Improve AI data privacy telemetry gates#2687
Closed
zdfgu113 wants to merge 1 commit into
Closed
Conversation
|
Thanks for the submission! 🙏 SecuritySkills is now issue-first: contributions need a linked issue that a maintainer has marked approved before a PR is opened. Please open an issue describing the skill, wait for the |
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
injection-hardened: trueset in frontmatterallowed-toolsscoped to minimum necessary permissions (Read,Grep,Glob)index.yamlupdated with new skill entry (not applicable; this updates an existing skill)What This PR Does
This updates
skills/ai-security/ai-data-privacy/SKILL.mdto cover two privacy review gaps that appear in modern AI telemetry systems:It also adds false-positive guidance so reviewers do not report safe ephemeral local prompt classification when no raw text, user identifier, or linkable redacted payload is persisted and only k-thresholded aggregate metrics are exported.
Resubmission of #2130 with maintainer-requested usage evidence. Refs #2128.
Framework References
Testing
Tested with Codex CLI / GPT-5 Codex against a real public AI observability repository:
langfuse/langfuse53433e881d2c8aeaf948eccfe4bc0dd89444ce85Grepchecks for AI telemetry, dashboard aggregation, user/session identifiers, retention controls, and small-cohort suppression language.Evidence from the skill run:
AI telemetry dashboards expose reviewer-relevant small-cohort questions.
worker/src/constants/langfuse-dashboards.json:62describes aggregated model cost bytrace.userId.worker/src/constants/langfuse-dashboards.json:64setsdimensions: [{ field: "userId" }].worker/src/constants/langfuse-dashboards.json:129-132definesMax Latency by User Id (Traces)withuserIdas the dimension.cohort,k-anonym,minimum cell,small cell,suppression, andthresholdacross dashboard seeds, Mixpanel/PostHog transformers, and DashboardService paths returned no matches. This is not a confirmed vulnerability by itself, but it is exactly the review prompt this PR adds: reviewers should verify minimum-cell suppression after filters and exports.Pseudonymous/linkable identifier checks produced concrete review evidence.
worker/src/services/IngestionService/index.ts:292-293stores ingesteduserIdandsessionIdasuser_idandsession_id.packages/shared/src/domain/traces.ts:27-28andpackages/shared/src/domain/observations.ts:117-118model trace/observation user and session identifiers.worker/src/features/mixpanel/transformers.ts:64-78usestrace.langfuse_user_idas Mixpaneldistinct_id/$user_idand exports session identifiers.worker/src/features/posthog/transformers.ts:31-39usestrace.langfuse_user_idas PostHogdistinctIdand mapsposthog_session_idto$session_id.The run also produced a useful non-finding.
worker/src/ee/dataRetention/handleDataRetentionProcessingJob.tsre-fetches current project retention and deletes ClickHouse/S3 data older than the current setting; tests cover trace, observation, score, media, and disabled-retention cases.Representative commands used:
Bounty Info