467 Patterns. BPE Tokenization. 20 Live Verifiers.
Netallion AI Assurance combines traditional regex patterns with byte-pair encoding tokenization analysis, achieving 98.6% recall on generic secrets compared to 70.4% for entropy-only approaches.
98.6%
Recall (BPE)
70.4%
Recall (entropy-only)
< 5%
Target false positive rate
~0%
False positives (verified types)
How BPE Tokenization Works
Traditional entropy analysis measures randomness but produces excessive false positives. BPE tokenization analyzes the structure of strings to distinguish real secrets from legitimate high-entropy content.
Regex + Entropy (Traditional)
- Matches known patterns via regular expressions
- Falls back to Shannon entropy for unknown formats
- High false positive rate on UUIDs, hashes, and encoded data
- Misses generic secrets with non-standard formats
- 70.4% recall on generic secrets
Regex + BPE (Netallion AI Assurance)
- Matches known patterns via regular expressions
- Analyzes token structure with byte-pair encoding
- Distinguishes secrets from legitimate high-entropy strings
- Catches generic secrets that regex alone misses
- 98.6% recall on generic secrets
Pattern Categories
Cloud Provider Keys
80+AWS Access Keys, Azure SAS Tokens, GCP Service Account Keys, Azure Connection Strings
Source Control Tokens
30+GitHub PATs, GitLab Tokens, Bitbucket App Passwords, Azure DevOps PATs
SaaS API Keys
120+Stripe, Twilio, SendGrid, Datadog, Slack, PagerDuty, Sentry, HubSpot
Database Credentials
40+PostgreSQL, MySQL, MongoDB, Redis, SQL Server connection strings
Infrastructure
60+SSH keys, Docker Hub tokens, npm tokens, PyPI tokens, Terraform tokens
PII Patterns
50+SSN, email, phone, credit card, address, passport, driver license
AI Hygiene
30+OpenAI keys, Anthropic keys, secrets in LLM prompts, AI-generated credentials
Generic Secrets
50+High-entropy strings, password assignments, base64-encoded secrets, JWT tokens
20 Live Verifiers
Every high-confidence finding is checked against the provider API to confirm the secret is still active, reducing false positives to near zero for verified types.
How We Compare
| Capability | Netallion AI Assurance | GitGuardian | TruffleHog | Nightfall |
|---|---|---|---|---|
| Detection Patterns | 467 | 550+ | 800+ | 100+ ML |
| BPE Tokenization | Yes | No | No | No |
| Live Verification | 20 verifiers | 20+ verifiers | 20+ verifiers | N/A |
| Azure Monitor Scanning | Native | No | No | No |
| Generic Secret Detection | 98.6% recall (BPE) | Entropy-based | Entropy-based | ML-based |
| PII Detection | Yes (regex) | Limited | No | Best-in-class (ML) |
| Custom Patterns | Yes | Yes | Yes | Limited |
| Auto-Remediation | Key Vault, GitHub, AWS | No | No | No |
Experience the detection engine firsthand
Start your free trial and scan your first workspace with all 467 patterns.