diff --git a/lib/mirror_neuron/monitor.ex b/lib/mirror_neuron/monitor.ex
index e8f7b42..ed2e3d8 100644
--- a/lib/mirror_neuron/monitor.ex
+++ b/lib/mirror_neuron/monitor.ex
@@ -64,7 +64,7 @@ defmodule MirrorNeuron.Monitor do
 
       {:ok,
        %{
-         "job" => job,
+         "job" => public_job(job),
          "summary" => summary,
          "agents" => Enum.sort_by(agent_summaries, &{&1["assigned_node"], &1["agent_id"]}),
          "recent_events" => recent_events(events, event_limit),
@@ -73,6 +73,10 @@ defmodule MirrorNeuron.Monitor do
     end
   end
 
+  defp public_job(job) do
+    Map.drop(job, ["manifest"])
+  end
+
   def cluster_overview(opts \\ []) do
     opts = Keyword.put_new(opts, :summary, :basic)
 
diff --git a/tests/e2e/monitor_test.exs b/tests/e2e/monitor_test.exs
index 601fef9..0579902 100644
--- a/tests/e2e/monitor_test.exs
+++ b/tests/e2e/monitor_test.exs
@@ -137,6 +137,38 @@ defmodule MirrorNeuron.MonitorTest do
     RedisStore.delete_job(job_id)
   end
 
+  test "job details does not expose persisted embedded manifests" do
+    job_id = "monitor-secret-manifest-#{System.unique_integer([:positive])}"
+
+    RedisStore.persist_job(job_id, %{
+      "job_id" => job_id,
+      "graph_id" => "secret_demo",
+      "status" => "completed",
+      "submitted_at" => "2026-03-28T00:00:00Z",
+      "updated_at" => "2026-03-28T00:00:10Z",
+      "manifest" => %{
+        "metadata" => %{"api_key" => "MN_SECRET_TOKEN"},
+        "nodes" => [
+          %{
+            "node_id" => "worker",
+            "config" => %{"command" => "curl -H 'Authorization: Bearer MN_SECRET_TOKEN'"},
+            "tool_bindings" => [%{"token" => "MN_SECRET_TOKEN"}]
+          }
+        ],
+        "initial_inputs" => %{"worker" => [%{"prompt" => "use MN_SECRET_TOKEN"}]}
+      },
+      "manifest_ref" => %{"graph_id" => "secret_demo"}
+    })
+
+    assert {:ok, details} = Monitor.job_details(job_id)
+
+    refute Map.has_key?(details["job"], "manifest")
+    assert details["job"]["manifest_ref"] == %{"graph_id" => "secret_demo"}
+    assert details["summary"]["job_id"] == job_id
+
+    RedisStore.delete_job(job_id)
+  end
+
   test "job details reads only the requested recent event window" do
     job_id = "monitor-event-window-#{System.unique_integer([:positive])}"