SORDINO
$ ls ~/writeups --sort=date

Writeups

Research notes and dispatches on AI coding-tool privacy — what retention promises actually cover, where secrets really leak, and how to keep them on your machine.

10 min read

Zero Data Retention Isn't Zero Exposure: What ZDR Covers and What It Can't

ZDR is real and worth negotiating -- and it's a promise about the provider's side of the wire. Carve-outs, the Mythos-class override, legal holds, your own laptop: where the promise ends, with primary sources.

#zero-data-retention#ai-privacy#claude-code#llm-security#enterprise-ai
9 min read

Is it safe to paste API keys into Claude or ChatGPT? The full life of a pasted secret

Trace a pasted key through retention windows, your own plaintext transcripts, admin exports, and prompt-injection exfiltration -- then the rotation drill, and the structural fix.

#api-keys#claude-code#secret-management#ai-coding-tools#data-retention
10 min read

Is Claude Code Safe for Company Code? Where Bans, DLP, and ZDR Stop Working

Bans, DLP, gateways, scanners, and ZDR each govern a different layer than the one where exposure happens. A map of the five controls, their documented failures, and a vendor-neutral requirements list.

#claude-code#claude-code-security#ai-coding-policy#shadow-ai#zero-data-retention