Token Leakage
Token leakage is an AI system exposing secrets it shouldn't — API keys, credentials, or auth tokens — in its output, logs, or traces. It happens when secrets end up in the context window or tool results and the model repeats them, or when verbose logging captures them.
Also known as: credential leakage, secret leakage
Agents touch real systems, which means real credentials flow near the model — API keys for tools, database connection strings, auth tokens. Token leakage is when those secrets escape: the model echoes a key that landed in its context, a tool’s raw response containing a credential gets surfaced to the user, or verbose tracing logs capture secrets in plaintext where they can later be read.
The risk grows with agents and observability, because both deliberately move more data through and around the model. The defenses are mostly hygiene: keep secrets out of prompts and context entirely (inject them at the tool layer, not the model layer), redact credentials from tool outputs and logs, scope tokens to least privilege so a leaked one does less damage, and rotate anything that may have been exposed. Treat everything the model can see as potentially repeatable.