Field Notes from Selina Labs

First-hand notes on private AI, memory, encryption, and the security of systems that remember you — written while building Selina, grounded in real incidents.

Private AI Memory: How a Personal AI Can Remember You Without Exposing You

Private AI Memory: How a Personal AI Can Remember You Without Exposing You

Persistent AI memory boosts usefulness but risks exposure. Learn the real privacy costs of AI memory and how architecture—not policy—can fix it.

The Honest Limits of Private AI (and Why 'Zero-Retention' Is Usually False)

The Honest Limits of Private AI (and Why 'Zero-Retention' Is Usually False)

Why "zero-retention LLM" claims rarely hold up: the real gaps across caching, uploads, and legal discovery—and what honest privacy limits actually look like.

End-to-End Encryption vs Encryption at Rest: What the Words Really Promise

End-to-End Encryption vs Encryption at Rest: What the Words Really Promise

Encryption at rest still lets providers read your data—end-to-end encryption doesn't. Learn what each term actually guarantees, and where AI processing quietly

Crypto-Shredding: Deleting the Key Instead of the Data

Crypto-Shredding: Deleting the Key Instead of the Data

Crypto-shredding deletes data by destroying its encryption key, not the ciphertext—how it works, where it fails, and why regulators accept it.

Persona as a Security Layer: Making an AI Resist Prompt Injection

Persona as a Security Layer: Making an AI Resist Prompt Injection

We hardened an AI persona against prompt injection, tested it across frontier models, and measured why it helps but can't stand alone as defense.

Prompt Injection Is a Real Attack Surface, Not a Demo

Prompt Injection Is a Real Attack Surface, Not a Demo

Prompt injection is now a tracked CVE class and OWASP's top LLM risk—not a demo joke. Here's what changed and what actually reduces exposure.

When AI Memory Corrupts Itself: The Self-Poisoning Summary Bug

When AI Memory Corrupts Itself: The Self-Poisoning Summary Bug

AI systems that summarize their own memory can silently corrupt it—research shows compaction can spike safety violations to 30–59%, with no attacker required.