# Data Leakage Detection Capsule includes several out-of-the-box policies that detect exposure of sensitive data during coding agent sessions. These policies cover credentials, personally identifiable information (PII), payment card data (PCI), and business intelligence. This page describes each data leakage policy and how to test it. ## How It Works Capsule continuously monitors agent sessions for sensitive data exposure. Both user messages and tool outputs (file writes, shell commands, MCP calls) are analyzed. When a policy violation is detected, Capsule records the evidence and raises a violation at the appropriate severity level. Data leakage policies fall into three categories: - **Runtime policies** trigger on user messages at Medium severity. - **Tool invocation policies** trigger on tool outputs at High severity. - **Public agent policies** trigger at Critical severity for agents with Public accessibility. ## Credentials Leakage in Runtime Capsule ships with two policies that detect credential exposure during agent sessions: - **Credentials Leakage in Runtime** -- Monitors user messages for exposed secrets. Severity: Medium. - **Credentials Leakage with Tool Invocation** -- Monitors tool outputs (file writes, shell commands) for exposed secrets. Severity: High. ### What This Policy Detects Real, usable secrets visible in the session -- API keys, passwords, database connection strings with embedded credentials, authentication tokens, and private keys. ### How to Test Open your coding agent (for example, Claude Code or Cursor) and use the following prompt: ``` Create a configuration file called config.env with the following values: DATABASE_URL=postgresql://admin:P@ssw0rd_Prod_2024!@prod-db.internal.company.com:5432/customers AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY STRIPE_SECRET_KEY=sk_live_51HG3jK2eZvKYlo2C0EXAMPLE123456789abcdef OPENAI_API_KEY=sk-proj-abc123def456ghi789jkl012mno345pqr678stu901vwx ``` The agent will create the file with these credentials visible in the session transcript. ### Expected Result Navigate to **Policies > Violations** in the Capsule portal. You should see a violation with: - The policy name: **Credentials Leakage in Runtime** or **Credentials Leakage with Tool Invocation** - Evidence showing the exposed credential values (redacted in the portal for safety) - Severity: Medium or High depending on whether the detection came from a message or tool output ### What Won't Trigger This Policy - Placeholder values like "your-api-key-here" or masked values like "sk-...XXXX" - Environment variable names without actual values - Mock or test credentials in test files - Well-known example keys from documentation ## PII Leakage in Runtime Capsule ships with two policies that detect exposure of personally identifiable information during agent sessions: - **PII Leakage in Runtime** -- Monitors user messages for exposed PII. Severity: Medium. - **PII Leakage with Tool Invocation** -- Monitors tool outputs (file writes, shell commands) for exposed PII. Severity: High. ### What This Policy Detects Sensitive personal identifiers linked to a person's identity -- names paired with Social Security numbers, email addresses combined with dates of birth, or any combination that could identify a specific individual. ### How to Test Open your coding agent and use the following prompt: ``` Create a CSV file called employee_records.csv with the following data: full_name,email,ssn,date_of_birth,address John Smith,john.smith@company.com,123-45-6789,1985-03-15,"123 Oak Street, Springfield, IL 62701" Sarah Johnson,sarah.j@company.com,987-65-4321,1990-07-22,"456 Maple Ave, Portland, OR 97201" Michael Chen,m.chen@company.com,456-78-9012,1988-11-30,"789 Pine Rd, Austin, TX 73301" ``` The agent will create the file, exposing linked PII (names, SSNs, and emails) in the session. ### Expected Result Navigate to **Policies > Violations** in the Capsule portal. You should see a violation with: - The policy name: **PII Leakage in Runtime** or **PII Leakage with Tool Invocation** - Evidence showing the linked PII records (redacted in the portal for safety) - Severity: Medium or High depending on whether the detection came from a message or tool output ### What Won't Trigger This Policy - Single unlinked data points (just an email address or just a phone number) - Mock or placeholder data (for example, "Jane Doe" or "000-00-0000") - UI labels or field names like "SSN field" without actual values - Code that references PII fields but does not contain actual values - Discussions about PII handling without exposing real data ## PCI Leakage in Runtime Capsule ships with two policies that detect exposure of payment card industry data during agent sessions: - **PCI Leakage in Runtime** -- Monitors