AI Data Security - DeveloPassion

# AI Data Security Protecting sensitive data when using AI systems. Every interaction with an AI tool is a potential data exposure point: prompts, uploaded files, tool call results, and agent memory all contain information that may be confidential, proprietary, or regulated. ## Attack surface - **Prompts**: everything you type or paste into an AI tool is data you're sharing - **File uploads**: documents, code, images uploaded for analysis - **Tool call results**: when AI reads your files, queries your databases, or calls your APIs - **Agent memory**: accumulated context that persists across sessions - **Skill content**: instructions that may reference internal architecture, processes, or credentials - **Output logging**: provider-side logging of conversations and outputs ## Threat categories ### Data leakage - Sensitive data included in prompts reaches the provider's servers - [[AI Training Data Collection]]: your data may train future models - Agent memory accumulates confidential information over time - Cross-session contamination: context from one project leaking into another ### Data exfiltration - Malicious skills or prompts that extract data through tool calls - [[Prompt injection]] that redirects AI to send data to external endpoints - [[AI Skill Supply Chain Security]] failures: untrusted skills accessing sensitive data ### Compliance violations - Processing personal data (GDPR, CCPA) through non-compliant AI services - Storing regulated data (HIPAA, SOX) in AI memory systems - Cross-border data transfer through cloud AI providers ## Mitigations - Classify data before sharing with AI (see [[AI Usage Policy]]) - Use API access with enterprise data handling agreements - Run sensitive workloads on self-hosted models ([[Running AI Models Locally]]) - Implement [[AI Agent Permissions]] to restrict file and tool access - [[Context Isolation]]: separate contexts between projects/clients - Audit agent memory for accumulated sensitive data - Strip credentials and secrets from context before loading ## References - ## Related - [[AI Privacy]] - [[AI Training Data Collection]] - [[AI Usage Policy]] - [[AI Agent Permissions]] - [[AI Governance]] - [[AI Safety]] - [[Context Isolation]] - [[Context Poisoning]] - [[AI Skill Supply Chain Security]] - [[Prompt injection]] - [[Running AI Models Locally]] - [[Enterprise Context Management (ECM)]]