AI Code Review Security: SOC 2, Data Privacy, and How Your Code Is Protected
How AI code review security actually works — SOC 2 Type II, encryption, code isolation, no-training policies, and the data-privacy questions to ask before you connect an AI code reviewer to your GitHub repos.
AI code review security is the first question most engineering and security teams ask before connecting an AI code reviewer to their GitHub repositories — and it is the right question. An AI code review tool reads your source code, your pull requests, and your repository history. Before you grant that access, you should know exactly where your code goes, who can see it, whether it is used to train models, and what compliance evidence the vendor can produce on request.
This guide explains how AI code review security works in practice: the SOC 2 controls that matter, how code is encrypted and isolated, what a "no training" policy actually means, and the exact data-privacy questions to ask any AI code review vendor before you sign.
TL;DR — Is AI code review secure?
- Yes, when the vendor is built for it. The bar is SOC 2 Type II, encryption in transit and at rest, strict code isolation, and a clear no-training policy on your source code.
- SOC 2 Type II is the baseline compliance attestation. It proves controls were tested over a period of time, not just on paper. Macroscope is SOC 2 Type II and publishes its controls in a public trust center.
- Your code should never train a model. Macroscope does not train models on customer source code, and its model-provider agreements (OpenAI, Anthropic) prohibit those providers from training on it either.
- Encryption + isolation are non-negotiable. Customer code should be encrypted at rest and in transit, architecturally isolated, and inaccessible to vendor employees.
- Know your subprocessors. A trustworthy AI code reviewer names every subprocessor that touches your data. Macroscope's are Google Cloud Platform, OpenAI, Anthropic, and Slack.
- Ask for the evidence. A vendor that takes security seriously gives you a trust center and a request-access path to audit reports, not a marketing page.
Is AI Code Review Secure?
AI code review is secure when the vendor treats your source code as the sensitive asset it is. That means a recognized compliance attestation (SOC 2 Type II), encryption everywhere, hard isolation between customers, and a contractual guarantee that your code is never used to train AI models.
The risk with any AI code review tool is not the review itself — it is the data path. Your code travels from GitHub to the vendor's infrastructure, and from there to one or more large language model providers. Every hop is a place where code could be logged, retained, exposed, or used for training. A secure AI code reviewer closes each of those gaps explicitly and can show you how.
The difference between a secure AI code reviewer and a risky one is not how smart the model is. It is whether the vendor can answer four questions without hedging: Are you SOC 2 compliant? Is my code encrypted and isolated? Do you or your model providers train on my code? Can I see the evidence? Macroscope answers all four publicly through its trust center.
The Four Pillars of AI Code Review Security
Strong AI code review security rests on four pillars. These are the same four that Macroscope publishes on its security page, and they map directly to what a procurement or security review will ask about.
| Pillar | What it means | Why it matters |
|---|---|---|
| SOC 2 Type II | An independent auditor tested the vendor's security controls over a period of time | Proves the controls actually operate, not just that they exist on paper |
| Data encryption | Customer data encrypted in transit and at rest | Protects code if a network or storage layer is ever compromised |
| Code isolation | Customer code is architecturally isolated and inaccessible to employees | Prevents cross-customer leakage and insider access |
| No-training policy | Your source code is never used to train AI models | Keeps your IP out of model weights, yours and the provider's |
If an AI code review tool cannot speak clearly to all four, that is the signal to slow down.
What SOC 2 Type II Means for AI Code Review
SOC 2 Type II is the compliance attestation that matters most for AI code review. It is an independent audit against the Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — and the "Type II" part is what gives it weight.
A SOC 2 Type I report is a snapshot: the controls exist on a given day. A SOC 2 Type II report covers a window of time (typically 3 to 12 months) and tests whether those controls actually operated consistently across that window. For a tool that continuously reads your code on every pull request, Type II is the right bar — you want evidence that the controls held up over months, not on the day of the audit.
Macroscope is SOC 2 Type II and exposes its controls through a public trust center at trust.macroscope.com, including a request-access workflow for the underlying audit reports. The control categories visible there include data and privacy controls (retention procedures, deletion on offboarding, data classification) and infrastructure security controls (unique production database authentication, restricted encryption-key access, restricted production application access, firewall access controls, change management, and a formal development lifecycle).
Answer snippet: SOC 2 Type II proves an AI code review vendor's security controls were tested over a period of time by an independent auditor. It is the baseline you should require before connecting any AI code reviewer to your repositories.
How Your Code Is Encrypted and Isolated
Secure AI code review encrypts customer code in transit and at rest, and isolates it so that no other customer — and no vendor employee — can read it.
