Sonomos for engineering & security teams

A quickstart for software engineers, SREs, security engineers, devops / platform engineers, and anyone using AI coding assistants who wants to use those tools daily without leaking customer data, credentials, or production secrets.

If you read one thing

Install Canary into Claude Code — two slash commands, no account, open source. Add the Sonomos browser extension for web AI chat. Watch for Sonomos Desktop for system-wide coverage of Cursor, Windsurf, Copilot Chat, Claude Desktop, ChatGPT Desktop, and local LLMs — none of which a browser extension can see.

Who this is for

You’re on an engineering, SRE, security, or platform team and you use AI tools for:

• Debugging with Claude / ChatGPT / Gemini (in the browser)
• Coding with Claude Code, Cursor, Windsurf, Copilot Chat, JetBrains AI, Continue
• Reviewing PRs with AI assistants
• Analyzing logs, stack traces, and incident timelines with AI
• Writing runbooks, postmortems, and architecture docs
• Refactoring legacy code where the codebase contains hard-coded secrets
• Investigating security incidents
• Building internal tools that themselves use AI

Each workflow has its own leak channel. Engineering teams are typically the biggest single source of accidental PII disclosure inside a company because they handle production data, customer support tickets, and credentials as part of their day-to-day.

What leaks

In engineering workflows the leaks are usually one of these:

• Hard-coded credentials — AWS access keys, OAuth tokens, JWTs, database connection strings, API secrets pasted into AI for debugging
• Customer data in logs and stack traces — names, emails, IPs, IDs that show up incidentally when a developer pastes a log into AI to ask “why is this failing?”
• Customer support tickets — pasted into AI for triage or response drafting, including the customer’s full profile
• Production SQL dumps and test data — staff sometimes copy a “small sample” that turns out to include real customer SSNs
• Crypto wallet keys and seed phrases — for fintech, web3, and any team building wallet integrations
• Internal infrastructure details — hostnames, IPs, IAM policies that could aid an attacker

Canary’s regex set is built specifically for this surface: 16 patterns with checksum validation including AWS access keys, AWS secret keys, Bitcoin addresses (Base58Check), Ethereum addresses (EIP-55), URLs with embedded credentials, IBANs (MOD-97), credit cards (Luhn), and SSNs.

Recommended product stack

Channel	What to install
Claude Code (terminal)	Canary — strongly recommended
Web AI chat (Claude.ai, Gemini, Grok, ChatGPT)	Browser extension
Web-based internal tools, Looker, Datadog, Sentry, etc.	Browser extension
Cursor, Windsurf, Copilot Chat, JetBrains AI, Continue	Coming: Sonomos Desktop
Claude Desktop, ChatGPT Desktop, Copilot	Coming: Sonomos Desktop
Local LLMs (Ollama, LM Studio, llama.cpp)	Coming: Sonomos Desktop

Setup checklist

1. Install Canary in Claude Code if you (or anyone on the team) uses Claude Code. Two commands inside a session:

   /plugin marketplace add sonomos-ai/Canary-Plugin
   /plugin install canary@sonomos

   See Install Canary.

2. Wire up the statusline. A small persistent counter in your Claude Code status line keeps PII exposure visible. See Optional persistent statusline.

3. Run /canary:scan once after install to seed the counter from your current Claude Code session history.

4. Install the Sonomos browser extension on every browser used for web AI chat or any internal web tool. See Install.

5. Enable Cloak on Claude.ai, Gemini, and Grok in the browser. Set Send Guard to “Banner + Modal” for ChatGPT and other uncovered sites.

6. For platform / security teams, the Teams plan with admin policy pinning is the right choice — it lets you set a minimum protection floor across an engineering org.

7. Join the Sonomos Desktop beta list at info@sonomos.ai if your team uses IDE assistants or native AI apps. Engineering workflows are the highest-priority gap the desktop release closes.

Workflows, step by step

Debugging with Claude / ChatGPT in the browser

1. You hit a confusing error. You copy the stack trace into Claude.ai.
2. The stack trace happens to include a customer’s email and an internal hostname.
3. Cloak masks the email; the hostname is logged by Send Guard if the site isn’t fully Cloak-supported.
4. Claude returns a useful answer referencing placeholders.
5. You apply the fix in your local repo, not by pasting Claude’s answer verbatim if it contains masked placeholders.

Coding in Claude Code with Canary

1. You ask Claude Code to refactor a script. The script has an AWS access key hard-coded for testing.
2. Canary’s regex stage immediately flags the AWS access key with checksum validation.
3. The semantic stage (async) flags any unstructured PII in the surrounding context.
4. The detection lands in ~/.sonomos/leaks.jsonl and bumps your statusline counter.
5. You now know to rotate that AWS key and remove it from the script.

