Repo-level scope + opt-out for sensitive code
Demonstrate that AI-assisted development tools respect repository-level scope boundaries and honor opt-out configurations that prevent exposure or processing of designated sensitive code.
Description
What this control does
This control enforces that AI coding assistants and code generation tools operate with repository-level configuration scopes, allowing explicit opt-out mechanisms for sensitive code repositories, directories, or files. Organizations define exclusion patterns (e.g., .gitignore-style rules, repository metadata tags, or policy files) that prevent AI tools from ingesting, learning from, or suggesting code in protected areas such as cryptographic modules, authentication logic, proprietary algorithms, or regulated data handlers. This reduces the risk of sensitive intellectual property or security-critical code being exposed to third-party AI services or included in training datasets.
Control objective
What auditing this proves
Demonstrate that AI-assisted development tools respect repository-level scope boundaries and honor opt-out configurations that prevent exposure or processing of designated sensitive code.
Associated risks
Risks this control addresses
- Sensitive authentication or cryptographic code is transmitted to external AI services and potentially included in shared training datasets
- Proprietary algorithms or trade-secret logic are leaked through code completion telemetry or model fine-tuning
- AI-generated suggestions incorporate patterns from excluded repositories, exposing architecture or vulnerabilities of protected systems
- Developers inadvertently share code from repositories handling regulated data (PII, PHI, PCI) with third-party AI vendors without data processing agreements
- Lack of granular opt-out forces blanket disablement of AI tools, reducing developer productivity in non-sensitive contexts
- Configuration drift allows previously excluded repositories to become accessible to AI tools after repository restructuring or tooling updates
- Audit trails fail to capture which code was exposed to AI services, preventing breach impact analysis or compliance reporting
Testing procedure
How an auditor verifies this control
- Obtain the organization's inventory of repositories and directories classified as sensitive, including cryptographic libraries, authentication modules, proprietary algorithms, and regulated data handlers.
- Retrieve the configuration files, policy settings, or metadata that define AI tool exclusions (e.g., .aiignore files, IDE workspace settings, enterprise AI platform configuration exports, version control system hooks).
- Select a representative sample of at least 10 repositories spanning sensitive and non-sensitive classifications, ensuring coverage of different teams and technology stacks.
- For each sampled repository, inspect the applied AI tool configuration to verify explicit opt-out rules are present for sensitive repositories and absent or permissive for non-sensitive repositories.
- Simulate developer activity by opening files in excluded repositories using AI-enabled IDEs or editors, and verify that code completion, inline suggestions, and context transmission are disabled or blocked.
- Review telemetry logs, network traffic captures, or AI platform audit logs to confirm no code snippets from excluded repositories were transmitted to AI services during the simulation period.
- Interview developers and repository owners to confirm awareness of opt-out mechanisms and validate that the exclusion process is documented and consistently applied during repository creation and classification changes.
- Test configuration enforcement by intentionally modifying exclusion rules for a test repository and verifying that changes propagate to developer tools within the defined synchronization window.
Where this control is tested