Story

tl;dr looking for any links, resources or tips around best practices for data security, privacy, and agent guardrails when using Claude (or others).

My journey over the past few years has been one of borderline AI skeptic for its use in coding to having tried Claude Code a month ago and being unlikely to ever go back to coding big changes without it. Most queries I would have used search for in the past are now done in AI models as a first step.

However, one thing that concerns me is whether I am using best practices around agent safety and code protection. I have turned off the “Help improve Claude” toggle in the web panel for Claude settings. Do we believe that’s enough to really stop them (the companies who took any data they could find to make this tool) from using or training on our code? Are all the companies and people using this product just entrusting their proprietary code bases to these AI companies? Is it enough for me to be on the $20/mo Claude Pro plan or do I have to pony up for a Teams plan to protect my data? Which companies do we trust more in this space?

In terms of agent guardrails, I have set up Claude CLI on a cloud VPS Ubuntu host, as its own user that has access to read and modify the code, but no commit ability or git credentials or access to data on my personal machines. The repos are in a directory with group write access and then my personal user account does all commits and pushes, to ensure that Claude has no tangible way to destroy any data that isn’t backed up offsite in git. I don’t provide any of the environment variable credentials necessary to actually run the software, or access to any real data, so testing and QA is still something I do manually and pushing the changes to another machine.

I use it iteratively on individual features or bug fixes. I still have to go back and forth with it (or drop into my editor) a decent amount when it makes mistakes or to encourage better architectural decisions, but it is overall quite fun and exciting for me to use (at this early stage of learning and exploration) and seems to speed up development for my use case in a major way (solo dev SaaS site with web, iOS, and Android native apps + many little, half-finished side projects and ideas).

Does HN have any links or resources that round up the state of the art best practices around AI use for those who are cautious and not wanting to give it the keys to kingdom, but trying to take advantage of this new coding frontier in a safe way? What commands or settings would be typically considered safe to always allow so it doesn’t need to ask for permission as often? What security or privacy toggles do I want to consider in Claude (or other agents). Is it good to subscribe to a couple services and have one review the other’s code as a first step? I hit usage limits on the $20 Claude Pro, should I go to Max or spread horizontally across different AI models? Thanks for any tips!