Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: What data are you sharing with LLMs?
1 point by elevatortrim 19 hours ago | hide | past | favorite | discuss
All best practices suggest omitting client names, customer PII, and so on.

However, the code itself typically contains a lot of commercial client information (e.g. a customisation may have a client's name it its namespace, their technology stack would be evident from code).

When using AI for non-development work, such as creating documents or reports, it would typically be very hard or impossible to redact client information before providing the context to AI. For e.g. we have a lot of client information on Atlassian, we would not be able to redact it before asking AI to use Atlassian MCP.

How closely are you following these security best practices at work? What are some practices that you adopted and are comfortable with?





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: