Ask HN: Privacy concerns when using AI assistants for coding?

6•Kholin•9mo ago

I've recently seen some teams claim to use third-party AI assistants like Claude or ChatGPT for coding. Don't they consider it a problem to feed their proprietary commercial code into the services of these third-party companies?

If you feed the most critical parts of your project to an AI, wouldn't that introduce security vulnerabilities? The AI would then have an in-depth understanding of your project's core architecture. Consequently, couldn't other AI users potentially gain easy access to these underlying details and breach your security defenses?

Furthermore, couldn't other users then easily copy your code without any attribution, making it seem no different from open-source software?

Comments

rvz•9mo ago

Don't forget that your env API keys are getting read and sent to Cursor, Anthropic, OpenAI and Gemini as well.

baobun•9mo ago

Especially under current US administration and geopolitical climate?

Yeah, we're not doing that.

Also moved our private git repos and CIs to self-managed.

apothegm•9mo ago

In theory, these companies all claim they don’t use data from API calls for training. Whether or not they adhere to that is… TBD, I guess.

So far I’ve decided to trust Anthropic and OpenAI with my code, but not Deepseek, for instance.

bhaney•9mo ago

> The AI would then have an in-depth understanding of your project's core architecture

God how I wish this were true

ATechGuy•9mo ago

I believe enterprises that care about privacy are using private AI from big tech (say Github copilot), others may not care so much about it.

jonplackett•9mo ago

If your code is written properly then it would be secure even if someone can see the source code (unless there’s environment keys in there that shouldn’t be exposed).

If the only security you have it that your code / site structure is secret that’s not good.

From Human Ergonomics to Agent Ergonomics

Advanced Inertial Reference Sphere

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

Show HN: A longitudinal health record built from fragmented medical data

CoreWeave's $30B Bet on GPU Market Infrastructure

Creating and Hosting a Static Website on Cloudflare for Free

"The Stanford scam proves America is becoming a nation of grifters"

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

X (Twitter) is back with a new X API Pay-Per-Use model

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

When Michelangelo Met Titian

Solving NYT Pips with DLX

Baldur's Gate to be turned into TV series – without the game's developers

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

Effective Nihilism

The UK government didn't want you to see this report on ecosystem collapse

No 10 blocks report on impact of rainforest collapse on food prices

Seedance 2.0 Is Coming

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)