[Iflal]

I haven't published formalized benchmarks yet, but to be completely transparent: keychase will not beat Gitleaks or TruffleHog in raw execution speed. They are highly optimized Go binaries, and pure Python has its limits there.

The core differentiator is the developer experience for Python-native teams. You don't have to pull a Docker image or install system binaries—it just lives in your requirements.txt or pre-commit pipeline.

Regarding false positives: Currently, keychase relies strictly on 78+ regex detectors, so it carries the standard regex false-positive rate. TruffleHog is vastly superior in this regard right now because they do active API verification. To close that gap, my roadmap includes building entropy-based detection for unknown secrets and adding optional active-verification pings.