LeakChain is an Infrastructure-as-Code–aware static analysis framework that detects sensitive-data leakage across distributed serverless applications. Built on CodeQL with cross-service taint tracking, LeakChain identifies intra-function, inter-function, and service-mediated exposure paths invisible to conventional code-only analysis. An integrated LLM-based AI security agent validates flows and suppresses false positives. Across 1,156 real-world serverless applications, LeakChain detected 798 confirmed secret-exposure flows at 100% precision and 93.2% recall — designed as a CI/CD security guardrail to catch sensitive-data leakage before deployment.