Back
Articles by

Elliot W.

Staff AI Security Researcher

Ex-pentester and AppSec engineer with a focus on anything web security. When not hacking, Elliot loves to skateboard and snowboard.

3
min read
Research

​​Your AI Coding Assistant Just Shipped Your API Keys

A hidden Claude Code settings file is quietly shipping API keys and credentials inside npm packages—and most developers don’t realize it.
Elliot W.
April 22, 2026
Activate
untouchable mode.
Get started for free.

Lakera Guard protects your LLM applications from cybersecurity risks with a single line of code. Get started in minutes. Become stronger every day.

Book a demoStart for free
Join our Slack Community.

Several people are typing about AI/ML security. 
Come join us and 1000+ others in a chat that’s thoroughly SFW.

Slack Logo
Join Lakera Momentum Slack