AI coding agents are leaking secrets (API keys, tokens) into logs, chat history, and files.
Attackers are already harvesting them.

The fix: don’t give agents raw keys.
→ Issue ephemeral session tokens + script snippets
→ Secret loads only into memory, then wiped
→ Agent works, but never “sees” the key

Blog: https://delinea.com/blog/keep-api-keys-out-of-chat

Code: https://github.com/DelineaXPM/delinea-mcp

If your team uses AI agents, your secrets are already a target.