The buzz around AI has reached unprecedented levels. If you work in tech, chances are you’ve already experimented with AI tools in your daily workflow. But as adoption grows, so do the risks. The moment you input data into an AI system opens the potential for that data to be exposed.
In this article, I’ll explore practical AI safety for developers: which data types are most sensitive, how to protect it, and what safeguards you should have in place when working with AI tools as a software developer.
Let’s dive in. Here are some of the most important safety aspects that I have in mind when using AI tools at work. Hope you’ll find them useful:
🛑 There is certain data that you should never paste into public AI tools, such as proprietary code or credentials.
Why: Code shared with public LLMs (like ChatGPT, Copilot, etc.) may be retained or used in future training unless privacy settings are enforced.
What to do:
- Redact sensitive logic before pasting.
- Use AI coding tools that offer enterprise privacy options.
- Never share:
- API keys
- Database strings
- Environment configs
- Internal endpoints
🧠 If you want to use AI-generated code, validate it rigorously
Why: AI code suggestions may look good but can contain:
- Hidden bugs
- Security flaws
- Deprecated methods
- Inefficiencies
What to do:
- Treat AI-generated code as a rough draft, not production-ready.
- Run static analysis and security scans.
- Don’t bypass code reviews because “the AI suggested it.”
How can you validate AI generated code:
- Test it to see if it works.
- See what code sequences were added, libraries, etc.
- Understand why and how the added code works (recreate it step by step, use Google, or even an LLM to trace the sources of the code, and get access to some documentation).
Rule of thumb: Never copy-paste in your code something that you don’t fully understand.
🔐 Be Aware of Prompt Injection and Model Exploitation
Why: AI-driven apps are vulnerable to new types of attacks like prompt injection, data leakage, or output manipulation. I always recommend avoiding email scraping tools or any software that can access sensitive information on your computer without clear boundaries. It’s also important not to hand over full control of your system to any AI model. You should remain in control at all times.
What to do:
- Sanitize and validate user inputs that reach any LLM.
- Limit model instructions that can be altered dynamically.
- Study and mitigate prompt injection scenarios in apps.
🧰 Use Local or Self-Hosted Models When Appropriate
Why: For sensitive code, documentation, or infrastructure, cloud-based AI tools may not meet necessary compliance standards. For instance, in some of my current projects within the medical field, strict regulatory requirements may prohibit the use of cloud-based AI solutions.
What to do:
- For regulated or IP-sensitive projects, use:
- Open-source LLMs (like Mistral, LlaMA, Code Llama, GPT OSS)
- On-premise AI tools with secure storage
- Keep models behind a VPN or internal firewall.
📋 Document AI Use in Development Processes
Why: Transparency matters, especially in teams and regulated industries. Also, it would be useful in the eventuality of copyright litigations (see next tip).
What to do:
- Note when and how AI was used in writing or reviewing code.
- Disclose whether AI-assisted content (e.g., documentation, commits) was generated or edited by humans.
🛡️ Stay Informed About Licensing and Code Reuse
Why: AI-generated code may unintentionally reproduce snippets from copyrighted or GPL-licensed codebases.
What to do:
- Check licensing of any reused patterns.
- Don’t copy-paste AI output into projects without verifying compatibility with your project’s license (e.g., MIT, Apache).
🧪 Sanitize Test Data Before Using It in AI Contexts
Why: In a test scenario you might need to paste logs, error messages, or test data that contain real user or customer information.
What to do:
- Strip any personally identifiable information.
- Avoid sharing logs from production environments.
- Use anonymized test data if discussing issues with AI tools.
⚖️ Balance Pros and Cons for Using AI Tools in Particular Contexts
As much as I am eager to try every AI tool out there, I’m also of the opinion that they should be taken with the proverbial grain of salt. Sometimes, there may be a big gap between the perceived AI productivity boost and the actual one. Some studies even show productivity decrease when using AI tools for coding in particular settings, for example when working with large, mature open-source codebases.
Finally, these are just some basic rules. For sure, there are many more nuances to consider, depending on the platform you use and the nature of your work.
IT professionals should also consider educating team members (especially junior developers) on the risks of over-relying on AI without understanding the security implications.
Given how quickly these systems are evolving, it’s essential to stay continually informed. On my part, for sure I will need to revisit and update this list in just a few months. Until then, stay safe online – and prompt with care.