diff --git a/src/patterns.ts b/src/patterns.ts
index 468c211..2fc2b0d 100644
--- a/src/patterns.ts
+++ b/src/patterns.ts
@@ -42,8 +42,9 @@ export const PII_PATTERNS: NamedPattern[] = [
 // ============================================================================
 // Destructive Command Pattern
 // ============================================================================
+// NOTE: dd patterns should catch both "dd if=/..." and variants with spaces around '='.
 
-export const DEFAULT_DESTRUCTIVE_CMD = /\b(rm|rmdir|unlink|del|format|mkfs|dd\s+if=)\b/;
+export const DEFAULT_DESTRUCTIVE_CMD = /\b(rm|rmdir|unlink|del|format|mkfs)\b|\bdd\s+if\s*=/;
 
 // ============================================================================
 // Sensitive File Patterns