Comment by Gigachad
10 hours ago
This isn’t a normal software bug, it’s not fixable in the same way you can’t fix regular support staff from being tricked.
The answer is you should not allow LLMs access to untrusted input and sensitive data at the same time.
Your second paragraph directly contradicts the first.
Since you cannot fix information leakage from LLMs, you must remove the information so that it cannot be leaked. There is no contradiction there.
Exactly. The system should run in a forcibly limited scope of the current repo only or add permissions for scope to include other org/user repos.
It can't leak a private repo if it can't open it to begin with.
Right, that's the fix. So saying that it's not fixable is incorrect.
6 replies →
There is a major contradiction depending on the definition of “support staff” and the role of the llm in the system which may need access to sensitive data or systems to perform its functions.
The point is that Github can’t fix it. It’s the user’s responsibility to not grant access to accounts that shouldn’t have access to the resources in question.