Man, I am so glad I moved all my stuff to a local gitea instance. Microsoft really is the king of enshittification.
This is exactly why AI agents should have the least privilege possible. Convenience is great until it starts exposing things nobody intended.
You should never ever under any circumstances give an LLM access to any private information you wouldn’t want leaked to the general public.
I don’t care what promises the company behind the LLM makes, just don’t do it.
This sounds really bad for companies that have their repos on GitHub?
They should probably fix that before they get hit with lawsuits after a large scale leak of proprietary code.
What is there to fix? You can’t defeat these conversational exploits because this is what LLMs are. They’re statistical word predictors, they must, by their design parameters, be able to accommodate anything the user says because that’s how conversations work. Eventually, no matter the prompt fixing you do, the user will eventually be able to storytell their way into getting the bot to do what they want.
Well fix as in, don’t give the LLM access to private repos in the first place.
But that would require Microsoft to admit that they were wrong



