What Leaves Your Workstation When You Use an LLM Coding CLI

Sat, 11 Apr 2026 18:10:00 +0000

TL;DR#

I put five LLM coding CLIs through a transparent TLS-intercepting proxy for about three and a half hours in a lab environment and captured every HTTP(S) transaction they made. The tools were Claude Code, GitHub Copilot CLI, Cursor CLI, OpenAI Codex CLI, and Opencode CLI. The capture ran on an Apple Silicon MacBook (darwin/arm64) on 2026-04-11 and produced 302 transactions across 18 hosts.

A few things stood out:

Ollama-Forge for Security Research: Local Models, Refusal Ablation, and Reproducible Pipelines

Mon, 16 Feb 2026 12:00:00 +0000

Introduction#

Security work often involves prompts and data you cannot send to commercial APIs: malware descriptions, exploit drafts, jailbreak and prompt-injection tests, or sensitive internal docs. Running models locally gives you control and keeps that data on your machine. ollama-forge is a CLI (PyPI · GitHub) that makes it straightforward to fetch open-weight models, convert them to Ollama, remove refusal behavior when you need it for defensive or red-team research, run security evals (e.g. ASR, refusal rate) against your local model, and lock down exact setups for reproducibility.

AI Tool Security on SPERIXLABS

What Leaves Your Workstation When You Use an LLM Coding CLI

TL;DR#

Ollama-Forge for Security Research: Local Models, Refusal Ablation, and Reproducible Pipelines

Introduction#