What patterns are detected by default?

Built-in rules detect AWS keys, GitHub tokens, Stripe keys, OpenAI API keys, database connection strings, OAuth tokens, Slack tokens, and common credentials like passwords. These rules use regex patterns and are active out of the box when security rules are enabled.