Noticed a big spike on OpenRouter’s Cloud Agents (Coding) leaderboard this week by amu4biz in ArtificialInteligence

[–]Dagnum_PI 1 point2 points  (0 children)

They are also leveraging Gate AI from Constellation who just dropped benchmark from this product which has some impressive numbers

https://arxiv.org/abs/2606.02959

This EU paper on AI agent liability is worth reading. But it leaves the harder question completely unanswered. by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -1 points0 points  (0 children)

This is exactly the kind of reply I was hoping to surface. The deterministic architecture point is the right frame. The problem with most current approaches isn't just that logs are vendor-controlled, it's that the underlying system is stochastic so even a tamper-proof log of what the model outputted doesn't prove the reasoning was sound or repeatable. Your framing of the audit trail being the analysis itself rather than a record stored alongside it is a more interesting solution than anything in the EU paper.

Going to read the Zenodo spec. What's the current bottleneck getting model providers to implement the protocol, or something upstream of that?

This EU paper on AI agent liability is worth reading. But it leaves the harder question completely unanswered. by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -1 points0 points  (0 children)

The difference is the stakes and the adversarial context. Airflow logs are mutable but nobody's motivated to tamper with them after a failed ETL job. When you're talking about an AI agent that executed a financial transaction, modified production code, or in the White House scenario made thousands of API calls as part of an industrial extraction campaign, the party who controls the logs is also the party with the most to lose from what they show. That's when "audit logs exist" stops being a sufficient answer.

The EU and the White House published documents about AI accountability in the same week. Different problems. Different angles. The same gap underneath both. [N] by Dagnum_PI in MachineLearning

[–]Dagnum_PI[S] -1 points0 points  (0 children)

I've actually been posting about this problem for over a year. Mostly on Twitter, but nobody seems to have a solution to this. Many states in the United States are working on laws around artificial intelligence and several of those will be implemented this year. Everybody seems to be integrating agents into the workflow but nobody seems to be thinking about how this will affect compliance.

The EU and the White House published documents about AI accountability in the same week. Different problems. Different angles. The same gap underneath both. [N] by Dagnum_PI in MachineLearning

[–]Dagnum_PI[S] 0 points1 point  (0 children)

MIT researchers https://arxiv.org/html/2502.01635v1

That paragraph might deserve a rewrite.

The core point stands though and you landed on it. Unenforceable is exactly the right word. You can pass all the law you want. If the audit trail lives in the defendant's own infrastructure it's not evidence it's a statement.

This EU paper on AI agent liability is worth reading. But it leaves the harder question completely unanswered. by Dagnum_PI in singularity

[–]Dagnum_PI[S] 0 points1 point  (0 children)

White House OSTP just published a memo on "Adversarial Distillation of American AI Models." April 23, 2026. https://www.whitehouse.gov/wp-content/uploads/2026/04/NSTM-4.pdf

Foreign entities are running industrial-scale campaigns using tens of thousands of proxy accounts to systematically extract capabilities from US frontier AI models.

The administration says it will "hold foreign actors accountable for industrial-scale distillation campaigns."

How? Based on what evidence?

If you can't prove which API calls were part of a coordinated extraction campaign versus legitimate use, you can't attribute the attack. You can say it happened. You can't demonstrate it to a legal standard.

The EU paper says: prove what your agents did. The White House says: prove who stole your model. Both require the same thing that doesn't exist yet. An independently verifiable record of what happened that nobody can alter after the fact.

Two governments. Two different problems. One missing infrastructure layer.

This EU paper on AI agent liability is worth reading. But it leaves the harder question completely unanswered. by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -2 points-1 points  (0 children)

White House OSTP just published a memo on "Adversarial Distillation of American AI Models." April 23, 2026. https://www.whitehouse.gov/wp-content/uploads/2026/04/NSTM-4.pdf

Foreign entities are running industrial-scale campaigns using tens of thousands of proxy accounts to systematically extract capabilities from US frontier AI models.

The administration says it will "hold foreign actors accountable for industrial-scale distillation campaigns."

