The model is only generating tokens without touching the network at all, right? How would it send data away?
Theoretically, by taking the opportunity to inject an exfiltration mechanism if you ask it to write code for you
alt Hacker News
Theoretically, by taking the opportunity to inject an exfiltration mechanism if you ask it to write code for you