Chapter BAI for codingPage 5 of 8

AI for coding

Protect privacy and reduce risk

A safe workflow defines data, permission, consequence, and escalation before tool use.

~14 minPrivacy and risk

Before you start

Why this matters

Without opening an AI tool, write the acceptance test for this job: diagnose and repair a wrong order-total function without widening the change. Name one fact that must be exact, one judgment a person must make, and one condition that should stop the workflow. Compare your answer with the professional standard below; the gap is what you should practice.

1Learn the idea

Read

Draw the boundary

Map four things: what enters the system, what the provider may retain, who can access output, and what action follows. For this topic the operative rule is: remove API keys, tokens, customer payloads, private repository URLs, and proprietary code not approved for the tool. “No secrets” is too vague; name prohibited fields and approved substitutes.

Classify the work by consequence. Low-risk ideation with synthetic data may need ordinary review. Internal drafts based on approved material need access and retention controls. Public claims, student decisions, deployments, impersonation, sensitive targeting, or automated external actions require a stricter gate and sometimes should not use the tool at all.

Read

Threat and rights review

The scenario is diagnose and repair a wrong order-total function without widening the change. Ask:

  • Do we have permission to process every input and license every asset?
  • Could the output mislead someone about authorship, evidence, identity, or reality?
  • Can untrusted text or media alter tool instructions?
  • Is there a reversible draft stage before publication, sending, grading, or deployment?
  • Can a person contest, correct, remove, or revoke the result?
You are pairing on a TypeScript checkout service. The failing case has `shippingOverride=0`, but the result adds the default shipping fee. Explain the likely cause first. Then propose the smallest diff. Do not change public types or add dependencies. Return: diagnosis, unified diff, and three tests. Flag any assumption.

The prompt can state boundaries, but prompts are not access control, consent records, or legal clearance. Configure minimum permissions, retention, sharing, and deletion in the surrounding system. Keep an incident route for accidental exposure and a kill switch for repeated workflows.

Read

Apply proportional controls

For the expected result—The assistant identifies a truthiness fallback that replaces free shipping (0) with the default fee, changes it to a nullish fallback, and proposes tests for zero, undefined, and a positive override—review privacy, security, bias, rights, and deception separately. Use provenance notes and disclosures where audiences could mistake synthetic media or generated claims for direct evidence. Preserve human ownership of consequential decisions.

Likely failures include invented library methods; broad refactors disguised as fixes; tests that merely copy the implementation; ignored error output. A candidate patch is not working software until the local toolchain proves it. Prefer a five-line diff you understand over a polished rewrite you cannot defend. When local law, organizational policy, a contract, or platform rule is stricter than this lesson, the stricter rule wins.

Read

Red-team exercise

Try one hostile or ambiguous input without using real sensitive information. Observe whether the model invents, follows embedded instructions, exceeds the schema, or proposes an irreversible action. A safe run should fail closed: return “unknown,” route to review, or stop.

Checking tutor…

Continue learning · glossary & guides