Comment by LoganDark
16 hours ago
Since you cannot fix information leakage from LLMs, you must remove the information so that it cannot be leaked. There is no contradiction there.
16 hours ago
Since you cannot fix information leakage from LLMs, you must remove the information so that it cannot be leaked. There is no contradiction there.
Right, that's the fix. So saying that it's not fixable is incorrect.
The LLM is not fixable. Deleting the LLM or crippling it to the point of being useless isn't fixing the bug.
Why not?
If Ford puts a button in their car which blows it up when you press it, removing the button fixes the issue. If your LLM implementation is fundamentally insecure, you'll have a giant gaping security hole until you remove your LLM implementation.
The alternative is arguing that having the LLM is worth routinely leaking all your code and secrets and occasionally giving complete strangers full access over your repos. Somehow, I think that's going to be a hard sell.
1 reply →
This is some very weirdly loaded language for a discussion about security. Applying the same RBAC controls that should be restricting all human requests in a system is not "crippling ... to the point of being useless." There isn't a world where granting a layer of the stack the ability to bypass hardcoded security limitations is a value add.
It’s not fixable by GitHub, which is what the original comment was asking about.
There is a major contradiction depending on the definition of “support staff” and the role of the llm in the system which may need access to sensitive data or systems to perform its functions.
Exactly. The system should run in a forcibly limited scope of the current repo only or add permissions for scope to include other org/user repos.
It can't leak a private repo if it can't open it to begin with.