Secrets — AI / LLM Providers

OpenAI, Anthropic, Google Gemini, Hugging Face, Cohere, Mistral and other AI provider keys.

All rules in this category are kind secrets. They run under vulnetix secrets and the secrets stage of vulnetix scan.

Rule IDNameSeverityDetection
VNX-SEC-086Cohere API keyCriticalkeyword + regex + entropy
VNX-SEC-087Mistral AI API keyCriticalkeyword + regex + entropy
VNX-SEC-251OpenAI classic API key (sk-)Criticalkeyword + regex
VNX-SEC-252OpenAI legacy API key (sk- 48 char)Criticalkeyword + regex
VNX-SEC-253OpenAI organization ID (org-)Mediumkeyword + regex
VNX-SEC-254OpenAI project ID (proj_)Mediumkeyword + regex
VNX-SEC-255Azure OpenAI API keyCriticalkeyword + regex + entropy
VNX-SEC-256Replicate API token (r8_)Criticalkeyword + regex
VNX-SEC-257Together AI API keyCriticalkeyword + regex + entropy
VNX-SEC-258Groq API key (gsk_)Criticalkeyword + regex
VNX-SEC-259Perplexity API key (pplx-)Criticalkeyword + regex
VNX-SEC-260DeepSeek API key (sk-)Criticalkeyword + regex + entropy
VNX-SEC-261Stability AI API key (sk-)Criticalkeyword + regex + entropy
VNX-SEC-262ElevenLabs API keyCriticalkeyword + regex + entropy
VNX-SEC-263ElevenLabs API key (sk_ prefix)Criticalkeyword + regex
VNX-SEC-264AssemblyAI API keyCriticalkeyword + regex + entropy
VNX-SEC-265Deepgram API key (Token)Criticalkeyword + regex + entropy
VNX-SEC-266Pinecone API keyCriticalkeyword + regex + entropy
VNX-SEC-267Pinecone API key (pckey_)Criticalkeyword + regex
VNX-SEC-268Weaviate API keyHighkeyword + regex + entropy
VNX-SEC-269Qdrant API keyHighkeyword + regex + entropy
VNX-SEC-270LangSmith personal API key (lsv2_pt_)Criticalkeyword + regex
VNX-SEC-271LangSmith service API key (lsv2_sk_)Criticalkeyword + regex
VNX-SEC-272LangChain/LangSmith legacy API key (ls__)Highkeyword + regex
VNX-SEC-273Weights & Biases API keyHighkeyword + regex + entropy
VNX-SEC-274CometML API keyHighkeyword + regex + entropy
VNX-SEC-275Clarifai personal access tokenHighkeyword + regex + entropy
VNX-SEC-276Scale AI API keyHighkeyword + regex + entropy
VNX-SEC-277Anyscale API key (esecret_)Criticalkeyword + regex
VNX-SEC-278Fireworks AI API key (fw_)Criticalkeyword + regex
VNX-SEC-279OctoAI API tokenHighkeyword + regex + entropy
VNX-SEC-280Voyage AI API key (pa-)Criticalkeyword + regex
VNX-SEC-281Jina AI API key (jina_)Criticalkeyword + regex
VNX-SEC-282AI21 Labs API keyCriticalkeyword + regex + entropy
VNX-SEC-283Aleph Alpha API tokenHighkeyword + regex + entropy
VNX-SEC-284NVIDIA NGC API key (nvapi-)Criticalkeyword + regex
VNX-SEC-285Hugging Face fine-grained token (hf_oauth/api)Criticalkeyword + regex
VNX-SEC-286Modal token ID (ak-)Highkeyword + regex
VNX-SEC-287Modal token secret (as-)Criticalkeyword + regex
VNX-SEC-288Baseten API keyHighkeyword + regex + entropy
VNX-SEC-289RunPod API keyCriticalkeyword + regex
VNX-SEC-290Lambda Labs Cloud API keyCriticalkeyword + regex + entropy
VNX-SEC-291Cerebras API key (csk-)Criticalkeyword + regex
VNX-SEC-292Replicate API token (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-293Voyage AI API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-294Together AI API key (40 hex)Criticalkeyword + regex + entropy
VNX-SEC-295Fireworks AI API key (fw- dash form)Criticalkeyword + regex
VNX-SEC-296Groq API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-297Mistral API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-298Hugging Face token (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-299Anthropic API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-300Perplexity API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-301DeepSeek API key (sk- standalone)Highkeyword + regex + entropy
VNX-SEC-302Cerebras API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-303AssemblyAI API key (32 hex assignment)Criticalkeyword + regex + entropy
VNX-SEC-304Deepgram API key (Token header)Criticalkeyword + regex + entropy
VNX-SEC-305LangChain endpoint API key (assignment context)Highkeyword + regex + entropy
VNX-SEC-306Stability AI API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-307NVIDIA NGC API key (legacy hex)Criticalkeyword + regex + entropy
VNX-SEC-308ElevenLabs API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-309Qdrant API key (JWT form)Highkeyword + regex + entropy
VNX-SEC-310CometML API key (assignment context)Highkeyword + regex + entropy
VNX-SEC-311RunPod API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-312Baseten API key (assignment context)Highkeyword + regex + entropy
VNX-SEC-313Jina AI API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-314Anyscale API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-315AI21 Labs API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-316Pinecone API key (assignment context)Criticalkeyword + regex + entropy
VNX-SEC-317Weaviate API key (assignment context)Highkeyword + regex + entropy
VNX-SEC-318OctoAI token (assignment context)Highkeyword + regex + entropy
VNX-SEC-319Lambda Labs API key (lambda. prefix)Criticalkeyword + regex + entropy
VNX-SEC-320Clarifai PAT (assignment context)Highkeyword + regex + entropy

Remediation

Rotate any exposed credential immediately, remove it from source, and load it from a secrets manager or environment variable instead. Purge it from git history with git filter-repo. See CWE-798 and the OWASP Secrets Management Cheat Sheet.