When using AI it is important to understand what data you expose and where it is being sent to. While the scripts we process are publicly accessible and should not contain sensitive data, we didn’t take any risks. Cside uses self hosted open source models with no public internet exposure. Meaning any data we review using AI has no way out by design, no surprises.
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.