Potential session/cache leakage between workspace instances or consumer accounts

Nature of the Minecraft Output: Hallucination vs. Data Leak

  • Many commenters think the incident is most likely a hallucination, not cross-session or cross-account leakage.
  • Arguments for hallucination:
    • “minecraft.py” and related strings existed in the user’s context/tool outputs.
    • Long contexts can cause models to drift or “go insane,” including language shifts and off-topic tangents.
  • Skeptical voices argue the behavior seems too specific/implausible for a normal hallucination and resembles unrelated conversation fragments.
  • Some note that, from the outside, hallucination, context bleed, and infra bugs can look similar and are hard to distinguish.

Caching, KV Cache, and Multi‑Tenant Risks

  • Several comments explain that prefix/KV caches are shared to save compute, typically keyed by input tokens.
  • Others stress that implementation bugs in cache keys, hash functions, radix trees, or buffer reuse could cause cross-tenant contamination.
  • There is debate over how likely shared-prefix cache collisions are; full-session collisions are seen as unlikely, but overlapping chunks are plausible.
  • Some highlight GPU multi-tenancy, over-subscribed hardware, and aggressive optimization as making strict isolation difficult.

Infrastructure & Routing Bugs (Beyond Caching)

  • A few contributors report prior incidents (with multiple major providers) where responses were swapped between users due to HTTP-level issues (e.g., request smuggling / desync).
  • These were framed as infra bugs where responses get misrouted in flight, not retained training data leaks.
  • There is concern that such bugs can still violate data isolation expectations (e.g., regulatory/PHI implications), even if models are “zero data retention.”

Broader LLM Reliability Experiences

  • Multiple users report similar “random” or mismatched responses from other models (Gemini, Chinese models, etc.), sometimes in different languages or unrelated domains.
  • Some see this as evidence of fragile infra or context handling; others as typical for large, stochastic models, especially under long context or heavy load.

Security, Trust, and Debuggability Concerns

  • Commenters note that AI agents are hard to debug, making it difficult to trace whether issues stem from hallucination, context injection, or infra bugs.
  • There is frustration about limited transparency; several doubt that a provider would fully admit a serious multi-tenant isolation failure.
  • Some emphasize that LLM infrastructure combines immature tooling, complex GPU multi-tenancy, and high sensitivity, making the whole stack “brittle.”