zlacker

Earlier this year I thought that rare proprietary knowledge and IP was a safe haven from AI, since LLMs can only scrub public data.

Then it dawned on me how many companies are deeply integrating Copilot into their everyday workflows. It's the perfect Trojan Horse.

>>Oarch+(OP)
Using an LLM on data does not ingest that data into the training corpus. LLMs don’t “learn” from the information they operate on, contrary to what a lot of people assume.

None of the mainstream paid services ingest operating data into their training sets. You will find a lot of conspiracy theories claiming that companies are saying one thing but secretly stealing your data, of course.

>>Aurorn+M
If they weren't, then why would enterprise level subscriptions include specific terms stating that they don't train on user provided data? There's no reason to believe that they don't, and if they don't now then there's no reason to believe that they won't later whenever it suits them.

>>Aurorn+M
> LLMs don’t “learn” from the information they operate on, contrary to what a lot of people assume.

Nothing is really preventing this though. AI companies have already proven they will ignore copyright and any other legal nuisance so they can train models.

>>Oarch+(OP)
providers' ToS explicitly states whether or not any data provided is used for training purposes. the usual that i've seen is that while they retain the right to use the data on free tiers, it's almost never the case for paid tiers

>>Aurorn+M
They are not directly ingesting the data into their trainning sets but they are in most cases collecting it and will be using it to train future models.

>>Aurorn+M
> You will find a lot of conspiracy theories claiming that companies are saying one thing but secretly stealing your data, of course.

It's not really a conspiracy when we have multiple examples of high profile companies doing exactly this. And it keeps happening. Granted I'm unaware of cases of this occuring currently with professional AI services but it's basic security 101 that you should never let anything even have the remote opportunity to ingest data unless you don't care about the data.

>>lepton+61
They're already using synthetic data generated by LLMs to further train LLMs. Of course they will not hesitate to feed "anonymized" data generated by user interactions. Who's going to stop them? Or even prove that it's happening. These companies have already been allowed to violate copyright and privacy on a historic global scale.

>>findja+j1
I wonder how much wiggle there is for collect now (to provide service, context history, etc), then later anonymise (some how, to some level) and then train on it?

Also I wonder if the ToS covers "queries & interaction" vs "uploaded data" - I could imagine some tricky language in there that says we wont use your word document, but we may at some time use the queries you put against it, not as raw corpus but as a second layer examining what tools/workflows to expand/exploit.

>>lepton+61
How should they dinstinguish between real and fake data? It would be far to easy to pollute their models with nonesense.

>>findja+j1
Right, so totally cool to ignore the law but our TOS is a binding contract.

>>Oarch+(OP)
What kind of rare proprietary knowledge?

>>sotrus+Y1
Yes, they can be sued for breach of contract. And it’s not a regular ToS but a signed MSA and other legally binding documents.

>>lepton+61
I mean is it really ignoring copyright when copyright doesn't limit them in anyway on training?

>>Aurorn+M
Companies have already shifting from not using customer data to giving them an option to opt out ex:

“How can I control whether my data is used for model training?

If you are logged into Copilot with a Microsoft Account or other third-party authentication, you can control whether your conversations are used for training the generative AI models used in Copilot. Opting out will exclude your past, present, and future conversations from being used for training these AI models, unless you choose to opt back in. If you opt out, that change will be reflected throughout our systems within 30 days.” https://support.microsoft.com/en-us/topic/privacy-faq-for-mi...

At this point suggesting it has never and will her happen is wildly optimistic.

>>sotrus+Y1
Where are they ignoring the law?

>>Aurorn+M
Information about the way we interact with the data (RLHF) can be used to refine agent behaviour.

While this isn't used specifically for LLM training, it can involve aggregating insights from customer behaviour.

>>fzeror+y1
> never let anything even have the remote opportunity to ingest data unless you don't care about the data

This is objectively untrue? Giants swaths of enterprise software is based on establishing trust with approved vendors and systems.

