Skip to content
LlmWikis.orgLLM Wiki handbook
UAIX canonical
Menu
UAIX canonical
Source map LLM Wiki handbook llms.txt What is an LLM Wiki? Setup wizard Checklist Specification Metadata Navigation vs RAG vs AI Memory Source policy UAI-1 spec

LlmWikis knowledge page

Security and Privacy

An LLM Wiki should make useful knowledge available without becoming a vault for information agents should never see. Security and privacy are not afterthoughts; they decide what can enter, who can read it, how it can be exported, and what agents may do.

Do Not Store Or Export Sensitive Material

  • Secrets, credentials, API keys, private keys, recovery codes, or tokens.
  • Production access details, signing material, privileged infrastructure notes, or unredacted incident response details.
  • Raw customer data, employee data, patient data, financial data, legal data, or regulated records.
  • Sensitive legal material, privileged communications, or unapproved compliance conclusions.
  • Internal strategy that should not be exposed to broad agent or contributor access.
  • Private meeting transcripts, chat logs, or support records without review and redaction.

Use reviewed summaries, source status, and redaction notes when a sensitive source influenced public or portable guidance. A useful summary can preserve a lesson without carrying the private material that produced it.

Required Controls

Control What to define
Access control Who can read, write, review, export, and approve each sensitivity class.
Redaction How sensitive source material becomes safe summaries, and who reviews redaction.
Public/private boundary Which wiki pages can be public, internal, confidential, restricted, or never exported.
Agent permissions Which pages agents may read, cite, update, summarize, or must avoid.
Audit logs Who changed sensitive pages, when, why, and with which reviewer.
Human approval Which updates require security, privacy, legal, operations, or governance approval.

Sanitized Exports

AI Memory bundles, project handoffs, contractor packets, and public examples should be generated from reviewed, redacted wiki pages. Never export raw private source files just because they helped build the durable page.

Agent Stop Conditions

  • Stop when a task asks the agent to reveal, summarize, transform, or publish secrets or regulated data without explicit governance.
  • Stop when a draft mixes public handbook copy with private intake, archive, or handoff files.
  • Stop when the requested export would move sensitive source material into AI Memory, Project Handoff, examples, screenshots, starter bundles, or public discovery files.
  • Stop when legal, privacy, security, or customer-data status is unclear and no human reviewer is named.