Shipped after a real $48,000 mistake · 2026

I lost $48,000 to a leaked API key.
So I built the thing I wish I'd had.

TokenLedger is a cost circuit breaker for AI keys. Route your keys through us and runaway spend stops in seconds, before your provider's billing catches up. Scan every repo and we alert on the ones we haven't met, before the bill breaks you.

Request early access Read the story

Two layers of protection · pick what fits

Paid · managed keys

Route it through us, we stop the bill.

Hard caps, no escape. Every key you route through TokenLedger has a per-minute and per-day spend ceiling. When a leak lands or an agent loops, we kill the request at our edge. Your provider's billing cadence never gets a chance to catch up.

  • Per-key, per-team, per-project caps
  • Leak detection auto-drops cap to $0
  • Spend velocity anomaly guard
  • Kill switch propagates to client in seconds
Free · unmanaged keys

We scan the repos, we alert you fast.

Honest about the gap: if a key isn't routed through TokenLedger, we can't cap what we don't control. What we can do is find it the moment it leaks, trigger provider revocation where supported, and give you a clean remediation path.

  • GitHub App scans every commit
  • Anthropic / OpenAI / Google key patterns
  • Auto-PR to remove + provider revoke
  • Real incident playbook, not a dashboard

The incident · october 2025

Here's the part nobody warns you about: revoking the key doesn't stop the bleeding.

Gemini billing isn't real-time. Costs accumulate against the key for hours after disable, and only appear in the dashboard on a delayed cadence. By the time I saw the first spike, the abuse had already been running for half a day.

I emailed Google support. I escalated. I begged. Form replies. "We can offer a payment plan." Two installments of $24,000. I had neither.

So I filed an incident report with the FBI, got a case number, and replied to Google collections with that case number attached. I paid $1,000 out of pocket to show good faith. Five months later, the entire bill was waived.

TokenLedger is the thing I wish I'd had sitting between my key and Google's billing pipeline. It wouldn't have saved past-me. It might save present-you.

Read the full incident report →

From leak to blocked spend,
for keys you route through us.

Internal engineering target: sub-10 seconds end-to-end. Real-world latency depends on webhook delivery, provider API response, and network conditions. We publish honest numbers in our status page, not marketing ones.

git push to public repo leaked key detected
tokenledger scanner fires github webhook · regex + entropy
provider revoke + proxy cap, in parallel never serialized
kill-list push to every client websocket fanout · cached client-side
next request with the leaked key → blocked your bill stops growing

Simple, honest pricing.

Free to catch the thing that'd kill a startup. Paid to make sure it actually stops.

Free
$0
forever
  • Scan every public commit
  • Leak alerts within seconds
  • Unlimited keys, alerts only
  • No cap enforcement
Solo
$29
per month
  • Everything in Free
  • Up to 5 managed keys
  • Proxy with hard caps
  • Auto-revoke on leak
  • Spend anomaly alerts
Team
$199
per month
  • Everything in Solo
  • Up to 50 managed keys
  • Per-dev / per-project attribution
  • Cross-vendor dashboard
  • Up to 20 developers
Enterprise
Custom
talk to us
  • Chargeback + forecasting
  • SOC 2 + SAML SSO
  • Self-hosted option
  • Dedicated support

Want early access?

We're onboarding design partners this month. If you've lost sleep over an AI bill, or you're worried about the one coming, send a line. We'll get back within 24 hours.

Email asghar@tokenledger.dev