diff --git a/browse/src/read-commands.ts b/browse/src/read-commands.ts
index 7559b1f6..5d93156c 100644
--- a/browse/src/read-commands.ts
+++ b/browse/src/read-commands.ts
@@ -291,8 +291,8 @@ export async function handleReadCommand(
         sessionStorage: { ...sessionStorage },
       }));
       // Redact values that look like secrets (tokens, keys, passwords, JWTs)
-      const SENSITIVE_KEY = /token|secret|key|password|credential|auth|jwt|session|csrf|api.?key/i;
-      const SENSITIVE_VALUE = /^(eyJ|sk-|pk-|ghp_|gho_|github_pat_|xox[bpsa]-|Bearer\s)/;
+      const SENSITIVE_KEY = /(^|[_.-])(token|secret|key|password|credential|auth|jwt|session|csrf)($|[_.-])|api.?key/i;
+      const SENSITIVE_VALUE = /^(eyJ|sk-|sk_live_|sk_test_|pk_live_|pk_test_|rk_live_|sk-ant-|ghp_|gho_|github_pat_|xox[bpsa]-|AKIA[A-Z0-9]{16}|AIza|SG\.|Bearer\s|sbp_)/;
       const redacted = JSON.parse(JSON.stringify(storage));
       for (const storeType of ['localStorage', 'sessionStorage'] as const) {
         const store = redacted[storeType];