Sign in
3 min read

Announcing Meridian's AI Policy

We just published Meridian's AI Policy. Here's where we use AI in development, where we don't, and how we make sure the code that reaches you is safe and verified.

Robbie
announcementtransparencyaidevelopment

Hi everyone! Today, I'd like to announce our AI Policy. Transparency matters a lot to us, so we think it's no more than fair to release internal policies like these to the public. This policy covers how we use AI tools in development, where we've drawn hard lines, and how we make sure that the code you semi-interact with is safe.

Where we use AI

We use AI coding assistants to help with frontend work: styling, layout, small tweaks, and keeping the UI consistent across the platform. It's genuinely useful for that kind of work and speeds things up without introducing risks we can't control.

That's all. We're not using AI to build critical platform logic or anything user-facing beyond what I described, and I think that's really important.

Where we don't

This is the part we feel most strongly about. Authentication, session management, cookies, access control, encryption, data sanitization, key management, they're all essential to the operation of our platform and to guarantee we care about privacy. For that reason, none of the code involved to that is generated by or using AI. Every core system is human-written and manually verified. We decided on this early and it's a hard boundary we set, not a 'guideline.'

Code involving security is too important to delegate to a half-smart system. If something goes wrong in those areas, it affects you directly, and we're simply not willing to take that risk.

How we review our code

AI-generated code doesn't get special treatment from us. It goes through the same process as anything written by hand: human review, automated security scans, unit tests, and more. If it doesn't pass those tests, it will not reach you.

Your data stays out of it

We don't put customer data, database records, API keys, credentials, or production secrets into any generative AI tool or public LLM and we configure our developer environments to disable telemetry where possible, so our codebase isn't being used to train third-party models on the side.

Licensing

We verify that any AI-generated code is compatible with our existing licenses and doesn't introduce incompatible third-party code into our codebase.

Read the full policy

The complete AI Policy is available at meridian.surf/policies/ai. If you have questions about how we build Meridian or our security practices, feel free to reach out to us.

Send our general addresses an email:

or reach out to me directly at robbie@meridian.surf