> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Generic secrets AI

Like Semgrep Secrets, which scans for specific secrets, **Generic secrets AI** scans your code for the inadvertent inclusion of credentials, such as API keys, passwords, and access tokens using rules. However, AI-powered generic secrets detection looks for common keywords, such as auth, key, or passwords, and flags anything nearby that appears to be a secret. It then analyzes the results to eliminate false positives, so you only see high-signal results likely to be true positives.

## Prerequisites

To scan your code for generic secrets, you must have the following:

* Access to [Semgrep Secrets](/semgrep-secrets/getting-started).
* [Semgrep Multimodal](/semgrep-multimodal/getting-started) enabled.
* Semgrep CLI version `1.86.0` or higher running in your CI environment.

Generic secrets does *not* work with local scans initiated by running the `semgrep ci` command, because Semgrep Multimodal requires code access.

## Enable generic secrets

<Steps>
  <Step>
    Sign in to [<Icon icon="external-link" iconType="solid" /> Semgrep AppSec Platform](https://semgrep.dev/login).
  </Step>

  <Step>
    Go to **Settings > General > Secrets**.
  </Step>

  <Step>
    Click the **Generic secrets** <Icon icon="toggle-large-on" iconType="solid" /> toggle to turn on generic secrets.
  </Step>
</Steps>

Once you have enabled generic secrets, your subsequent Semgrep Secrets scans automatically run with generic secrets rules. You can confirm that this is the case by looking for the following confirmation message in the CLI output:

```console theme={null}
SECRETS RULES
-------------
AI augmented rules are active for secrets detection.
```

If there are findings, Semgrep returns the following CLI message:

```console theme={null}
Your deployment has generic secrets enabled. X potential line locations
will be uploaded to the Semgrep platform and then analyzed by Semgrep Multimodal.
Any findings that appear actionable will be available in the Semgrep Platform.
You can view the secrets analyzed by Multimodal at URL
```

## View findings

<Steps>
  <Step>
    Sign in to [<Icon icon="external-link" iconType="solid" /> Semgrep AppSec Platform](https://semgrep.dev/login).
  </Step>

  <Step>
    Go to [**Secrets**](https://semgrep.dev/orgs/-/secrets) to see a list of all findings identified by Semgrep Secrets.
  </Step>

  <Step>
    Expand the **Additional filters** menu, then select <Tooltip tip="Sensitive information such as API keys, credentials, SSH keys, or certificates. If secrets are stored in source code, they can be leaked and misused." cta="See full definition." href="/semgrep-secrets/glossary#secret">Secret</Tooltip> **type > Generic Secrets** to filter for generic secrets findings.
  </Step>
</Steps>

## Disable generic secrets

<Steps>
  <Step>
    Sign in to [<Icon icon="external-link" iconType="solid" /> Semgrep AppSec Platform](https://semgrep.dev/login).
  </Step>

  <Step>
    Go to **Settings > Deployment** and navigate to the **Secrets** section.
  </Step>

  <Step>
    Click the **Generic secrets** <Icon icon="toggle-large-on" iconType="solid" /> toggle to turn off generic secrets.
  </Step>
</Steps>

Once disabled, all of your generic secrets findings will be removed from Semgrep AppSec Platform after the following scan.
