AI Security Glossary

Restoration of mutated code to its exact original form using a stored mutation map, with no byte-level differences from the pre-mutation source. Byte-exact reversal guarantees that the developer receives working code indistinguishable from what they would have written directly. It requires that every mutation be deterministic and fully recorded.

The process of deterministically transforming proprietary code identifiers into synthetic equivalents before transmission to AI models. Code mutation preserves code structure, syntax, and logical relationships while replacing the names that make a codebase proprietary. Unlike redaction, mutation allows LLMs to reason fully about the code and return high-quality completions.

A mutation algorithm where the same input identifier always produces the same synthetic output token, enabling reliable reversal without storing every substitution individually. Deterministic mutation uses a hash function seeded by the identifier string, ensuring consistency across sessions and files. The output is repeatable and auditable.

The specific technique of replacing function names, variable names, and class names with hash-derived synthetic tokens while leaving the structural elements of code (brackets, operators, keywords, types) intact. Identifier mutation targets the layer of code that is most proprietary and least necessary for an LLM to understand in its literal form. The LLM can reason about _fn4a2b the same way it reasons about getUserToken because both are valid identifiers in the same syntactic position.

A persistent mapping between original identifiers and their mutated synthetic equivalents, stored locally and used to reverse mutations in AI responses. The mutation map is the foundation of byte-exact reversal and must be stored securely since it contains the original proprietary names. Pretense stores mutation maps in a local SQLite database with WAL mode for durability.

The property of code mutation where AI models can still reason about structure, logic, and relationships despite identifier changes. Semantic preservation depends on the fact that LLMs encode semantic meaning from syntactic position and structural patterns rather than memorized identifier names. A function called _fn4a2b in a payment processing context carries the same implicit meaning as getUserPaymentToken to a sufficiently capable LLM.

Regex-based detection of API keys, credentials, tokens, and PII in source code or prompts before transmission to AI models. Secret scanning uses pattern libraries covering 30 or more secret types including AWS access keys, Stripe keys, GitHub tokens, JWTs, and database connection strings. It is a complement to code mutation: mutation protects identifier-level IP, while secret scanning blocks credential-level exposure.

Lexical analysis that identifies code tokens (identifiers, literals, keywords) suitable for mutation or inspection before AI transmission. Token scanning operates at a level below abstract syntax tree (AST) analysis, parsing raw source text to extract named tokens across multiple programming languages. Pretense's token scanner supports TypeScript, JavaScript, Python, Go, and Java.

An immutable record of all AI API requests, including what data was sent, mutated, and received. AI audit logs are essential for SOC2 and HIPAA compliance frameworks that require proof of data handling practices. They capture mutation metadata, timestamps, tool identifiers, and response hashes.

Meeting General Data Protection Regulation requirements when using AI tools that process code containing personal data, such as user IDs, email addresses, or behavioral identifiers embedded in source files. GDPR applies when code references, processes, or stores EU resident personal data, including during AI-assisted development. Compliance requires data minimization, purpose limitation, and documented transfer mechanisms.

Ensuring protected health information (PHI) is not exposed to AI models during code development, particularly when engineers write or review code that handles patient records, diagnostic data, or treatment identifiers. HIPAA applies to business associates including AI vendors, which means using coding assistants with healthcare code may create covered entity obligations. Local-first mutation eliminates this risk by ensuring PHI-adjacent identifiers never reach third-party APIs.

Achieving SOC2 Type II certification specifically for AI tool usage and data handling, requiring documented controls around what data is sent to AI providers, how long it is retained, and whether it is encrypted in transit. SOC2 AI compliance is an emerging audit category as organizations formalize policies around developer AI tool use. Pretense provides exportable audit logs and mutation reports to support SOC2 evidence collection.

Techniques that prevent individual data points from being identifiable in AI training datasets or inference logs. In the context of AI coding tools, differential privacy mechanisms add mathematical noise or transform data so that individual code patterns cannot be attributed to a specific organization. It is a theoretical framework; in practice, code mutation provides a more practical guarantee for proprietary identifiers.

A security layer that inspects and transforms data before transmission to large language model APIs, analogous to a network firewall but operating at the application layer on AI prompt content. An LLM firewall may block requests containing secrets, mutate proprietary identifiers, log all outbound AI traffic, and enforce rate limits or content policies. It sits transparently between the developer tool and the AI provider.

Routing API traffic through a local proxy to inspect, transform, or block requests before they reach their destination. Proxy interception is transparent to the client application: by setting a base URL environment variable, all SDK calls are redirected through the proxy without code changes. This architecture enables Pretense to intercept any OpenAI-compatible or Anthropic API call regardless of which tool generated it.

A security model requiring that no AI tool or API is trusted with raw proprietary code, applying the zero-trust principle (never trust, always verify) to AI coding assistant integrations. Zero-trust AI mandates that all code sent to AI providers be inspected and transformed before transmission, regardless of the provider's stated data policies or contractual assurances. Trust is replaced with cryptographic guarantees and local-first processing.

The unintentional exposure of proprietary code, business logic, or secrets to AI model training pipelines or cloud inference endpoints. AI data leakage occurs when developers use coding assistants without realizing that context windows are transmitted to third-party servers. The leaked data may be retained, logged, or incorporated into future model training.

The unintentional injection of sensitive data into LLM context windows via code completion tools, file-aware agents, or open-ended prompts. Context window pollution is difficult to detect because the sensitive data is embedded in normal-looking coding requests. It commonly occurs when IDE extensions send surrounding file content as context without filtering.

The risk that code submitted to AI APIs is incorporated into future model training data, allowing the provider or third parties to reconstruct proprietary algorithms from model outputs. Major AI providers have varying data retention and training policies; some opt out mechanisms are unreliable or apply only to certain product tiers. Even without deliberate training, code submitted to inference endpoints may be logged and retained.

The risk that third-party AI coding tools create vulnerabilities by exposing internal code to external parties, training data pipelines, or adversarial actors targeting AI provider infrastructure. Supply chain AI risk extends the concept of software supply chain security to the AI layer: any tool that sends your code to a third-party service is a potential supply chain exposure point. Attackers may target AI providers specifically to harvest code from high-value targets.