Skip to main content

The essential 12

All 44 entries too many, and no idea where to start? Read these 12 first.

How they were picked (stated up front, so this doesn't become a subjective list): take the severity: high entries first, then rough-rank along two axes — engineers building LLM features hit it earliest, and its false security costs the most (once data crosses the boundary, it doesn't come back). Three entries are severity "medium" but belong to the governance and formal-defense basics you'll get wrong in your very first project if you skip them (data boundary, machine unlearning, DP) — they made the cut too. Finish these 12 and you've dodged the most common, most expensive privacy false-security beliefs.

To understand why these leaks happen, go to the Mechanism index; before shipping, walk the Minimum privacy baseline; for the real-world cost, read Real incidents & landmark demonstrations.

Handed out / into the weights — it doesn't come back

You assumed anonymized / isolated — it isn't

The new plaintext surfaces of the agent & reasoning era

Formal guarantees, used correctly