Remix.run Logo
freakynit 3 hours ago

"It uploads the whole repository — every tracked file's content plus git history — independent of what the agent reads"

Holy cow!!!! I mean I kinda expected Elon would do something like this to try to catch-up.. but this is extremely concerning.

This is precisely the reason, even though their pricing is competitive and grok-4.5 is actually good enough, I chose not to go with them.

faangguyindia 3 hours ago | parent | next [-]

Does OpenAI also have access to all github repos via partnership with microsoft?

taywrobel an hour ago | parent | next [-]

GitHub Copilot engineer here working on identity, safety, and privacy - no, even Microsoft doesn’t have access to all GitHub repos.

As years have passed since the acquisition “company” delineations have blurred a bit, but Microsoft employees still need to go through a separate onboarding process to access any GitHub company resources (internal repositories, telemetry, documentation, etc.), and then we have an additional layer of entitlements to gate and audit access to any sensitive data, including user data.

Very few employees within GitHub proper even have access to view private repositories, and in the rare cases where that’s done for legal or safety reasons the repository owner is notified.

There are currently no OpenAI employees with access to GitHub systems, so there’s about 4 layers of protection in place to prevent private repositories access. We do genuinely take user data protection and privacy seriously.

agustechbro 2 minutes ago | parent | next [-]

Can you prove what you are saying, you have to, if not, you are talking to us like we are idiots.

anonymousiam 33 minutes ago | parent | prev [-]

How do you define "access" here? Microsoft has demonstrated that it can delete any GitHub repo at will. Maybe there's some shell entity between corporate "Microsoft" and "GitHub" that's doing the dirty deeds without attribution...

taywrobel 24 minutes ago | parent [-]

Access meaning read, modify, delete, etc. Pretty standard definition, unless you know of a different meaning of access I’m not privy to.

Microsoft can certainly request that we perform actions against repositories, as can governments, customers, random people on the street, etc. Whether action is taken in those cases is a question for lawyers to fight over, but we have the engineering guardrails in place to require it to be an intentional, audited action.

I appreciate the spicy question tho, even if misguided!

jpollock 2 hours ago | parent | prev | next [-]

It would be _extremely_ surprising if private repos were available via that contract. Corporations wouldn't use GitHub at all if anyone other than those given direct access had read/copy permission.

processunknown 2 hours ago | parent | next [-]

It wouldnt be _that_ surprising since they committed widespread copyright violations building the models, plus the recent Apple IP theft...

t_gamer_kle 2 hours ago | parent | prev | next [-]

They were caught stealing Apple trade secrets, dude. Nothing is beneath them.

tyre 2 hours ago | parent [-]

Nothing is beneath Altman, maybe, but Satya isn’t that dumb. MSFT cares about OAI but giving access to private data and trade secrets voluntarily would be catastrophic for them.

Doesn’t feel like the type of mistake Satya would make.

theplumber 33 minutes ago | parent [-]

The AI systems ingest tons of copyrighted data and that is stealing/theft(or so we peasants were told). It’s not like they don’t know they are doing. It looks like MSFT doesnt care that much either.

gorgonian 2 hours ago | parent | prev [-]

I could see there being different rules for enterprise accounts.

culi 2 hours ago | parent | prev | next [-]

Absolutely not. That would be an absurd violation. If you have Copilot enabled then they can use your interaction data for training but you can turn that off as well

an hour ago | parent | prev [-]
[deleted]
ashishb 2 hours ago | parent | prev [-]

There is a reason I run all such CLIs inside a sandbox [1] giving limited directory access.

Imagine if the CLI pulled your SSH keys or other sensitive information by mistake?

Programmers do make such mistakes all the time. I don't want to count on whether "uploading all files it can access" is intentional or a mistake.

1 - https://github.com/ashishb/amazing-sandbox

exitb an hour ago | parent | next [-]

What’s described here isn’t connected to the agentic/AI nature of the software at all. Every single program you run as a regular user could potentially do this.

ashishb 40 minutes ago | parent [-]

And I run most of them inside sandbox now.

Why would you let a markdown linter access your ssh keys?

beepbooptheory 2 hours ago | parent | prev [-]

But in this particular case isn't the problem that it's sending everything in the sandbox? Rather than what it might do in an otherwise un-sandboxed system?