Ask HN: How companies are protecting Claude Code from reading IP and PII data
2 points
54 minutes ago
| 2 comments
| HN
Recently I was baffled when Claude code read the customer table data from a production environment, while triaging an issue, and that made me wonder. Sure you should NOT give the access to read the prod data but does it sounds practical in the real time debugging session?
snailshare
50 minutes ago
[-]
Our take has been that if you are working with one of these large companies, you cannot expect anything to be private. We've worked with a smaller more focused product where we were able to negotiate the necessary controls
reply
pradeep1177
40 minutes ago
[-]
And what are those necessary controls?
reply
toomuchtodo
44 minutes ago
[-]
Sign an enterprise agreement that speaks to data retention and destruction requirements. Part of what you pay for is to shift the liability to the inference vendor.
reply
pradeep1177
41 minutes ago
[-]
These data retention contracts are black boxes; you never know how your IP was leaked, and it could end up in the model's training data. It's like trusting META with your privacy settings.
reply
toomuchtodo
36 minutes ago
[-]
A contract satisfies our infosec program and cyber insurance requirements, confirmed by a corporate legal team. Our role is to manage risk, not eliminate it.

(already minimizing sensitive data storage and transit whenever possible, as an entity operating in a regulated industry)

reply