KeyDrift

You committed a Google API key to a public repo two years ago thinking it was harmless. This week, that key gained access to Gemini AI — and attackers already found it. Every time a provider silently expands what your keys can do, your blast radius grows. You have no idea which keys are safe anymore.

Continuous monitoring of what your API keys can actually do. KeyDrift tracks permission changes across Google, AWS, Stripe, and 40+ providers. When a previously-harmless key gains new dangerous capabilities, you get alerted before attackers exploit it. Think 'have I been pwned' for API key scope drift.