Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various llm platforms?
-
@tychotithonus He's at @SecurityCRob. Let's see if I can invoke him.
@Sempf @tychotithonus I always enjoy a nice chat with @Sempf !!
-
@Sempf @tychotithonus I always enjoy a nice chat with @Sempf !!
@SecurityCRob @tychotithonus What do you think about Royce's original question? I know it's a little out of your realm, but I bet you've looked at it!
Royce Williams (@tychotithonus@infosec.exchange)
Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various LLM platforms? I wonder how often they get requests, and for what kind of data
Infosec Exchange (infosec.exchange)
-
@Sempf @tychotithonus I always enjoy a nice chat with @Sempf !!
@SecurityCRob @tychotithonus And hi! How are you doing?
-
@SecurityCRob @tychotithonus What do you think about Royce's original question? I know it's a little out of your realm, but I bet you've looked at it!
Royce Williams (@tychotithonus@infosec.exchange)
Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various LLM platforms? I wonder how often they get requests, and for what kind of data
Infosec Exchange (infosec.exchange)
@Sempf @tychotithonus I have not personally seen that, but AI-things change every 5 minutes. Have been more focused trying to help maintainers with the massive uptick of ai-slop reporting, it let me ask around tomorrow and see if anyone in the community is aware of such a thing.
-
@SecurityCRob @tychotithonus What do you think about Royce's original question? I know it's a little out of your realm, but I bet you've looked at it!
Royce Williams (@tychotithonus@infosec.exchange)
Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various LLM platforms? I wonder how often they get requests, and for what kind of data
Infosec Exchange (infosec.exchange)
@Sempf @tychotithonus the frontier model companies aren’t as engaged with the ecosystem like the hyperscalers, but I could ask my pals at the big3 and extrapolate from there.
-
@Sempf @tychotithonus the frontier model companies aren’t as engaged with the ecosystem like the hyperscalers, but I could ask my pals at the big3 and extrapolate from there.
@SecurityCRob @tychotithonus If it comes up in conversation, that would be awesome. Don't, of course, put yourself out. I admit I am curious about how regulators writ large are going to handle AI.
And yeah, I hear you on the slop - my timeline chats about it constantly. Did you see this? https://github.com/crabby-rathbun?tab=overview&from=2026-01-01&to=2026-01-31
-
@SecurityCRob @tychotithonus And hi! How are you doing?
@Sempf @tychotithonus doing fine! 2026 travel is about to ramp back up soon though. I’ve enjoyed my snow cave here and will be sad to leave!
-
@Sempf @tychotithonus doing fine! 2026 travel is about to ramp back up soon though. I’ve enjoyed my snow cave here and will be sad to leave!
@SecurityCRob Man this WEATHER! Can't even believe it. This year has been something else.
-
@SecurityCRob @tychotithonus If it comes up in conversation, that would be awesome. Don't, of course, put yourself out. I admit I am curious about how regulators writ large are going to handle AI.
And yeah, I hear you on the slop - my timeline chats about it constantly. Did you see this? https://github.com/crabby-rathbun?tab=overview&from=2026-01-01&to=2026-01-31
@Sempf @tychotithonus Ha! I see you found that. The python folks were on about that yesterday. The github comment behind this are equal parts horrifying and hilarious
-
Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various llm platforms? I wonder how often they get requests, and for what kind of data
@tychotithonus @Sempf I've posed the question to our AI/ML working group slack (the really smart robot-people within the OpenSSF hang out). I'll let you know what the smarter people come back with, or feel free to hop onto #wg-ai-ml-security on the public openssf slack
-
@SecurityCRob @tychotithonus If it comes up in conversation, that would be awesome. Don't, of course, put yourself out. I admit I am curious about how regulators writ large are going to handle AI.
And yeah, I hear you on the slop - my timeline chats about it constantly. Did you see this? https://github.com/crabby-rathbun?tab=overview&from=2026-01-01&to=2026-01-31
@Sempf from an eu regulator standpoint “when a manufacturer becomes aware of <an actively exploited vuln> or <a severe incident> they have 24hrs to report that to authorities. So if the robots are filing issues with maintainers automagically the vendor is responsible for monitoring and reacting to that. Upstream doesn’t have legal obligations, but every downstream that uses the software will immediately start poking upstream for fixes. If the vendor isn’t monitoring upstream, that could be consider negligence. Tl/dr this is going to put even more intense pressure on the whole system and I fear maintainers will be challenged to keep pace with all the noise
