However, the code itself typically contains a lot of commercial client information (e.g. a customisation may have a client's name it its namespace, their technology stack would be evident from code).
When using AI for non-development work, such as creating documents or reports, it would typically be very hard or impossible to redact client information before providing the context to AI. For e.g. we have a lot of client information on Atlassian, we would not be able to redact it before asking AI to use Atlassian MCP.
How closely are you following these security best practices at work? What are some practices that you adopted and are comfortable with?