Top
Best
New

Posted by chatmasta 7 hours ago

Potential session/cache leakage between workspace instances or consumer accounts(github.com)
232 points | 113 commentspage 3
Trasmatta 3 hours ago|
The first reply clearly being a copy and paste from Claude made me want to vomit

If people absolutely need to use AI to write replies, they NEED to start including a "everything after this was generated by AI" disclaimer

dainiusse 4 hours ago||
Don't worry. Mythos will fix that before release. Oh, wait...
jdw64 2 hours ago||
The biggest problem with AI agents is this. You can't debug what the AI is doing, so it's really hard to track down where something went wrong.

What I know for sure:

1.Stuff that has nothing to do with the current session got mixed in.

What guessing:

1.There's a minecraft.py file in the tool folder, and that might have triggered some hallucination.

2.Maybe data from some other project on the user's local machine got mixed in somehow.

3.Or it could be from another user's conversation.

Honestly, if I think about how the system actually works, I don't think it's pulling from another user's data. But other people say they've had issues like that, so I can't completely rule it out.

I saw this thing on YouTube once. When a bunch of users share the same system prompt, or prefix, the computation results get shared through something called a KV Cache. At least, that's what I understood. Not sure if I got it right. But if there's some bug in the hashmap that's supposed to keep those caches separate, then maybe multi-tenant memory management just broke down and that's what caused this. I mean, I can guess, but who knows. And honestly, even if that's exactly what happened, they'd never admit it.

At the end of the day, LLMs are just word predictors, right? They build up some kind of semantic space inside. So maybe the user's question just happened to be near Minecraft in that space. That's kind of what I think.

bfeynman 5 hours ago||
fwiw, this could be a bug but the submitters level of arrogance places this rather high on the dunning-kruger side of things. There are multiple other plausible explanations, but this person is probably vibe coder who believes anything an llm says (including explaining its own hallucinations)
noperator 4 hours ago||
[dead]
TZubiri 5 hours ago||
0 evidence. If this were a real privacy leak, the author would ask their coworker if they talked about the unexpected topic instead of

>"Maybe my coworker was talking about this in another session?"

This would be a critical bug that would slash the market value of a T$ company significantly, go ask your coworker or close the ticket, why do you expect the devs to put an enormous amount of effort hunting a potentially inexistent if you can't make that minuscule debugging effort.

ec109685 6 hours ago||
Caching doesn’t work the way the bug reporter implies. Caches are shared (at least across the enterprise), but its key is always a function of the input before it.

We achieved significant savings simply by moving everything that varies across individuals out of the system prompt so every session starts from a cache point.

For example you never want your system prompt to start with the time that the session started. Move that to the first user message if needed.

macNchz 6 hours ago||
Caching is not supposed to work like that, but that doesn’t preclude the cache key computation function from having bugs.
marginalia_nu 6 hours ago|||
Yeah there's quite a lot of potential bugs that could have this shape. If I were to guess it could be a buffer in a buffer pool not being sized and zeroed correctly, allowing stale data to bleed between sessions.
nok22kon 4 hours ago|||
or the cache retrieval function for a key retrieving the wrong entry
Waterluvian 5 hours ago|||
There is a massive incentive for optimization, so I expect they’re doing a ton of very clever tricks, all of which make this kind of bug more likely.
estebarb 5 hours ago|||
Hash functions necesarily have collisions. Also, it is perfectly possible to introduce bugs in the hash function (hash inputs, hash function itself) that allows cross account contamination.
margalabargala 4 hours ago||
Hash functions necessarily have collisions, but it's perfectly possible to make the expected time between collisions greater than the human lifespan.
supriyo-biswas 6 hours ago||
There could just also be a bug where the output tokens of session 1 were shared with session 2, due to a race condition or similar.
mplappert 5 hours ago|
Seems like a hallucination to me; note that the context contains “unmarkBlock” as the function name, which invites a connection to Minecraft. Still shouldn’t happen of course.

The alternative explanation is that the inference engine, which batches several unrelated requests for parallel processing, messed up the unpacking and returned an unrelated user’s query. This one would be very scary as it will leak arbitrary content, but it seems much less likely here.