>>mc32+z2
the license on my open source code is a contract, and they ignored that

if they can get away with it (say by claiming it's "fair use"), they'll ignore corporate ones too

>>fzeror+y1
To be pedantic, it is still a conspiracy, just no longer a theory.

>>protoc+S2
people that say this tend to have a misinterpretation of copyright, and use all the court cases brought by large rights holders as validation

despite all 3 branches of the government disagreeing with them over and over again

>>Oarch+(OP)
Even if they're were doing this (I highly doubt it) so much would be lost to distillation I'm not convinced there would be much that actually got in, apart from perhaps internal codenames or whatever which will be obvious.

>>Aurorn+M
maybe prompts are enough to infer the rest ?

>>Aurorn+M
Just read the ToS of the LLM products please

>>TheRoq+W5
This is so naive. The ToS permits paraphrasing of user conversations, by not excluding it, and then training on THAT. You’d never be able to definitively connected paraphrased data to yours, especially if they only train on paraphrased data that covers frequent, as opposed to rare, topics.

>>protoc+S2
https://www.reuters.com/business/environment/musks-xai-opera...

>>findja+j1
it is amazing in almost 2026 there is anyone believing this… amazing

>>Oarch+(OP)
Ironically (for you), copilot is the one provider that is doing a good job of provably NOT training on user data. The rest are not up to speed on that compliance angle, so many companies ban them (of course, people still use them).

>>Aurorn+M
Wrong, buddy.

Many of the top AI services use human feedback to continuously apply "reinforcement learning" after the initial deployment of a pre-trained model.

https://en.wikipedia.org/wiki/Reinforcement_learning_from_hu...

>>Retric+R2
An enterprise Copilot contract will have already decided this for the organization.

>>nerdpo+21
> then why would enterprise level subscriptions include specific terms stating that they don't train on user provided data?

What? That’s literally my point: Enterprise agreements aren’t training on the data of their enterprise customers like the parent commenter claimed.

>>fzeror+y1
> It's not really a conspiracy when we have multiple examples of high profile companies doing exactly this.

Do you have any citations or sources for this at all?

>>findja+j1
Given the conduct we've seen to date, I'd trust them to follow the letter - but not the spirit - of IP law.

There may very well be clever techniques that don't require directly training on the users' data. Perhaps generating a parallel paraphrased corpus as they serve user queries - one which they CAN train on legally.

The amount of value unlocked by stealing practically ~everyone's lunch makes me not want to put that past anyone who's capable of implementing such a technology.

>>popalc+n9
RLHF is a training step.

Inference (what happens when you use an LLM as a customer) is separate from training.

Inference and training are separate processes. Using an LLM doesn’t train it. That’s not what RLHF means.

>>lwhi+63
That’s a training step. It requires explicitly collecting the data and using it in the training process.

Merely using an LLM for inference does not train it on the prompts and data, as many incorrectly assume. There is a surprising lack of understanding of this separation even on technical forums like HN.

>>doctor+g6
Do it have a citation for this?

>>gaigal+s2
It could be a wide range of things depending on your field: highly particular materials, knowledge or processes that give your products or services a particular edge, and which a company has often incurred high R&D costs to discover.

Many businesses simply couldn't afford to operate without such an edge.

>>matt-p+J5
Well, perhaps this is naive of me from the perspective of not fully understanding the training process. However, at some point, with all available training data having been exhausted, gains with synthetic data exhausted, and a large pool of publicly available AI generated code, at what point is it 'smart' to scrape codebases from what you identify as high quality code based, clean it up to remove identifiers, and use that for training a smaller model?

>>lepton+61
> Nothing is really preventing this though

The enterprise user agreement is preventing this.

Suggesting that AI companies will uniquely ignore the law or contracts is conspiracy theory thinking.

>>phendr+h9
Do you have a source for this?

There are claims all through this thread that “AI companies” are probably doing bad things with enterprise customer data but nobody has provided a single source for the claim.