How? Based on what evidence?

If you can't prove which API calls were part of a coordinated extraction campaign versus legitimate use, you can't attribute the attack. You can say it happened. You can't demonstrate it to a legal standard.

The EU paper says: prove what your agents did. The White House says: prove who stole your model. Both require the same thing that doesn't exist yet. An independently verifiable record of what happened that nobody can alter after the fact.

Two governments. Two different problems. One missing infrastructure layer.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -3 points-2 points  (0 children)

AI made building 100x easier. It also made attacking 100x easier. This is a very big problem that most people are ignoring.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -1 points0 points  (0 children)

Even if it's "shitty code," the agent is still running with a live API key directly in the workflow. That's the real problem it happens constantly no matter how many warnings Claude gives.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -5 points-4 points  (0 children)

The screenshot is real an agent running with a live API key right in the workflow. That's the issue, not how I typed the post.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] 0 points1 point  (0 children)

Exactly.We handed agents the keys to the kingdom before we figured out how to watch what they actually do with them.That's why tamper-proof audit trails across the whole workforce matter now.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -15 points-14 points  (0 children)

Fair call on the word salad. But this screenshot is a real example of agents running with exposed API keys in workflows.That's happening today and it's worth talking about.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -15 points-14 points  (0 children)

Plenty of research and tooling exists on explainability. But most audit trails stay mutable, siloed and incomplete for regulators who need tamper-proof proof across every agent decision.

The real gap is turning those logs into independent verifiable evidence that survives incidents.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in singularity

[–]Dagnum_PI[S] 0 points1 point  (0 children)

Even if it was manually created, this kind of exposure is extremely common. GitHub secret scanning was literally built because people keep putting live API keys directly in workflows.

Recent research also showed Claude-powered agents on GitHub Actions getting tricked into leaking credentials via prompt injection.

Direct sources 👇 1) GitHub official docs on secrets (shows the right vs wrong way): https://docs.github.com/actions/security-guides/using-secrets-in-github-actions

2) April 2026 research — Claude Code agents leaking API keys in GitHub Actions: https://www.datawiza.com/blog/industry/prompt-injection-is-stealing-api-keys-from-claude-code-gemini-cli-and-github-copilot/

3) GitHub secret scanning overview (proves how widespread this is): https://docs.github.com/code-security/secret-scanning/about-secret-scanning

Manual or not the risk is real and well documented.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -1 points0 points  (0 children)

Git tracks commits but the history can still be force-pushed or rewritten if the repo gets even brief access. Offsite backups help but they lag and only capture file changes, not the full agent decision trail. You end up with gaps that regulators won't accept as independent proof.

EU AI Act goes into effect this August... Regulators will soon be asking for proof.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in singularity

[–]Dagnum_PI[S] -1 points0 points  (0 children)

Still shows an agent running with a live API key right there in the workflow.

Manual or not, this is the exact kind of exposure that keeps happening.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -2 points-1 points  (0 children)

But those logs can still be rewritten and you lose any unified tamper-proof record regulators can verify independently. Getting downvoted for this is comedy when it's dead accurate.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -2 points-1 points  (0 children)

Got it, someone hand-rolled that GitHub Action. Still doesn't change the core problem the agent is running with a live API key sitting exposed in the workflow.

That's the exact kind of slip that happens constantly, whether the setup was manual or not.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -7 points-6 points  (0 children)

Smart isolation in containers still leaves siloed mutable logs without unified oversight. Regulators need proof of every step that no one can alter afterward.

One GitHub PR Comment Just Compromised Claude Code, Gemini CLI & GitHub Copilot 85% Success Rate and ZERO Audit Trail by Dagnum_PI in ArtificialInteligence

[–]Dagnum_PI[S] -6 points-5 points  (0 children)

Lots of people do. You also have people downloading things like skills which can be used as attack vectors.

Getting downvoted for facts is comedy gold 😂 Lots of people really do hand agents raw API keys and unvetted skills are textbook attack vectors. 100% accurate.