Log and stack-trace analysis

The single biggest engineering risk surface:

1. You paste 50 lines of production log to ask “why is this error happening?”
2. The log includes user emails, request IPs, and request IDs.
3. Cloak masks them on supported web AI. Canary counts them in Claude Code.
4. Either way, the model returns an analysis using placeholders, and you didn’t blast 50 customer records into a vendor’s training pipeline.

Customer support ticket triage

For engineers who handle escalated support:

1. Pasting a support ticket into AI for analysis usually means pasting the customer’s name, email, and account details.
2. Cloak masks these on supported AI; Send Guard’s modal blocks high-severity items elsewhere.
3. Practical rule: extract the technical question from the ticket and paste only that. The AI doesn’t need the customer’s name to suggest a fix.

PR review with AI

1. PR review with AI is increasingly common via Copilot Chat, Cursor, or Claude.ai with a pasted diff.
2. Diffs that include test fixtures, config files, or seed data can include real customer data, credentials, or PII.
3. Browser-pasted diffs are covered by Cloak. Diffs reviewed inside an IDE (Cursor, Windsurf, Copilot Chat) are not yet covered — that’s Sonomos Desktop territory.

Incident response

1. Pasting the incident timeline, affected user IDs, and impact estimates into AI to draft the postmortem is a common pattern.
2. Cloak masks the IDs on supported web AI.
3. Strongly consider not pasting affected user counts and IDs into a public AI service even with masking. Write the postmortem in your wiki and let AI polish the prose without identifiers.

Special considerations

Working with production data

The strongest hygiene is to never have production data on a developer machine in the first place. Where that’s not possible:

• Canary’s monotonic counter (“the number only goes up”) is intentionally uncomfortable. It’s designed to give you a slightly anxiety-inducing read on your real exposure.
• Use the /canary:leaked weekly review to spot patterns — categories of leaks that suggest a process change (e.g. “stop pasting log lines verbatim; ask for the failure mode instead”).

Credentials, tokens, and keys

These are Canary’s strongest detectors:

• AWS access keys and secret keys — both shape and the structural relationship between them.
• OAuth tokens, JWTs, API secrets — caught by the semantic stage even when format varies.
• URLs with embedded credentials — https://user:password@host/... — caught by regex.
• Crypto seed phrases and private keys — caught by the semantic stage.

If Canary flags an actual credential, rotate it immediately — assume it’s compromised the moment it left your machine.

Building AI features into your own product

For teams building AI-powered features on top of Anthropic, OpenAI, or other providers:

• Use Canary as a CI signal. Run canary-stats --json in a job to flag if developer prompts to test environments are including PII. (Formal CI integration is on the Canary roadmap.)
• Treat your own AI-feature inputs as a regulated channel. Whatever PII you accept from users into your AI feature has all the same compliance pressure as any other PII flow.
• Local-only Canary is open-source, MIT-licensed, and small enough to audit. See github.com/sonomos-ai/Canary.

Mobile and shared infrastructure

• Mobile development environments (Xcode, Android Studio AI) — outside the extension’s reach. Sonomos Desktop will cover the desktop IDE companion; the mobile target itself runs simulators where the AI assistant lives on the host.
• Remote-pair tooling (Tuple, Pop) — screen-shared sessions where an AI prompt is visible to the pairing party. Sonomos doesn’t change the trust model with the human collaborator.

Pitfalls to avoid

• IDE assistants — Cursor, Windsurf, Copilot Chat, JetBrains AI, Continue. These are the biggest gap. The browser extension can’t see them, and Canary only sees Claude Code. Sonomos Desktop’s primary engineering use case is closing this gap.
• Native AI desktop apps — Claude Desktop, ChatGPT Desktop. Same gap.
• Local LLMs — Ollama, LM Studio, llama.cpp. “Local” feels safer but prompts and outputs persist in logs and disk cache; Sonomos Desktop will scrub PII before it lands there.
• Pre-commit hooks that run AI on diffs — anything that pipes git output through a model. Outside the extension’s reach.
• Test fixtures that contain real customer data. Don’t. Generate synthetic data. Sonomos catches the symptom; the root cause is in the fixture.
• .env files committed by mistake. Canary’s URL-with-credentials detector catches some of this, but treat secret-scanning (TruffleHog, GitLeaks) as the primary defense and Canary as the AI-context safety net.

Documenting the control

For security and platform teams that need to show due diligence to their CISO or auditor:

• Canary’s findings file (~/.sonomos/leaks.jsonl) gives a defensible “we measured our AI exposure” artifact. Export with canary-stats --json or canary-stats --csv.
• Browser extension compliance reports document the AI-tool channel control for web AI on Pro / Teams.
• Open-source review — Canary is MIT-licensed and small. Security review fits inside a half-day.

Related guides

Install Canary Two slash commands inside Claude Code; no account required.

How Canary works The regex-with-checksums + async semantic detection pipeline.

Sonomos Desktop preview What's coming for IDE assistants, native AI clients, and local LLMs.

Using Sonomos with AI platforms Coverage notes for every AI tool an engineering team typically uses.