the same as your browser trust some https domain. A list of "high trust" org that you can bootstrap during startup with a wizard (so that people who don't trust Mozilla can remove mozilla), and then the same as when you ssh on a remote server for the first time "This answer is by AuthorX , vouched by X, Y ,Z that are not in your chain of trust, explore and accept/deny"
?
replyEconomically, the org of trust could be 3rd party that does today pentesting etc. it could be part of their offering. I'm a company I pay them to audit answers in my domain of interest. And then the community benefits from this ?
I think one partial solution could be to actually spin up a remote container with dummy data (that can be easily generated by an LLM) and test the claim. With agents it can be done very quickly. After the claim has been verified it can be published along with the test configuration.
replyA partial solution sure, but the problem is that you need a 100% complete solution to this problem, otherwise it's still unsafe.
replyYou're using 1000x the resources to prove it than inject the issue, so you now have a denial of business attack.
replyHow in the world is a container 1000x resources? Parent comment is saying try running things in a container.
replyThat's scary - my first thought was that "yes, this one could run inside an organization you already trust". Running it like a public Stackoverflow sounds scary. Maybe as an industry collaboration with trusted members. Maybe.
reply