this post was submitted on 29 Apr 2026
195 points (99.0% liked)

Fuck AI

6809 readers
881 users here now

"We did it, Patrick! We made a technological breakthrough!"

A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.

AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.

founded 2 years ago
MODERATORS
VerbFlow@lemmy.world
MrMcGasion@lemmy.world
TootSweet@lemmy.world
BigMikeInAustin@lemmy.world
cynar@lemmy.world
drmeanfeel@lemmy.world
pavnilschanda@lemmy.world
CriticalMedicine@lemmy.world
WonderfulWanderer@lemmy.world
Communist@lemmy.ml
eatCasserole@lemmy.world
SpaceNoodle@lemmy.world
NutWrench@lemmy.world
Soup@lemmy.cafe
iAvicenna@lemmy.world
Tinks@lemmy.world
wizblizz@lemmy.world
corus_kt@lemmy.world
TrickDacy@lemmy.world
andrew_bidlaw@sh.itjust.works
MeDuViNoX@sh.itjust.works
33550336@lemmy.world
Nougat@fedia.io
Lost_My_Mind@lemmy.world
Quill7513@slrpnk.net
glowing_hans@sopuli.xyz
e8d79@discuss.tchncs.de
ThefuzzyFurryComrade@pawb.social
195
I'm so fucking tired.. (piefed.social)
submitted 4 days ago by getFrog@piefed.social to c/fuck_ai@lemmy.world
24 comments fedilink hide all child comments
 

..of how little any of my coworkers seem to care about the security implications of the stupid ass ai tools. They treat me like I'm crazy to suggest that maybe Claude shouldn't be able to read their Artifactory/npm token because we still don't have granular permissions on those and every token has publish permissions. ugh.
They literally have to go out of their way to give Claude access to that file too, and the only benefit is that it can run an npm install all by itself (absolutely stellar idea with the influx of npm supply chain attacks we're having).

Or when I suggest that maybe it's not a great idea to give Claude a git token with full write permissions to all repos, because commiting things from outside of the Claude terminal isn't even that much of a hassle. I'd get taking some security shortcuts if there was any actual benefit, but this is just so unnecessary.

And any time I point at any of the crazy security flaws the one mega-annoying coworker that vibecodes everything goes "uuhh no it's pointless to make the AI more secure because regular developers have a lot of permissions too and an angry developer could do way more damage than the AI".
Trying my hardest to not take him up on that.

you are viewing a single comment's thread
view the rest of the comments
[–] LiveLM@lemmy.zip 4 points 3 days ago

Absolutely this. I watch my coworkers allow AI to access their entire prod Supabase DB via MCP and I just... let them. Not my data anyway and they won't listen to me 🤷