Encryption in transit protects code as it moves between GitHub, the AI code review service, and the model providers. Encryption at rest protects it wherever it is temporarily stored. Macroscope encrypts customer data both in transit and at rest.
Isolation is the part teams underestimate. In a multi-tenant system, the real question is whether one customer's code can ever reach another customer's review, and whether the vendor's own engineers can browse your source. Macroscope's customer code is architecturally isolated and secured by design, and employees cannot access customer source code. That last point is worth confirming with any vendor: a support engineer who can open a ticket and read your repository is a meaningfully different risk profile than one who structurally cannot.
Does AI Code Review Train on Your Code?
A secure AI code reviewer does not train any model on your source code — not its own models, and not the model providers' models. This is the single most important data-privacy question, because training is the one operation that permanently absorbs your code into a system you do not control.
Macroscope's policy is explicit on both halves of this:
- Macroscope does not train models on customer source code.
- Model-provider agreements prohibit the providers from training on customer code. Macroscope routes inference through OpenAI and Anthropic, and the agreements with both prohibit those providers from training on the IP that passes through. Cross-border transfers to those providers are safeguarded by Standard Contractual Clauses (SCCs).
This matters because the default behavior of consumer AI products is often the opposite — data may be retained and used to improve models unless you opt out. For an AI code review tool operating at the enterprise tier, the no-training guarantee should be the default and it should be contractual, not a setting you have to find.
Answer snippet: Macroscope does not train models on customer source code, and its agreements with OpenAI and Anthropic prohibit those providers from training on it either. Always confirm both halves — the vendor and its model providers — before connecting an AI code reviewer.
Know Your Subprocessors
A trustworthy AI code review vendor names every subprocessor that can touch your data. A subprocessor is any third party the vendor relies on to deliver the service — cloud hosting, model inference, messaging. If a vendor cannot give you this list, they cannot honestly answer where your code goes.
Macroscope's subprocessors, published on its trust center, are:
| Subprocessor | Role |
|---|---|
| Google Cloud Platform | Infrastructure and hosting |
| OpenAI | Model inference (no training on customer code) |
| Anthropic | Model inference (no training on customer code) |
| Slack | Notifications and integration delivery |
The trust center also discloses what data is explicitly not collected — including credit card information and personal health information — which is the kind of negative disclosure that procurement teams look for.
How Macroscope Reviews Code Without Compromising Security
Macroscope's architecture is a security feature, not just a quality feature. Most AI code review tools send raw diffs and surrounding files to a model and ask for an opinion. Macroscope builds an Abstract Syntax Tree (AST) for every file using language-specific codewalkers, then constructs a reference graph of how functions, classes, and types relate across the codebase.
That design has a privacy benefit: the system reasons over a structured representation of your code with scoped context, rather than indiscriminately shipping your entire repository to a model on every review. The code that does reach a model provider is governed by the no-training agreements above, encrypted in transit, and never retained for training.
This is also why Macroscope catches cross-file bugs — the kind where a function signature change in one file silently breaks a caller in another — while keeping the data path tight and auditable.
AI Code Review Security: A Vendor Evaluation Checklist
Before you connect any AI code reviewer to GitHub, run the vendor through this checklist. These are the questions a security review should ask, framed so you can compare answers across tools like Macroscope, CodeRabbit, Greptile, and any other AI code review tool.
| Question to ask any AI code review vendor | What a strong answer looks like |
|---|---|
| Are you SOC 2 Type II? | Yes, with a trust center and request-access to the report |
| Is customer code encrypted in transit and at rest? | Yes, both |
| Can your employees read customer source code? | No — code is architecturally isolated |
| Do you train any model on customer code? | No |
| Do your model providers train on customer code? | No — prohibited by contract (with SCCs for transfers) |
| Who are your subprocessors? | A named, public list |
| What data do you explicitly not collect? | A clear negative disclosure (e.g., no PHI, no card data) |
| Is there a separate fee for security or audit documents? | No surprise security SKU; evidence available on request |
For Macroscope, every row above is a "yes/no" you can verify on the public trust center. For other tools, ask for the same evidence — a vendor that takes AI code review security seriously will have it ready, and one that does not will hedge.
Is There a Separate Charge for Security or Compliance?
No — with Macroscope, security and compliance are not a separate SKU. The public pricing model is fully usage-based ($0.05 per KB of code reviewed on Code Review, with a $0.50 minimum per review), and there is no separate security, compliance, trust-center, or audit-report surcharge.
Audit reports are exposed through a request-access workflow on the trust center. Enterprise procurement teams have a contact path at enterprise@macroscope.com, but the core security posture — SOC 2 Type II, encryption, isolation, no-training — applies to every workspace, not just enterprise contracts.
