← Go Deeper

Building with AI: Risk and Control for Developers

What agentic coding tools transmit beyond your code, how to evaluate them against a risk hierarchy, and a community-curated feed of recent security developments.

Using AI to write code introduces different risks than using AI to answer questions. Coding tools do not just receive text -- in agentic configurations they interact with your filesystem, read environment variables, access credentials, and execute commands. The data sovereignty questions shift accordingly.

What coding AI tools may transmit

When you use a cloud-based coding assistant, the following may leave your machine as context passed to the model:

  • The code you are writing or editing
  • File contents from your project directory
  • Error messages and stack traces (which often contain paths, usernames, and configuration details)
  • Git history snippets
  • In agentic configurations: environment variables, credential files, and shell output

Hierarchy of risk for coding contexts

Highest risk

Agentic cloud tools with filesystem access. These tools read your files, suggest edits, and can execute commands, all while sending context to a remote server. Security researchers documented cases in late 2025 where malicious repository configuration files triggered arbitrary command execution and API key theft before any user prompt appeared. Both vulnerabilities were patched, but the pattern illustrates the structural risk of tools with broad local access and remote processing.

Claude Code Cursor Windsurf GitHub Copilot (agent mode)
Moderate risk

Cloud coding assistants without agentic capabilities. Tools that receive only what you paste, suggest completions, and return text. The data transfer is real but bounded. Appropriate for code that contains no secrets and no sensitive community or user data.

GitHub Copilot (basic) ChatGPT Amazon Q Developer Replit AI
Lower risk

Local coding models via Ollama. Models like qwen3:14b can assist with code generation, debugging, and documentation entirely on your hardware. Performance is slower than cloud tools for complex tasks, but the data never leaves your machine.

Ollama LM Studio Jan Continue.dev
No coding AI

For projects handling restricted or sensitive data that has not gone through a data governance review, no AI assistance is the appropriate baseline.

None of the tools above are appropriate without a completed governance review. Use your standard development environment.

Note: The tier framework above addresses vendor jurisdiction. Agentic tools require a second consideration -- the scope of local access. A tool can be Tier 2 on the vendor axis while having broader local data access than a typical Tier 2 tool implies. Evaluate both dimensions separately.

The five questions for evaluating any AI tool

  1. Where does the data go? Is it processed locally or sent to a remote server?
  2. What does this tool have access to? Files, credentials, environment variables, network?
  3. Who controls the output and the logs? What does the terms of service say about retention and training?
  4. What is the worst case if this tool is breached, acquired, or changes its terms?
  5. Can you explain and defend every decision this tool influenced?

Staying current

Security issues in AI tools move fast. The section below collects recent developments. Items are community-flagged and unverified -- treat them as starting points for your own research, not authoritative sources.

Loading...