Remix.run Logo
xnorswap 5 hours ago

HN Title is ( edit: was ) very misleading, it makes it sound like inference is being done directly on ciphertext, which would require homomorphic encryption well advanced of what is known.

embedding-shape 5 hours ago | parent | next [-]

It is not misleading, quite literally what's happening is that content the agent sends sub-agents is encrypted in such a way that only OpenAIs backend can decrypt it and actually see the clear-text. Just shared this is another comment that hopefully explains things better:

> Sure. "Traditionally", your agent would send a text prompt to the sub-agent, then it goes off doing it's work. In the logs/session data, the clear-text prompt would be there, so if I want to see what's happening, I just browse the data. It's all just clear-text prompts being sent everywhere, even when you were using the experimental "sub-agents" stuff in Codex, before Sol et al was available.

> Now, when using Sol or Terra (Luna seems unaffected), instead of the agent sending clear-text prompt to the sub-agent, it sends a ciphertext generated on OpenAIs backend, which ends up being the prompt, then agent sends this ciphertext to the sub-agent, which then continues to use that for further inference to OpenAIs backend. Only delegated inter-agent messages are encrypted, not all session data. Now if you browse the data, it's all encrypted content, that can only be decrypted by OpenAI and their backend.

Edit: Re-reading, I think I understand what you mean to be misleading. You're taking "uses ciphertext for inference" quite literally, while I couldn't fit a more nuanced version within the HN title constraints. Yes, the inference at OpenAI obviously doesn't happen over the ciphertext, but from the perspective of the local user, you don't see the clear-text prompt at all, only the ciphertext.

But, please suggest alternative titles that sufficiently explain what the issue is and is more accurate, I'm sure the mods can change it once people come up with better alternatives :)

Edit2: I've updated the title from "Codex starts encrypting prompts, uses ciphertext for inference instead" to "Codex starts encrypting sub-agent prompts", hopefully it's clearer now!

ebiederm 5 hours ago | parent | next [-]

I would change

"Codex starts encrypting prompts, uses ciphertext for inference instead"

to just

"Codex starts encrypting prompts"

That is enough.

Maybe you could say sub agent prompts. The article can say the rest.

embedding-shape 5 hours ago | parent [-]

Not everything is encrypted though, session data (even from the sub-agent) remains unencrypted, only select things like the prompt the (main) agent sends the sub-agent is encrypted, rest of communication between the two seems still to be plain-text.

Regardless, I've updated the title from "Codex starts encrypting prompts, uses ciphertext for inference instead" to "Codex starts encrypting sub-agent prompts", hope this makes it clearer for everyone :)

4 hours ago | parent [-]
[deleted]
5 hours ago | parent | prev | next [-]
[deleted]
celeren-smid 5 hours ago | parent | prev [-]

[flagged]

minraws 5 hours ago | parent | prev | next [-]

Seconded can we change pls.

binyu 5 hours ago | parent | prev [-]

Agreed, I immediately thought that homomorphic encryption was at play here or some other kind of computation on ciphertext, given the mention of "inferencing" in the title.

embedding-shape 5 hours ago | parent [-]

My bad, fixed now, please do refresh and try with latest updated IE if you still don't see the changes.

binyu 3 hours ago | parent [-]

> with latest updated IE

Internet Explorer?

embedding-shape 3 hours ago | parent [-]

Bingo!