We kept leaking PII into test data. Here’s what actually fixed it.

We accidentally committed real user emails into test fixtures. More than once. Not because we didn’t know better—but because the system allowed it. Why this keeps happening If you’re working with real data pipelines, this is pretty easy to fall into: someone copies production data “just for testing” CSV fixtures get reused across environments test data slowly drifts toward real data over time everyone assumes someone else cleaned it Nothing malicious—just normal workflow shortcuts. What didn’t work We tried the obvious things: manual review “be careful” reminders catching it in PR comments None of that held up. If it makes it into a PR, it’s already too late. What actually worked We stopped treating this as a review problem and started treating it as a build-time failure. Specifically: scan for high-risk patterns (emails, tokens, etc.) fail CI on detection require explicit override if someone really needs to push Once it breaks the build, people fix it immediately. The bigger issue The