Potential session/cache leakage between workspace instances or consumer accounts
Nature of the Minecraft Output: Hallucination vs. Data Leak
- Many commenters think the incident is most likely a hallucination, not cross-session or cross-account leakage.
- Arguments for hallucination:
- “minecraft.py” and related strings existed in the user’s context/tool outputs.
- Long contexts can cause models to drift or “go insane,” including language shifts and off-topic tangents.
- Skeptical voices argue the behavior seems too specific/implausible for a normal hallucination and resembles unrelated conversation fragments.
- Some note that, from the outside, hallucination, context bleed, and infra bugs can look similar and are hard to distinguish.
Caching, KV Cache, and Multi‑Tenant Risks
- Several comments explain that prefix/KV caches are shared to save compute, typically keyed by input tokens.
- Others stress that implementation bugs in cache keys, hash functions, radix trees, or buffer reuse could cause cross-tenant contamination.
- There is debate over how likely shared-prefix cache collisions are; full-session collisions are seen as unlikely, but overlapping chunks are plausible.
- Some highlight GPU multi-tenancy, over-subscribed hardware, and aggressive optimization as making strict isolation difficult.
Infrastructure & Routing Bugs (Beyond Caching)
- A few contributors report prior incidents (with multiple major providers) where responses were swapped between users due to HTTP-level issues (e.g., request smuggling / desync).
- These were framed as infra bugs where responses get misrouted in flight, not retained training data leaks.
- There is concern that such bugs can still violate data isolation expectations (e.g., regulatory/PHI implications), even if models are “zero data retention.”
Broader LLM Reliability Experiences
- Multiple users report similar “random” or mismatched responses from other models (Gemini, Chinese models, etc.), sometimes in different languages or unrelated domains.
- Some see this as evidence of fragile infra or context handling; others as typical for large, stochastic models, especially under long context or heavy load.
Security, Trust, and Debuggability Concerns
- Commenters note that AI agents are hard to debug, making it difficult to trace whether issues stem from hallucination, context injection, or infra bugs.
- There is frustration about limited transparency; several doubt that a provider would fully admit a serious multi-tenant isolation failure.
- Some emphasize that LLM infrastructure combines immature tooling, complex GPU multi-tenancy, and high sensitivity, making the whole stack “brittle.”