@sunychoudhary
Building AI Security for LLMs | CEO @ LangProtect
Writing, speaking, and collaborating on AI security, LLM safety, and developer tooling.
Great breakdown. PDF RAG is easy to demo, but hard to make trustworthy. Chunking, metadata, citations, access control, and index hygiene matter a lot once the PDFs are internal or customer-facing. At LangProtect, we look at this as both a retrieval problem and a data-security problem: what gets indexed, what gets retrieved, and what sensitive context reaches the user.
Exactly. Once the agent can take action, it stops being “support content” and becomes part of the control plane. Refunds, cancellations, credential resets, account changes, plan upgrades — those are not FAQ responses. They are privileged actions. Treating them as chatbot features instead of API-risk workflows is where teams get burned.
This is a cool MCP use case because it connects AI to an actual creative workflow instead of keeping it trapped in chat. The powerful part is obvious: Claude Code can help inspect project state, make changes faster, and reduce the back-and-forth between code, editor, and testing. The part I’d watch carefully is the action boundary. Once an AI assistant can interact with a live editor, it needs clear limits around what it can read, what it can change, what requires confirmation, and how changes are logged or reverted. For game development, this could be genuinely useful if it speeds up iteration without making the project state unpredictable. The best version of this is not “Claude controls everything.” It is Claude becoming a fast assistant inside a workflow where the developer still has final control.