[sneak]

Nah you can get machine creds automatically via the metadata service when running inside AWS. Nothing need be on disk.

[Sohcahtoa82]

That's still not any better.

If the LLM can run any code it writes itself, it can retrieve those credentials. It's just one `curl` away. If you don't let it run `curl`, but you let it run `python`, it can just run a Python script that fetches it using `requests`. Or a Node script that calls `fetch`.

Point is, if creds are accessible programmatically, the LLM can and may try to retrieve them if it thinks it needs them.

[epistasis]

Aws credentials are short lived precisely so that leaking them has a time limited blast radius.

Automatic retrieval, instead of keeping them on disk, is what makes short lived credentials possible.

[Sohcahtoa82]

I'm not convinced that time-limiting the blast radius matters. It just means that malicious use of the credentials has to be automated, and that's a pretty damn low bar.