Royce WilliamsHas anybody built a matrix of the lawful compliance transparency or policies or reporting across the various LLM platforms? I wonder how often they get requests, and for what kind of data
Bill@tychotithonus He's at @SecurityCRob. Let's see if I can invoke him.
SecurityCRob@SecurityCRob @tychotithonus What do you think about Royce's original question? I know it's a little out of your realm, but I bet you've looked at it!
Royce Williams (@[email protected])
Has anybody built a matrix of the lawful compliance transparency or policies or reporting across the various LLM platforms? I wonder how often they get requests, and for what kind of data
@Sempf @tychotithonus I have not personally seen that, but AI-things change every 5 minutes. Have been more focused trying to help maintainers with the massive uptick of ai-slop reporting, it let me ask around tomorrow and see if anyone in the community is aware of such a thing.
@Sempf @tychotithonus the frontier model companies aren’t as engaged with the ecosystem like the hyperscalers, but I could ask my pals at the big3 and extrapolate from there.
@SecurityCRob @tychotithonus If it comes up in conversation, that would be awesome. Don't, of course, put yourself out. I admit I am curious about how regulators writ large are going to handle AI.
And yeah, I hear you on the slop - my timeline chats about it constantly. Did you see this? https://github.com/crabby-rathbun?tab=overview&from=2026-01-01&to=2026-01-31
@Sempf @tychotithonus Ha! I see you found that. The python folks were on about that yesterday. The github comment behind this are equal parts horrifying and hilarious
@Sempf from an eu regulator standpoint “when a manufacturer becomes aware of <an actively exploited vuln> or <a severe incident> they have 24hrs to report that to authorities. So if the robots are filing issues with maintainers automagically the vendor is responsible for monitoring and reacting to that. Upstream doesn’t have legal obligations, but every downstream that uses the software will immediately start poking upstream for fixes. If the vendor isn’t monitoring upstream, that could be consider negligence. Tl/dr this is going to put even more intense pressure on the whole system and I fear maintainers will be challenged to keep pace with all the noise
@Sempf how the US reacts to this is still being formulated. They expressed that AI was a matter of national security, but I haven’t personally seen much motion from them on this (but that’s probably above my pay grade to get that invitation)
@SecurityCRob @tychotithonus And hi! How are you doing?
@Sempf @tychotithonus doing fine! 2026 travel is about to ramp back up soon though. I’ve enjoyed my snow cave here and will be sad to leave!
@SecurityCRob Man this WEATHER! Can't even believe it. This year has been something else.