Security · Data Protection
5 credential & secret path opens — across 3 agents, already in context
5 credential / secret path opens across 3 agents — every row is a secret already pulled into model context. Worst exposure: Claude Code (2 high paths). 2 agents are write-heavy — data being produced and moved, not just read in.
This is the blast radius if any of these agents is compromised — a credential it already touched. Content inspection (what is inside prompts) is the next step.
Credential / secret opens
5across the fleet
Agents touching secrets
with high-severity paths
Write-heavy agents
4.8 MB streamed · 691 writes
Highest exposure
Claude Code2 high paths
Credential & secret paths — and the agents reaching them
ranked by severity · opensThe blast radius if any of these agents is compromised: a secret it already pulled into context. Each row links to the agent that touched it.
Severity | Agent | Secret path | Opens | Last seen |
|---|---|---|---|---|
| high | Claude Codemark@qpoint.io | ./.env | 3 | 06-03 14:02 |
| high | support-copilotsvc-support@qpoint.io | /var/secrets/zendesk.token | 2 | 06-03 13:55 |
| high | Claude Codemark@qpoint.io | ~/.aws/credentials | 1 | 06-03 14:02 |
| high | marketing-gptroot | /srv/marketing-gpt/.env | 1 | 06-03 12:10 |
| medium | Codex CLIdev-7f3@duck.com | ./config/secrets.yaml | 1 | 06-02 19:30 |
High-severity exposure by agent
derived · Σ high-severity path opens per agentFrom each agent's sensitive_files: how many high-severity secret / credential paths it reached. The asymmetry tag reads data_access — when writes are large relative to reads, data is being produced and moved, not just read in.
Agent | Owner | High paths | High opens | Read / write |
|---|---|---|---|---|
| Claude Code | mark@qpoint.io | 2 | 4 | |
| support-copilot | svc-support@qpoint.io | 1 | 2 | |
| marketing-gpt | root | 1 | 1 | |
| Cursor | jane@qpoint.io | 0 | 0 | data leaving |
| Codex CLI | dev-7f3@duck.com | 0 | 0 | data leaving |
reads writes — write-heavy agents move data outward. Reads always exceed writes in this fleet; the ratio surfaces the genuine movers.
Sensitive access by category
9 opensColored by worst severity — secret_file and cloud_credentials are the high-severity surface this seat cares about.
Sensitive access by user
owner attributionEach open is attributed to the identity behind the agent. The proxy-only row is unattributable telemetry — exposure with no human owner to lock down.
Top sensitive paths
5 of 6 touched · ranked by severityThe exact files agents opened. High-severity rows are credential and secret stores already pulled into context.
Severity | Path | Category | Opens | Last seen |
|---|---|---|---|---|
| high | ./.env | Secret files | 3 | 06-03 14:00 |
| high | /var/secrets/zendesk.token | Secret files | 2 | 06-03 13:50 |
| high | ~/.aws/credentials | Cloud credentials | 1 | 06-03 13:40 |
| medium | ./config/secrets.yaml | Secret files | 1 | 06-02 19:20 |
| low | ~/.zsh_history | Shell history | 2 | 06-03 12:05 |
Movement signal — which paths were opened and how many times. This is data touched, not data read for content. The next column (what was inside) is the preview below.
Prompt & response content inspection
preview · not builtToday's signal is data movement — which sensitive paths were opened and how much was written or streamed. It does not yet read what is inside an agent's prompts and responses. Content scanning ships with the DLP engine; the cards below are placeholders, not live numbers.
Secrets in prompts
API keys / tokens pasted into agent context
PII in content
names, emails, customer records in prompts or responses
Source code
proprietary code leaving in prompts or responses
We are deliberately not faking these numbers. When content inspection ships, this surface will scan prompt and response bodies for the categories above and attribute hits back to the same owners shown in this view.
Do next
Lock down the highest-exposure agent and triage the credential opens in Findings. Content inspection is the roadmap step that reads what is inside.
Sourced from app/data/c16-fleet.ts — agents[].sensitive_files · agents[].data_access · dlp.by_category · dlp.by_owner · dlp.top_paths · dlp.volume. Derived: credRows · exposureByAgent (Σ high-severity opens) · read/write asymmetry. Content inspection is an explicit preview (no fields exist for it yet).