Stop leaking secrets to AI.
Wyloc catches API keys, passwords, and credentials before you paste them into ChatGPT, Claude, or anywhere else.
Local-only. Zero telemetry. No sign-in.
Detect
Scans on submit
When you press Enter or click Send, Wyloc checks for credentials in milliseconds.
Warn
Holds the leak
If a secret is found, submission is blocked. You see exactly what was caught.
Redact
Fix in one click
Replace secrets with safe placeholders and keep editing — no broken context.
Swap
Keep working safely
Replace a secret with a realistic placeholder so the AI can still help with your code, then restore the real value when you copy the response back.
Catches every kind of secret.
80+ credential types across every major category.
- Cloud providers (AWS, Google Cloud, Azure)
- Source control & CI (GitHub, GitLab, and more)
- Payment processors (Stripe and others)
- AI & ML services (OpenAI, Anthropic, and more)
- Databases (connection strings, hosted DB tokens)
- Developer & SaaS tools (npm, Notion, Linear, Sentry, and dozens more)
- Generic secrets (JWTs, OAuth tokens, PEM private keys, .env files, high-entropy strings)
Your prompts never leave your machine.
Wyloc runs entirely in your browser. No network requests, no analytics, no telemetry, no sign-in. The detection engine scans your text in memory and immediately discards it. The only thing stored locally is a count of secret types caught — never the values, never the text.
- Zero network requests
- No account or sign-in
- Open for inspection — unminified code
- Metadata-only local storage