Notes on AI-chat security

Practical, no-fluff guides on keeping API keys, tokens, and sensitive data out of AI chats.

Why I built Secret Sanitizer

A security incident in December 2025, a growing habit I spotted in myself, and a belief that the right answer is zero trust — not less trust. The story behind the extension.

Read the story →

I pasted an API key into ChatGPT — here's exactly what to do

That sinking feeling right after you hit Enter? Act on it. A step-by-step rotation checklist for AWS, GitHub, Stripe, OpenAI, and any other key you just exposed.

Read the checklist →

What actually happens to the code you paste into ChatGPT, Claude, or Gemini

It doesn't vanish when the chat ends. A plain-English look at retention, training, human review, and the safe assumption to work from.

Read the breakdown →

Prompt Poaching: when browser extensions read your AI chats

How trusted-looking Chrome extensions harvested AI conversations at scale, why chat pages are such a rich target, and how to audit your own browser.

Read the deep dive →