Redact sensitive content in every Copilot completion and chat - VS Code, JetBrains, Neovim, and the Copilot Chat sidebar. In-flight redaction, no workflow change.
14-day free trial, no credit card.
// Generate a test for this user creation with AWS_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY[REDACTED_CREDENTIALS_1] and admin email arjun.mehta@devops-corp.io[REDACTED_PERSONAL_INFO_1]
The four exfiltration patterns we see most often when teams adopt GitHub Copilot.
Copilot sends nearby file content as context for completions. If you have `.env`, a credentials test fixture, or a customer-data seed file open in another tab, that content can be uploaded to suggest a completion.
Right-clicking a block and asking Copilot to explain it sends the full selection. That selection often includes hard-coded credentials, internal URLs, or customer identifiers from test data.
When you start typing values in a `.env`, Copilot's suggestions can leak previously-seen secrets from your private workspace - a known regurgitation risk.
"Generate a test for this" prompts often include the real data you handed Copilot moments earlier, putting it in version control through a generated fixture.
The user types whatever they want. NexusNest redacts the sensitive spans in-flight, so the prompt that reaches GitHub / Microsoft has placeholders in place of the secrets.
// Generate a test for this user creation with AWS_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY and admin email arjun.mehta@devops-corp.io
// Generate a test for this user creation with [REDACTED_CREDENTIALS_1] and admin email [REDACTED_PERSONAL_INFO_1]
Download the .pkg / .exe and double-click. The agent installs a local trusted CA and the system proxy - no IT ticket required for GitHub Copilot traffic to flow through it.
Use GitHub Copilot exactly the way you do today - browser, desktop app, or API. The agent intercepts the outgoing request, runs the redaction pipeline, and forwards a redacted version.
Every prompt shows up in the admin dashboard with what was redacted, by which employee, on which machine. GitHub Copilot usage becomes legible.
Yes. Both Copilot's autocomplete API and the chat endpoint go through the same proxy - we redact the prompt text and the context blob attached to it.
The added latency is typically under 200 ms for a normal completion. Most of that is the redaction detection round-trip - for short prompts it's much less.
Redaction placeholders are reversible at the edit site by the developer. Copilot suggests a correctly-shaped completion using the placeholder, and the developer fills in the real value locally.
Yes - the agent inspects traffic regardless of which Copilot tier you're on. The Business / Enterprise tiers add SSO, IP filtering, and audit logs on the Copilot side; they do not redact what your code sends as context.
No. The agent sets up a locally-trusted certificate during install, and major IDEs (VS Code, JetBrains, Neovim) honour the system trust store. Setup is one-time and silent.
Deploy on every employee laptop in under 10 minutes. 14-day free trial. No credit card required.