$ ls ~/writeups --sort=date
Writeups
Research notes and dispatches on AI coding-tool privacy — what retention promises actually cover, where secrets really leak, and how to keep them on your machine.
10 min read
Zero Data Retention Isn't Zero Exposure: What ZDR Covers and What It Can't
ZDR is real and worth negotiating -- and it's a promise about the provider's side of the wire. Carve-outs, the Mythos-class override, legal holds, your own laptop: where the promise ends, with primary sources.
#zero-data-retention#ai-privacy#claude-code#llm-security#enterprise-ai
9 min read
Is it safe to paste API keys into Claude or ChatGPT? The full life of a pasted secret
Trace a pasted key through retention windows, your own plaintext transcripts, admin exports, and prompt-injection exfiltration -- then the rotation drill, and the structural fix.
#api-keys#claude-code#secret-management#ai-coding-tools#data-retention
10 min read
Is Claude Code Safe for Company Code? Where Bans, DLP, and ZDR Stop Working
Bans, DLP, gateways, scanners, and ZDR each govern a different layer than the one where exposure happens. A map of the five controls, their documented failures, and a vendor-neutral requirements list.
#claude-code#claude-code-security#ai-coding-policy#shadow-ai#zero-data-retention