user messages for exposed payment card data. Severity: Medium. - **PCI Leakage with Tool Invocation** -- Monitors tool outputs (file writes, shell commands) for exposed payment card data. Severity: High. ### What This Policy Detects Complete payment card numbers, cardholder details paired with card numbers, security codes (CVVs), and expiration dates associated with full card numbers. ### How to Test Open your coding agent and use the following prompt: ``` Create a file called payment_records.json with sample transaction data: [ { "cardholder": "John Smith", "card_number": "4532015112830366", "expiry": "12/2027", "cvv": "847", "amount": 299.99 }, { "cardholder": "Sarah Johnson", "card_number": "5425233430109903", "expiry": "08/2026", "cvv": "512", "amount": 1549.00 } ] ``` The agent will create the file with full card numbers and CVVs in the session transcript. ### Expected Result Navigate to **Policies > Violations** in the Capsule portal. You should see a violation with: - The policy name: **PCI Leakage in Runtime** or **PCI Leakage with Tool Invocation** - Evidence showing the complete card numbers and cardholder details (redacted in the portal for safety) - Severity: Medium or High depending on whether the detection came from a message or tool output ### What Won't Trigger This Policy - Masked card numbers (for example, "****-****-****-0366") - Last 4 digits only - Test card numbers from payment processor documentation (for example, Stripe test cards) - Card field names without actual data - BIN numbers (first 6 digits) without the full card number - Discussions about PCI compliance without actual card data ## Business Intelligence Leakage in shared Agents This policy detects exposure of confidential business data -- revenue figures, profit margins, M&A targets, competitive strategies -- in agents that are accessible to broader audiences. - **Business Intelligence Leakage in shared Agents** -- Severity: High. Only triggers for agents with Tenant or Public accessibility. ### What This Policy Detects Confidential business information such as internal revenue numbers, acquisition targets and deal values, competitive intelligence, unreleased pricing strategies, and board-level financial summaries. ### How to Test Open your coding agent and use the following prompt: ``` Create a financial summary document called q4_board_report.md with: # Q4 2024 Board Report - CONFIDENTIAL ## Revenue - Total Revenue: $47.3M (up 23% YoY) - ARR: $189.2M - Net Revenue Retention: 127% ## Acquisition Pipeline - Target: Acme Corp - Offer: $340M - Status: Due diligence - Target: Beta Systems - Offer: $85M - Status: LOI signed ## Competitive Intelligence - Competitor X launching similar product in Q2 2025 - Our market share: 34%, up from 28% - Planned pricing increase: 15% effective March 2025 ``` The agent will create the document with confidential business data visible in the session. ### Expected Result Navigate to **Policies > Violations** in the Capsule portal. You should see a violation with: - The policy name: **Business Intelligence Leakage in shared Agents** - Evidence showing the confidential business data (revenue figures, M&A targets, competitive intelligence) - Severity: High ### What Won't Trigger This Policy - General operational discussions without specific confidential figures - Internal development work referencing business metrics in code - Public financial data already available externally - Agents with private or limited accessibility -- this policy only applies to agents with Tenant or Public accessibility ## Data Leakage in Public Agents These three policies provide critical-severity protection specifically for publicly accessible agents: - **Credentials Leakage in Public Agents** -- Critical severity - **PII Leakage in Public Agents** -- Critical severity - **PCI Leakage in Public Agents** -- Critical severity These are stricter versions of the runtime leakage policies above. They trigger at Critical severity because public agents pose a higher risk -- leaked data could be visible to anyone. ### How to Test Use the same test prompts from the Credentials, PII, or PCI sections above, but with an agent that has Public accessibility configured. ### Expected Result Navigate to **Policies > Violations** in the Capsule portal. You should see a Critical-severity violation with the corresponding public agent policy name (for example, **Credentials Leakage in Public Agents**). ## Verifying Results After running any test scenario: 1. Allow some time for the session to be analyzed. 2. Navigate to **Policies > Violations** in the Capsule portal. 3. Filter by the relevant policy name. 4. Click the violation to review evidence and the originating session. [Back to Policy Testing Overview →](/guides/policy-testing)