This has been a theme on HN. There was a thread a few weeks back where someone confidently claimed up and down the thread that Gemini’s terms of service allowed them to train on your company’s customer data, even though 30 seconds of searching leads to the exact docs that say otherwise. There is a lot of hearsay being spread as fact, but nobody actually linking to ToS or citing sections they’re talking about.

>>TheRoq+W5
I have. Have you? Can you quote the sections you’re talking about?

>>AuthAu+m1
Do you have any source for this at all?

>>Aurorn+ta
I am aware, I've trained my own models. You're being obtuse.

The big companies - take Midjourney, or OpenAI, for example - take the feedback that is generated by users, and then apply it as part of the RLHF pass on the next model release, which happens every few months. That's why they have the terms in their TOS that allow them to do that.

>>GCUMst+S1
“We don’t train on your data” doesn’t exclude metadata, training on derived datasets via some anonymisation process, etc.

There’s a range of ways to lie by omission, here, and the major players have established a reputation for being willing to take an expansive view of their legal rights.

>>Retric+R2
30 days to opt out? That's skeezy as fuck.

>>Aurorn+P9
That possibility in no way address the underlying concern here.

>>Aurorn+Ma
“Hey DoctorPangloss, how can we train on user data without training on user data?”

“You can use an LLM to paraphrase the incoming requests and save that. Never save the verbatim request. If they ask for all the request data we have, we tell them the truth, we don’t have it. If they ask for paraphrased data, we’d have no way of correlating it to their requests.”

“And what would you say, is this a 3 or a 5 or…”

Everything obvious happens. Look closely at the PII management agreements. Btw OpenAI won’t even sign them because they’re not sure if paraphrasing “counts.” Google will.

>>sotrus+d7
Thats an allegation. Doesnt an allegation need to be tested?

>>tick_t+G2
Tell that to all the people suing them for using their copyrighted work. In some cases the data was even pirated.

>>Aurorn+4b
It already happened.

"Meta Secretly Trained Its AI on a Notorious Piracy Database, Newly Unredacted Court Docs Reveal"

https://www.wired.com/story/new-documents-unredacted-meta-co...

They even admitted to using copyrighted material.

"‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says"

https://www.theguardian.com/technology/2024/jan/08/ai-tools-...

>>Archel+W1
I have no doubt that Microsoft has already classified the nature of my work and quality of my code. Of course it's probably "anonymized". But there's no doubt in my mind that they are watching everything you give them access to, make no mistake.

>>Aurorn+Xb
https://www.anthropic.com/news/updates-to-our-consumer-terms

"We will train new models using data from Free, Pro, and Max accounts when this setting is on (including when you use Claude Code from these accounts)."

>>blibbl+R3
If I were to go out on a limb, those companies spend more on tech companies than you and they have larger legal teams than you. That is a carrot and a stick for AI companies to follow the contract.

>>findja+j1
I bet companies are circumventing this in a way that allows them to derive almost all the benefit from your data, yet makes it very hard to build a case against them.

For example, in RL, you have a train set, and a test set, which the model never sees, but is used to validate it - why not put proprietary data in the test set?

I'm pretty sure 99% of ML engineers would say this would constitute training on your data, but this is an argument you could drag out in courts forever.

Or alternatively - it's easier to ask for forgiveness than permission.

I've recently had an apocalyptic vision, that one day we'll wake up, an find that AI companies have produced an AI copy of every piece of software in existence - AI Windows, AI Office, AI Photoshop etc.

>>lepton+Lw
Though the porn they copied was just for personal use, because clearly that's an important perk of being employed there:

https://www.vice.com/en/article/meta-says-the-2400-adult-mov...

>>Aurorn+Ia
That's definitely a fair point.

However, let's say I record human interactions with my app; for example when a user accepts or rejects an AI sythesised answer.

This data can be used by me, to influence the behaviour of an LLM via RAG or by altering application behaviour.

It's not going to change the weighting of the model, but it would influence its behaviour.

>>Aurorn+2c
Its stated in the private policy.

>>mulqui+25
To be pedantic, a theory that has been proven correct is still a theory, right?