Fleet snapshot

Anonymous counts across all complete scans this week. No repository names are shown.

499 repositories were scanned for AI-context hygiene.

1116 AI-context risk signals matched 20 sensitive path categories.

1% of scanned repos use a dedicated AI exclude file (2 types in use).

How to read this report

These are not confirmed leaks.

Radar uses path-level checks to detect files and folders that may become visible to AI coding tools if they are not covered by AI-specific ignore rules.

A risk signal is a file committed to the repository whose path matches a sensitive category (for example .env or *.pem). Counts are file matches at the path level — Radar never opens the files.

  • No file contents were read.
  • No secrets were collected.
  • No repository names are published without opt-in.
  • Repositories are a manually curated cohort, not a random sample — read these as directional signals, not population-level statistics.

Scanned

499
repos in this week's stats

AI-context risk signals

1116
sensitive path matches

Repos with risk signals

32%
158 of 499 repos

AI exclude-file coverage

1%
repos with a dedicated AI exclude file
Scan details
Targeted
500
Scanned
499
Scan complete
499
Skipped
0
Errors
1
Repos with risk signals
158
Generated
Jul 13, 2026, 11:58 AM UTC
Tool version
0.11.1–0.11.1
Ruleset
6f8fef790c56173d

AI-context risk signal categories

Aggregated path pattern counts — not tied to any named repository.

  • Key material (.pem, .key)Required21 repos · 578 matches
  • Environment files (.env)Required71 repos · 182 matches
  • Key FilesRequired20 repos · 73 matches
  • Credentials JsonRequired2 repos · 3 matches
  • Kubernetes configRequired1 repo · 1 match
  • Secrets JsonRequired1 repo · 1 match
  • npm credentials (.npmrc)Recommended49 repos · 83 matches
  • Apple ProvisioningRecommended1 repo · 26 matches
  • Android KeystoreRecommended6 repos · 14 matches
  • Pkcs12 P12Recommended4 repos · 12 matches
  • Yarn ConfigRecommended11 repos · 12 matches
  • Pkcs12 PfxRecommended2 repos · 11 matches
  • Terraform VarsRecommended5 repos · 8 matches
  • Pgp KeysRecommended3 repos · 3 matches
  • GCP credential filesRecommended1 repo · 1 match
  • Ssh FilesRecommended1 repo · 1 match
  • Log FilesInfo13 repos · 86 matches
  • Backup FilesInfo9 repos · 16 matches
  • Local DatabasesInfo1 repo · 3 matches
  • Db DumpsInfo2 repos · 2 matches

AI exclude files

1% of repos use a dedicated AI exclude file

These actually keep matching files out of AI context — and they are still rare.

Show 8 more exclude file types (2 in use overall)

AI context files

25% of repos ship an AI context file

Files like AGENTS.md and CLAUDE.md give AI tools project instructions — theyadd context, they do not exclude anything. They are not a substitute for an exclude file.

Fix the top risks

Patterns covering this week's most widespread categories (Environment files (.env), npm credentials (.npmrc), Certificates and PEM keys (.pem), Private keys (.key)). Add them to a dedicated AI exclude file (for example .cursorignore or.claudeignore) — and to .gitignore so the files are never committed.

AI exclude rules
.env
.env.*
!.env.example
.npmrc
*.pem
*.key
certs/
secrets/

Per-category guidance lives in the risk pattern guides.

Compared with previous report

MetricRadar #3Radar #4
Repositories scanned500499
AI exclude-file coverage0%1%
Repos with risk signals36%32%
AI-context risk signals (absolute)8241116
Risk signals per scanned repo1.62.2
Top categoryKey material (.pem, .key)Key material (.pem, .key)

Named participants

Per-repository reports for maintainers who opted in. Fleet counts above stay anonymous; each card below is that repo's own scan.

No named listings this week. Maintainers can opt in via radar registry.

View all-time participants →

Check your own project

158 of 499 repos this week exposed sensitive paths to AI tools. Check yours in seconds:

Run the same local check with Offsend CLI:

brew install --cask offsend/tap/offsend-cli
offsend show
offsend prepare --dry-run

Everything runs locally. No file contents are uploaded.