Just like using an AI model, you can’t actually know for sure that it won’t do anything malicious with what interfaces you give it access to. You just have to trust it.
As for everything else: trust, possibly enhanced by the fear of consequences for the other party.
How do we know if random internet service sells our email / password pair? They probably store the hashed password because it's easier (libraries) than writing their own code, but they get it as cleartext every time we type it in.
Audits. Obviously not every service is going to be in a jurisdiction that proactively audits data processors and controllers. Another thing to consider before you hand over your data.
> How do we know if random internet service sells our email / password pair? They probably store the hashed password because it's easier (libraries) than writing their own code, but they get it as cleartext every time we type it in.
For that, we can just use a unique password per service. That's not really a thing for code.
You could place some unique strings in your code, and test it to see if they appear as completions in future foundation models? Maybe?
I am nowhere near being a lawyer, but I believe the promise would be more legally binding, and more likely to be adhered to, if money was exchanged. Maybe?
Just like using an AI model, you can’t actually know for sure that it won’t do anything malicious with what interfaces you give it access to. You just have to trust it.
Well, you can at least check if there is network traffic to AWS or something similar.
But wouldn't that look the same as actually querying the model? Or am I missing the joke?
As for everything else: trust, possibly enhanced by the fear of consequences for the other party.
How do we know if random internet service sells our email / password pair? They probably store the hashed password because it's easier (libraries) than writing their own code, but they get it as cleartext every time we type it in.
> How do we know if random internet service
Audits. Obviously not every service is going to be in a jurisdiction that proactively audits data processors and controllers. Another thing to consider before you hand over your data.
> How do we know if random internet service sells our email / password pair? They probably store the hashed password because it's easier (libraries) than writing their own code, but they get it as cleartext every time we type it in.
For that, we can just use a unique password per service. That's not really a thing for code.
You could place some unique strings in your code, and test it to see if they appear as completions in future foundation models? Maybe?
I am nowhere near being a lawyer, but I believe the promise would be more legally binding, and more likely to be adhered to, if money was exchanged. Maybe?
The "Amazon Q Developer Pro" sub they mention appears to be very inexpensive. https://aws.amazon.com/q/pricing/