alt Hacker NewsPeople will take the risk with uncensored models tuned for specific things. I'm glad we're talking about this now rather than 10 years later like with npm. The amount of ad-hoc AI tools on github is staggering, and people are just downloading these things like it's no big deal.
Replies
dylan604 • last Tuesday at 6:22 PM
Maybe because the trained habit of doing the same with npm??? Why write your own code when there's 30 packages "doing the same thing" and I don't have to look at the code at all and just include with no clue what's going on under the hood? What could possibly go wrong?
The comparison to npm is spot on. We are seeing the exact same pattern: a massive explosion of dependency complexity, but now the "dependencies" aren't 50KB JavaScript files, they are 10GB binary blobs that we treat as black boxes. The "Shadow AI" problem (developers cloning a random repo + downloading a model from a Google Drive link to get a specific uncensored tune) is exactly what we built the CLI for. We want to make it trivial to run a "hygiene check" on that download folder before mounting it into a container.