authorization: Bearer eyJhb... header. Your token is now in the Copilot request log, and — depending on your org's settings — in a model provider's cache too. You didn't "leak" it in the old sense. No commit, no push, no public repo. But it left your machine. This is the new leak vector. It's faster than
Your AI Coding Assistant Is Watching Your Clipboard: A 2026 Secret Hygiene Playbook
AlokT·Dev.to··1 min read
D
Continue reading on Dev.to
This article was sourced from Dev.to's RSS feed. Visit the original for the complete story.