Skip to content

07. Security & Safety

Application security

Minimal surface: local scripts + static visualizer.

Topic Status
Secrets .env gitignored; API key for compression
HF token Optional CLI --token (process-list exposure risk)
Auth None on visualizer (public Pages)
Sandbox N/A — trusted local experimenter

ML safety / quality

Risk Mitigation in repo
Prompt regurgitation SFT regularization + dropout
Benchmark leakage Sampler blocklist for GSM8K/ARC
Over-compression destroying logic Validators + Grug score threshold
Accuracy regression GSM8K reporting of alignment tax

Interview Q&A

Q: Is Grug style a safety feature?
A: No — it is an efficiency/style objective. Safety-relevant pieces are leakage controls and honest accuracy reporting.