That's still not any better.

If the LLM can run any code it writes itself, it can retrieve those credentials. It's just one `curl` away. If you don't let it run `curl`, but you let it run `python`, it can just run a Python script that fetches it using `requests`. Or a Node script that calls `fetch`.

Point is, if creds are accessible programmatically, the LLM can and may try to retrieve them if it thinks it needs them.

▲

epistasis 21 days ago | parent [-]

Aws credentials are short lived precisely so that leaking them has a time limited blast radius.

Automatic retrieval, instead of keeping them on disk, is what makes short lived credentials possible.

	▲	Sohcahtoa82 21 days ago \| parent [-]
		I'm not convinced that time-limiting the blast radius matters. It just means that malicious use of the credentials has to be automated, and that's a pretty damn low bar.