|
|
|
|
|
|
by Sohcahtoa82
26 days ago
|
|
|
That's still not any better. If the LLM can run any code it writes itself, it can retrieve those credentials. It's just one `curl` away. If you don't let it run `curl`, but you let it run `python`, it can just run a Python script that fetches it using `requests`. Or a Node script that calls `fetch`. Point is, if creds are accessible programmatically, the LLM can and may try to retrieve them if it thinks it needs them. |
|
|
Automatic retrieval, instead of keeping them on disk, is what makes short lived credentials possible.