Comment by seanhunter
1 day ago
In any enterprise, normal would be to have monitoring on all ingress and egress points from the network and on devices themselves. You can't only have monitoring on managed devices because someone might BYOD and plug in an unmanaged device/connect it to internal wifi etc.
You bring in vendors and they need guest wifi to give you a demo, you need to be able to give them something to connect to but you don't want that pipe to be unmonitored.
What I'm really asking/wondering is how (and who or which party) figured out that this was leaked, and secondly how that propagated to the public. I don't really expect to find that answer. But if I had to guess OpenAI found out first, because employees there are more likely to leak the fact that the leak happened.
But also, how was it caught in the first place? Was it automatically flagged because content scanners automatically identified this as a concern, or was his account specially flagged for extra monitoring because of who he is?
it says "according to four Department of Homeland Security officials with knowledge of the incident." and "according to the four officials, each of whom was granted anonymity for fear of retribution." .. so It seems to be an internal lead.
as the post above says.. on managed devices, there can be an enforced vpn, that monitors all traffic coming and going, and while its at it, strip out the encryption and look inside the packets, and apply heuristics like .. what is the host domain, is it from a known LLM site.. and is its a POST message sending data, and then does the text of that data have a string matching "INTERNAL USE ONLY". I assume something like this.