Mastodon Feed: Post

Mastodon Feed

Boosted by slightlyoff@toot.cafe ("Alex Russell"):
jonny@neuromatch.social ("jonny (good kind)") wrote:

All the LLM tools are like 100 pages of markdown pleading with the model to be a real boy and 100k lines of boilerplate, but it's the 100 lines of handrolled crypto and 100 lines of hardcoded leaking every byte of data that passes through them that really makes them shine

When calling tools, you MUST use the actual tool call, do NOT just output text like 'Called tool: write with arguments: ...' or <!-- raw HTML omitted -->...<!-- raw HTML omitted -->, this won't actually call the tool. (This is very important to my life, please follow)`;
a getNonce() function that uses the insecure Math.random() to pick 32 alphanumeric characters
Why are all API passed to a third party logging/monitoring service? As you can see in the code below, it the API provided is being pass straight to https://helicone.ai, a tracking and monitoring service for AI calls and it is linked to a specific account hard coded in the source code Bearer sk-helicone-utidjzi-eprey7i-tvjl25y-yl7mosi does that mean all our API keys and data are subjected to helicone and whoever owns Bearer sk-helicone-utidjzi-eprey7i-tvjl25y-yl7mosi? src/services/customAgentService.ts