zlacker

[parent] [thread] 3 comments
1. hobs+(OP)[view] [source] 2026-01-19 03:58:41
Putting your secrets in any logs is how you get those secrets accidentally or purposefully read by someone you do not want to read it, it doesn't have to be the initial corp, they just need to have bad security or data management for it to leak online or have someone with a lower level of access pivot via logs.

Now multiply that by every SaaS provider you give your plain text credentials in.

replies(1): >>keepam+BB
2. keepam+BB[view] [source] 2026-01-19 10:22:44
>>hobs+(OP)
Right, but the multiply step is not AI specific. Let's focus here: AI providers farming out their convos to 3rd-parties? Unlikely, but if it happens, it's totally their bad.

I really don't think this is a thing.

replies(1): >>hobs+Xo1
◧◩
3. hobs+Xo1[view] [source] [discussion] 2026-01-19 15:50:05
>>keepam+BB
Right, but this is still a hygiene issue, if you are skipping washing your hands after using the bathroom because its unlikely that the bathroom attendants didn't clean it up you are going to have a bad time.
replies(1): >>keepam+Qh4
◧◩◪
4. keepam+Qh4[view] [source] [discussion] 2026-01-20 13:02:49
>>hobs+Xo1
There's something to that, but I don't think in reality it's a thing: you don't do surgery in the public bathroom. The keys to the kingdom secrets? Of course not. Everything else? That's why we have scoped, short-lived tokens.

I just think this whole thing is overblown.

If there's a risk in any situation it's similar, probably less, than running any library you installed of a registry for your code. And I think that's a good comparison: supply chain is more important than AI chain.

You can consider AI-agents to be like the fancy bathrooms in a high end hotel, whereas all that code you're putting on your computer? That's the grimy public lavatory lol.

[go to top]