
amber-scanner continuously monitors public GitHub repositories every two minutes, detecting and validating exposed AI API keys in real time. Built for education, designed for awareness.
Three powerful pillars working together to detect, validate, and educate about exposed API keys across the GitHub ecosystem.
Interactive visualization of the GitHub ecosystem. Hover over nodes to explore scanning activity and detection results in real time.
14,832
Repositories Scanned
2,461
Keys Detected
98.6%
Detection Rate
< 2 min
Last Scan Time
Auto-updates every 2 minutes · Last refreshed just now
Recently detected exposed API keys across public GitHub repositories. Updated every 2 minutes.
| Repository | File Path | Key Type | Detected | Status |
|---|---|---|---|---|
| acme-corp/ml-pipeline | src/config/api_keys.py | OpenAI | 12 sec ago | Active Exposure |
| devteam/chatbot-v2 | .env.production | Anthropic | 34 sec ago | Active Exposure |
| janedoe/research-assistant | config/settings.json | 1 min ago | Validating... | |
| startup-io/backend-api | deploy/docker-compose.yml | AWS | 2 min ago | Active Exposure |
| open-labs/data-toolkit | notebooks/train_model.ipynb | OpenAI | 3 min ago | Revoked |
| cloud9/payment-service | src/stripe_handler.js | Stripe | 4 min ago | Active Exposure |
| uni-project/nlp-demo | app/utils/constants.py | HuggingFace | 5 min ago | Validating... |
| techbro/saas-boilerplate | server/config.ts | Anthropic | 6 min ago | Active Exposure |
Showing 1–8 of 20 findings
Designed for learners and educators who want to understand API key security through real-world scanning and detection.
Individuals learning about secure coding practices and API key management. Explore real-world examples of exposed keys and understand how to protect your own projects.
Professionals teaching secure coding practices and cybersecurity awareness. Use amber-scanner as a live teaching tool to demonstrate real-world consequences of exposed API keys.
amber-scanner exists to educate developers and security professionals about the risks of exposed API keys. Our three-pillar approach transforms awareness into actionable knowledge.
Understand the real-world risks of exposed API keys in public repositories and why securing credentials is critical for every developer.
Experience live scanning of public GitHub repositories in real-time, observing how amber-scanner detects and validates exposed AI API keys.
Go beyond detection — learn actionable strategies to prevent API key exposure and secure your projects using industry best practices.
Strictly for educational purposes. amber-scanner is designed to raise awareness about API key security, not to facilitate unauthorized access. All detected keys are displayed responsibly, and the system is intended as a teaching tool for students, developers, and educators.
Connect your GitHub account and explore how AI API keys are inadvertently exposed across public repositories. Learn to identify, validate, and mitigate security risks through hands-on scanning.
Strictly for educational purposes. No private repositories are accessed.
Everything you need to know about amber-scanner, its purpose, and how to get started.
amber-scanner is an educational tool that scans public GitHub repositories every two minutes for exposed AI API keys from providers like OpenAI, Anthropic, and Google AI. It detects, validates, and displays findings on a live dashboard, including repository URLs, file paths, and key locations. The project exists to raise awareness about the risks of accidentally committing secrets to public repositories.
Absolutely not. amber-scanner is designed strictly for educational purposes — to help developers and educators understand the real-world consequences of exposed API keys. All detected keys are partially obfuscated on the dashboard, and the system does not attempt to use or exploit any discovered credentials. Our goal is awareness and prevention, not exploitation.
The system performs automated scans of public GitHub repositories every two minutes. Each scan cycle searches for patterns matching common AI API key formats, validates detected keys to confirm authenticity, and pushes results to the real-time dashboard. All timestamps are displayed in IST (Indian Standard Time) by default.
Navigate to the Settings page and enter your personal GitHub API token. This allows amber-scanner to perform customized scans with higher rate limits and access to your preferred repositories. Your key is encrypted and stored securely — it is never exposed or logged.
amber-scanner currently detects exposed keys from major AI service providers, including:
sk-... — OpenAI API keyssk-ant-... — Anthropic API keysAIza... — Google AI / Gemini keysEach detected key is validated against the respective provider’s endpoint to confirm whether it is active or expired.
No. amber-scanner only scans publicly accessible GitHub repositories. It operates entirely within the scope of GitHub’s public API and does not attempt to access, index, or scan private repositories, organizations, or gists. When you provide your own GitHub API key, it is used solely to increase rate limits for public repo scanning.
The primary users are:
If you discover that one of your API keys has been exposed, take these steps immediately:
amber-scanner is here to help you catch these mistakes early and learn from them.
No comments yet. Be the first!