Notes on AI-chat security
Practical, no-fluff guides on keeping API keys, tokens, and sensitive data out of AI chats.
July 5, 2026
Why I built Secret Sanitizer
A security incident in December 2025, a growing habit I spotted in myself, and a belief that the right answer is zero trust — not less trust. The story behind the extension.
Read the story → July 5, 2026I pasted an API key into ChatGPT — here's exactly what to do
That sinking feeling right after you hit Enter? Act on it. A step-by-step rotation checklist for AWS, GitHub, Stripe, OpenAI, and any other key you just exposed.
Read the checklist → July 5, 2026What actually happens to the code you paste into ChatGPT, Claude, or Gemini
It doesn't vanish when the chat ends. A plain-English look at retention, training, human review, and the safe assumption to work from.
Read the breakdown → July 5, 2026Prompt Poaching: when browser extensions read your AI chats
How trusted-looking Chrome extensions harvested AI conversations at scale, why chat pages are such a rich target, and how to audit your own browser.
Read the deep dive →