DEV Community
Follow
Using AI Without Leaking Your Secrets: A Threat Model for AI-Assisted Development
Pasting secrets into AI prompts is akin to public sharing, with potential for permanent exposure in logs and training data. The author emphasizes a threat model approach to using AI, not just a casual one. Prompts do not remain private conversations upon submission. Free AI tiers often retain data for model improvement, while paid tiers offer contractual assurances but not absolute security. Data leaks can occur from what is pasted, what tools automatically attach, or what the model emits. AI providers are viewed as trusted-but-unverifiable third parties, making auditing internal processes impossible. Assets at risk include API keys, database credentials, and sensitive customer information. The prompt channel should be treated as untrusted egress, similar to production network calls. A do-not-send list is provided, including live credentials, sensitive configuration files, and proprietary source code. Masking secrets with placeholders is a viable alternative to abstaining from sending them. Context hygiene involves structural prevention of leaks through ignore files and pre-prompt scanning. The principle of keeping secrets encrypted at the source prevents plaintext exposure. Matching data sensitivity to the AI tier, with paid tiers for proprietary work and local models for regulated data, is recommended. Even with no-training guarantees, a zero-trust posture is advised, minimizing context and verifying AI output. Habits like using AI ignore files, scanning for secrets, and masking credentials improve security without significant time cost.
