Remix.run Logo
johnathan101 8 hours ago

Regardless of whether this specific claim is true, enterprises are becoming much more cautious about developer tools that can read large portions of proprietary codebases.

soraminazuki 7 hours ago | parent | next [-]

It's insane that it's becoming a concern now. It should've ended the discussion from the very beginning.

yurish 7 hours ago | parent | next [-]

Enterprises host their entire infrastructure on US-base clouds. And for many, it still is not a problem.

soraminazuki 3 hours ago | parent [-]

The recklessness of coding agents having access to work laptops and exfiltrating data with barely any restrictions is on a whole new level.

vitally3643 3 hours ago | parent | prev | next [-]

I mean, we all also still do manufacturing in China with a 100% guarantee that your widget will be copied and cloned. It's so much cheaper though....

dan_i 7 hours ago | parent | prev [-]

[dead]

pmontra 5 hours ago | parent | prev | next [-]

After they uploaded their code to private repositories on GitHub, Bitbucket etc since forever?. They trust GitHub not to read their code but they don't trust an AI from Microsoft not to read it? It would be schizophrenia

sofixa 22 minutes ago | parent | next [-]

That's why self-hosted GitLab is so popular in Europe.

CardenB 3 hours ago | parent | prev [-]

Big customers usually use GHE served on prem due to security concerns, no?

sofixa 5 minutes ago | parent | next [-]

No, they run GitLab because GitHub Enterprise is a horrible thing nobody has ever said a good thing about.

GitLab even has a free self-hosted version, and it has a number of advantages (like being able to actually have a structure with inherited secrets and accesses, and no, GitHub Organisations do not count and suck). And for years thanks to GitLab-CI it was clearly ahead.

pmontra an hour ago | parent | prev [-]

I really have no idea. I work only with small or at most medium sized companies. All of them put their code on a git server they don't own. All of them are concerned about AI companies looking at their code. They hope that at least they won't train their models with their code if they pay.

I think that the reasoning is: they trust the git company (whatever it is) not to sell their code. They are worried that their code goes into a model and somebody else could ask the model "write a service like XYZ" and it will regurgitate their code.

HarHarVeryFunny 2 hours ago | parent | prev | next [-]

If you're using a coding agent then obviously you need to either serve the model yourself or trust whoever you are sending your data to.

In terms of WHAT you need to be concerned about, it seems it goes far beyond code, and far beyond having to trust your model provider.

A coding agent with access to a bash tool is going to have access to anything that a human with a bash prompt would, and even if you try to provide a nailed down sandbox environment for the agent, you still need to be concerned about things like unencrypted passwords and keys that it may be able to find "laying around" in code or databases/etc it has access to.

I'm surprised there haven't yet been more widely disseminated stories about coding agents and claw-bots wreaking havoc.

segmondy 3 hours ago | parent | prev | next [-]

A bit too late for that, most of them have already dumped most of their codebase and IP into cloud models.

saidnooneever 8 hours ago | parent | prev | next [-]

not to mention they are kind of capable of executing code and susceptible to injections which also amounts to being practically backdoors if youre not super careful about how u use the tooling

llm_nerd 8 hours ago | parent | prev | next [-]

Becoming? We've moved entirely in the opposite direction.

When these tools first appeared the overwhelming conversation was about the risk of letting a remote tool siphon your code and intellectual property (where eventually they're going to add that to their training). Now everyone is using them, and that fear seems to have dissolved. Every corporation is sprinkled with Claude Code, Antigravity, Copilot, Codex, and so on. Even the long fear-mongered Chinese providers are being heavily used in many spaces.

In this case this is a PR battle between two firms, and it isn't much more. And Alibaba isn't worried about the "proprietary code" (the truth is that there is incredibly little interest in most orgs code), but that the tool is a backdoor, or at least that is the claim.

DanielHB 7 hours ago | parent | next [-]

> there is incredibly little interest in most orgs code

I think from a commercial perspective yes, but access to source code is very good for finding exploits which could be very valuable for governments. I could also see a future where companies are directly cyber-attacking competitors in hostile markets too...

otabdeveloper4 7 hours ago | parent | prev [-]

> and that fear seems to have dissolved

Until the first big incident, yes.

spwa4 8 hours ago | parent | prev [-]

Wasn't one of the big promises the AI labs made "uncopyrighting"? Ie. the ability to reconstruct large works, including source code, without actual access to the source code? Everything from movies to operating systems.

xpct 5 hours ago | parent | next [-]

Interesting, I haven't heard this claim before. I suppose that claim made sense if their customers were big corporations, not so much when its the masses generating bootleg software copies.

mannanj an hour ago | parent | prev | next [-]

I remember hearing something about this. Reminds me of the many lies that political candidates make to garner interest and approval. Except who's holding them accountable - like there's not even a list anywhere tracking these lies.

silon42 7 hours ago | parent | prev [-]

Cleverly compressing and decompressing doesn't de-copyright it. ... and if it's not the same who'd trust it.