How do you protect your code when you're allowed to use an LLM but not to disclose the source?
Curious how others handle this. My situation: the client lets me use LLMs for coding, but explicitly asked that the actual source not be disclosed to a third party. So "just paste it into a cloud model" is off the table for the sensitive parts, but going fully without an assistant isn't realistic either.
I first tried keeping everything local. On a laptop the reasoning models were too slow to be usable (minutes per turn), and the smaller ones were unreliable — they'd "answer" without really reading the files. Moving to a server helped the speed a bit but the quality still wasn't there for real work. Local felt like paying a lot to end up with a weaker assistant.
What I landed on instead: a workflow where the sensitive parts go through an obfuscating proxy before reaching the model — identifiers in code, comment and conf get renamed on the way out and restored on the way back, so I keep a capable cloud model but the remote side never sees the real names/structure. I'm using promptCape for that piece, and so far it's held up.
But I'd like a reality check — how do you handle it?
- Local models good enough for you now, or same slowness/quality wall I hit?
- Obfuscation / proxy layer, and if so which?
- Air-gapped setups, contract clauses, or just not using AI on those parts at all?
Genuinely want to hear what's working for people under a "no disclosure" constraint.