I pasted my session tokens into a chat. Here's the gate I built.

I pasted my Google session cookies into a chat window today. Sixteen of them. Together they aren't a password — they're my whole account.

Here's how it happened, because the how is the whole point.

The fast path

I was a few hours into building a security playbook for TruPath Labs. The irony is not lost on me.

The playbook needed research. The research lived in NotebookLM. NotebookLM needed authentication. The clean auth path — a proper login flow — was a few steps and a browser. The fast path was: open dev tools, copy the cookie header, paste it into the chat so the agent could use it directly.

I took the fast path. Then the session expired mid-task and I took it again — a fresh set of cookies, pasted into the same transcript.

I wasn't being reckless in the way that word usually means. I wasn't tired or careless. I was being efficient. That's the part worth writing down: the failure didn't feel like a failure. It felt like getting unblocked.

The agent caught it before I did

The agent I was working with flagged it immediately. Those are full account session tokens, it said — not scoped API keys, the whole account. They're now sitting in plaintext in this transcript. And since we are, at this exact moment, building a security playbook — this is exhibit A.

It was right on every count. The tokens were in the transcript. They were the whole account. And I — the person who had just spent the morning writing about disclosure discipline — had put them there myself, twice, without a second thought.

What actually went wrong

It wasn't the paste. The paste was a symptom.

What went wrong is that nothing in my workflow was positioned to catch the paste. There was no gate between "I need to authenticate" and "I'll just paste the credential." The fast path was frictionless, and the careful path was the one with friction. When that's the layout, the fast path wins — not because you're undisciplined, but because you're moving.

Every habit that makes a small AI-driven shop fast is also a habit that can quietly bleed the things that make the shop worth anything. Paste the thing. Prompt the model. Let the agent run. Each one is a speed win and a potential leak, and the leak doesn't announce itself.

I'm not the exception

While researching the playbook, I found the company I was keeping. A 2025 security audit found that 65% of the top private AI companies — over $400 billion in combined value — had leaked API keys or access tokens on public GitHub repositories. A founder watched an AI coding agent with unscoped write access delete a production database, freeze instruction and all.

This is not a story about one careless founder. It's the default failure mode of the entire way we now work. The people leaking credentials are not the sloppy ones. They're the fast ones.

The gate

So I built the gate — it's the secrets gate in the playbook this field note ships alongside.

The mechanical parts: no hardcoded credentials, short-lived tokens injected at runtime, AI agents treated as scoped non-human identities, pre-commit hooks scanning for high-entropy strings. But the part that would have caught *me* is a plain human rule sitting on top: a session token, an API key, a private key never goes into a chat window. If a tool needs auth, it gets it through the tool's own login path. Not by paste. There is no fast-path exception, because the fast path is exactly where this happens.

The honest part

The cookie paste cost me nothing today — because it was caught, and because I rotated the session afterward. But "it was caught" is luck wearing the costume of a process. The tokens were still in the transcript either way.

A gate isn't there for the day you're sharp. It's there for the day you're three hours deep, moving fast, and the careful path has friction the fast path doesn't. That was today. It'll be today again.

Write the gate down before you need it. I just did.