This is the cleanest trust break
Ownership is weak enough that several surrounding rows become harder to trust confidently.
That is the whole reason this key is high-signal.
QS
API Keys Detail Story
The unknown key should read like a trust break: unclear ownership, shared reach, and immediate containment value.
Operator Brief
This key reframes several stories
The unknown key matters because it links together sessions, file activity, and provider traffic that would otherwise read as ordinary.
Question This View Answers
Why should this key be one of the first pages an operator opens?
Linked sessions
6
Past-week context around the key
Flagged sessions now
1
One lane is active enough to matter
Spend attached
$4.92
Not trivial in the recent window
Allowlist status
unknown
That is the main story
c6 Detail Reference
Unknown API key
This key is not in the org allowlist and active use has already triggered an alert.
Key Prefix
sk-ant-...C001
display-safe prefix only
Organization
unknown
Rate Limit (req)
500 / min
Rate Limit (tokens)
50K / min
First Seen
today
Last Seen
22 min ago
Sessions Using This Key
c6 makes the current user, agent, and endpoint relationship explicit.
| User | Agent | Endpoint | Cost | Status |
|---|---|---|---|---|
| unknown | Claude Code v1.2.0 | 10.0.1.44 | $0.61 | active |
| sandbox-evals | Claude Code v1.2.0 | 10.0.1.17 | $2.37 | flagged |
Key Findings
The key widens consequence above the session row
Because it is reused, the credential story travels across hosts, repos, and provider calls.
That is why the blast radius is high.
Containment is unusually actionable
A credential lane is one of the few inventory stories where the immediate control is obvious.
That makes the page operationally valuable.
Immediate Actions
Resolve ownership fast
Match the key to an approved owner or treat the gap as a live containment problem.
Scope the recent sessions
Use the attached session stories to understand what context the key actually unlocked.
Prepare a containment path
Suspension or rotation should be ready if the ownership gap cannot be closed quickly.
Representative Relationship Map
Credential trust map
The unknown key should be shown as a trust break that widens several adjacent stories.
Use the map to connect the key to sessions, hosts, files, and outbound traffic in one operator view.
Identity, adjacency, activity, and posture around one representative item.
Trust anchors
What is missing?
allowlist matchmissing
org hintspartial context
Attached work
Where is it used?
1 active sessionflagged now
5 recent sessionsadjacent context
credential
sk-ant-...C001
Unknown owner with active usage and shared scope.
trust break
Company context
Why does it matter?
auth repo pathsensitive work
.env + configcredential-adjacent files
Boundary paths
What does it unlock?
api.anthropic.comprovider traffic
secondary hostsupporting path
trust level
low
linked sessions
6
containment value
high
next drill
session + file story
Evidence Bundles
Ownership bundle
Masked prefix visible, allowlist match missing, organization hints partial.
Correlation is possible even without full trust.
Usage bundle
Active use in one high-signal session and several adjacent recent sessions.
The key is not dormant or merely historical.
Context bundle
The attached work touches auth-related files and shared agent lanes.
That is why the key story matters beyond billing.
Boundary bundle
Provider traffic and a supporting external path both sit on this credential lane.
The key is central to the outbound explanation.
Raw Evidence Paths
Return To API Keys Listing
Step back to the entity-wide meaning page and compare this item to the rest of the class.
Open meaning listOpen Raw API Keys Detail
Drill into the original ledger once the meaning layer has narrowed the question.
Open raw detailOpen Raw API Keys List
Compare this representative item against the full list for distribution and frequency.
Open raw list