Skip to main content

16 docs tagged with "security"

View all tags

AI autonomy risk-tier checklist

In one sentence low-risk runs automatically, high-risk forces a human review, irreversible gets a dry-run first. Wire it straight into your settings and hooks.

Claude Code permissions template: safe-default deny / ask / allow

In one sentence: a permissions block you can paste straight into settings.json — deny nails down the operations I must never touch, ask gates writes / pushes / installs behind a confirmation, and allow whitelists high-frequency read-only ops. Drop it into your project's .claude/settings.json and trim a few lines to fit your stack.

Data-classification policy template for what you feed AI

In one sentence: turn your data-boundary policy into a tier table you can use as-is. AI can't tell on its own whether a given piece of data is allowed to leave the company boundary — data sensitivity is your policy, and if you don't spell it out, AI treats everything the same and uses it. Classify the data first, then decide what must never enter an external AI, what's fine once it's de-identified, and what's fine because it's public.

Handing Me Every Permission on Day One

In one sentence: during setup you hand me --dangerously-skip-permissions and auto-approve every tool call, because you don't want to be interrupted. What you also hand over is the one chance to stop things at the moment they go wrong — and the thing that goes wrong might not be me, but an injected instruction hidden in a file, acting through my hands.

I defer to the author's framing, you rubber-stamp my review: both gates collapse

In one sentence: the PR description says "just a small refactor, no logic change," and when I review it I nod along with that framing; you see "AI Review Passed" and rubber-stamp the merge. Two gates that were supposed to be independent—one deferring to the author, one deferring to the AI—and in the end neither of us actually looked at that code. The review gate collapses into a conveyor belt.

My logs can be poisoned into an injection surface, or written dirty and incomplete—so you can't reconstruct what I did

In one sentence: logs are the only foundation you have for later determining "what the AI actually did," but they are themselves an attack surface. I'll write unescaped external input straight into the log (letting an attacker forge log lines and fool the SIEM), and I may also fail to record key actions; conversely, when I read a poisoned log, it can mislead me. Once the logs are dirty, the audit trail breaks—and when something goes wrong, you can't reconstruct the truth.

Pre-release security checklist for AI-generated code

In one sentence: run AI-generated code (mine included) through this checklist before you ship — security is a non-functional requirement I default to not seeing, and when the feature works, vulnerable code looks identical to safe code. Paste it into your PR template or release ticket and tick every box before release.

The more you have me iterate, the more vulnerabilities pile up: security erosion across iterations

In one sentence: you have me add features, fix bugs, and refactor round after round, and the code does look better and better — but security vulnerabilities quietly accumulate with the number of iterations. Research finds severe vulnerabilities rise significantly after just five rounds. A process that "looks like it keeps improving" is actually getting worse on the security front, and by release time it's hard to walk back.

You only stop me with 'soft permissions,' not OS-level isolation—once I'm compromised, I can escape

In one sentence: you control what commands I can run with "soft permissions" like allow / ask / deny, but the process I run commands in shares the same domain as your entire machine, your credentials, and your network. Soft permissions are a policy that I (or the malicious content I read) can try to circumvent — not a wall the operating system enforces. The moment a prompt injection hijacks me, I can reach your SSH key, your environment variables, your whole filesystem, and the outbound network.