Alice* says she feels “not in the slightest” guilty about using ChatGPT to complete training tasks, saying it is easy to get away with as long as you instruct chatbots to avoid the usual telltale signs of AI output, like a preponderance of em-dashes. “It’s only the sloppiest of users that get caught,” she says. “Anyone with a modicum of awareness around AI hallmarks can tell their output not to use them, and at that point what are you going to do?”
Another worker, Bob*, worked for a training platform called Outlier. Initially, he was tasked with AI training, which he says he illicitly used AI for, and was then promoted to a leadership role where part of his job was to catch others doing the same thing.
Those screenshots and recordings are a treasure trove if ever/when they are externally compromised.
Recently was in a CTF where finding the stored screenshots from copilots recall was the path to the flag. A screenshot of a notepad doc that had credentials for the admin user of a compromisable service.
Doc wasn’t saved. Copilot didn’t care.
Yes, this means if you ever copy/paste a password in clear text temporarily on a machine with recall, and your user is compromised, that password could still possibly be found.
God forbid you have to edit a config file on ssh