| ▲ | forgotaccount3 3 hours ago | |
Sure, some do. But also... I use Kiro. I open a terminal into a folder where my repo is. I run kiro-cli. I don't know if it has access to the credentials file in my .aws directory. I know it prompts me for approval to use tools but that is a harness thing, does the mac itself prevent it from accessing the credential file? I use AI because it's useful and I follow the practices dictated by our AI adoption team but I don't know the nuance of everything about it and that makes it difficult to know when some case which is not explicitly covered by training might leak important information. | ||
| ▲ | epistasis 3 hours ago | parent [-] | |
One advantage of AWS is short-lived credentials (hopefully, as long as it's configured correctly!) So go ahead and dump your AWS SSO tokens to the LLM by accident, but it's going to take longer than a day to train a new model and ship it out to the world. Also, I think kiro only uses AWS Bedrock, IIRC, so no training data goes back to the LLM manufacturers? At least I would hope so. Database passwords, API keys to services with arduous rotation procedures, that's where the real exploits will come from in coming months, I think. | ||