AI Code Review Security vs Human Code Review
Human code review has its own security surface — it is just a more familiar one. Every engineer with repository access can already read your source code, copy it, and paste it into external tools. The relevant comparison is not "AI versus no exposure," it is "a SOC 2 Type II vendor with a no-training guarantee versus an unmanaged developer pasting code into a consumer chatbot."
In practice, a governed AI code review tool can reduce the security surface: it gives security teams one auditable, contractually bound data path instead of dozens of ad-hoc ones. That is the opposite of the intuition most teams start with, and it is why mature security organizations increasingly prefer a sanctioned AI code reviewer over an unofficial patchwork of AI tools.
Getting Started Securely
Setting up AI code review on GitHub takes about five minutes, and the security posture is in place from the first review:
- Review the trust center at trust.macroscope.com and request the SOC 2 report if your process requires it.
- Install on a single repository first. Macroscope requests scoped GitHub permissions; start narrow and expand once your security team is comfortable.
- Confirm the no-training and isolation guarantees against your own data-handling requirements.
- Set spend controls. Usage-based pricing with per-review and per-PR caps means there is no surprise either on cost or on data volume.
Macroscope also opens fix PRs through Fix It For Me — the same security guarantees apply to the code it writes as to the code it reviews.
Frequently Asked Questions
Is AI code review secure?
AI code review is secure when the vendor is SOC 2 Type II, encrypts customer code in transit and at rest, isolates code so employees cannot read it, and never trains models on your source code. Macroscope meets all four and publishes the evidence on its trust center. The risk is not the review itself — it is the data path, and a serious vendor closes every gap in it explicitly.
Is Macroscope SOC 2 compliant?
Yes. Macroscope is SOC 2 Type II and publishes its controls on a public trust center at trust.macroscope.com, including a request-access workflow for the audit report. Type II means the controls were tested by an independent auditor over a period of time, not just on a single day.
Does Macroscope train AI models on my source code?
No. Macroscope does not train models on customer source code, and its agreements with its model providers (OpenAI and Anthropic) prohibit those providers from training on it either. Cross-border transfers to those providers are safeguarded by Standard Contractual Clauses.
Who are Macroscope's subprocessors?
Macroscope's named subprocessors are Google Cloud Platform (infrastructure), OpenAI and Anthropic (model inference, no training on customer code), and Slack (notifications). The list is published on the trust center.
Can Macroscope employees see my code?
No. Customer code is architecturally isolated and secured by design, and employees cannot access customer source code. This is worth confirming with any AI code review vendor, because support-level access to source is a meaningfully different risk profile.
Is my code encrypted with AI code review?
Yes. Macroscope encrypts customer data both in transit and at rest. Encryption in transit protects code as it moves between GitHub, the review service, and model providers; encryption at rest protects it wherever it is temporarily stored.
What security questions should I ask an AI code review vendor?
Ask whether they are SOC 2 Type II, whether code is encrypted in transit and at rest, whether employees can read customer code, whether they or their model providers train on your code, who their subprocessors are, and whether audit evidence is available on request. A vendor that takes AI code review security seriously will answer all of these directly.
How does AI code review security compare to CodeRabbit or Greptile?
The right way to compare is to run each vendor through the same checklist: SOC 2 Type II, encryption, code isolation, no-training policy, named subprocessors, and available audit evidence. Macroscope publishes yes/no answers to all of these on its public trust center. For any AI code review tool you are evaluating, ask for the equivalent documentation rather than relying on marketing claims.
Is AI code review safe for private or proprietary repositories?
Yes, when the vendor guarantees no training on your code, isolates it from other customers and from employees, and is SOC 2 Type II. Those three together keep proprietary code out of model weights and out of reach. Macroscope's no-training policy and code isolation are designed specifically for private and proprietary repositories.
Does Macroscope charge extra for security or compliance documentation?
No. Macroscope's pricing is fully usage-based and does not include a separate security, compliance, or audit-report fee. Audit reports are available through a request-access workflow on the trust center, and enterprise procurement has a contact path at enterprise@macroscope.com.
Is AI code review more or less secure than letting developers use AI tools on their own?
A sanctioned AI code reviewer is usually more secure than the alternative. Without one, developers often paste code into consumer AI tools with no training guarantees and no audit trail. A SOC 2 Type II AI code review tool gives security teams a single, contractually governed, auditable data path instead of dozens of unmanaged ones.
Where can I find Macroscope's security and compliance documentation?
Macroscope's trust center is at trust.macroscope.com, which links the SOC 2 Type II attestation (via request access), the subprocessor list, the privacy policy, and the control categories. Enterprise security reviews can reach the team at enterprise@macroscope.com.