You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While upgrading our local copy of jf today, we noticed that an AI Assistant was introduced in version 2.69. Our team would like to disable this functionality to prevent accidental leakage of sensitive company data. Further, there are industries/deployment scenarios in which the existence of this built-in AI support would make installing jf impossible in the first place, due to concerns about sensitive user input being sent to an offsite/third-party location.
Would it be possible to distribute releases of the CLI that have the AI Assistant functionality completely removed, or at least disabled/inaccessible (e.g., commenting out https://github.com/jfrog/jfrog-cli/blob/v2/main.go#L276-L282 and then building)? Or is our only option to build from (modified) source?
The text was updated successfully, but these errors were encountered:
Thank you for reaching out to us with your concerns regarding the AI Assistant functionality introduced in version 2.69 of JFrog CLI.
We fully understand the sensitivity of the issue you’re raising, and we want to assure you that we take customer data privacy and confidentiality very seriously. We are committed to protecting your information, and we do not store any questions or answers provided by users, nor do we use them for training our models. For more details, you can review our privacy policy here
Please let us know if the following solution is feasible for you. In case it isn't, we will come up with a different solution.
Would it be possible to block the AI server URL on your organization’s network, which would effectively disable the AI functionality. The URL to block is: https://cli-ai-app.jfrog.io
Would this be a feasible solution for your team?
Thanks for the quick reply, @sverdlov93 . Blocking that URL worked as expected, and is good enough for our current purposes. Do you anticipate that JFrog would change that URL in the future, or will this method continue to work?
I think it might be worth adding this info to the FAQ's in the AI Assistant documentation to help others looking to disable this functionality (although having this issue here in GitHub is better than nothing).
Thank you @themowski.
We're happy to hear that blocking the URL resolved the issue for you.
The above URL isn't expected to change, and we will have it documented.
While upgrading our local copy of
jf
today, we noticed that an AI Assistant was introduced in version 2.69. Our team would like to disable this functionality to prevent accidental leakage of sensitive company data. Further, there are industries/deployment scenarios in which the existence of this built-in AI support would make installingjf
impossible in the first place, due to concerns about sensitive user input being sent to an offsite/third-party location.Would it be possible to distribute releases of the CLI that have the AI Assistant functionality completely removed, or at least disabled/inaccessible (e.g., commenting out https://github.com/jfrog/jfrog-cli/blob/v2/main.go#L276-L282 and then building)? Or is our only option to build from (modified) source?
The text was updated successfully, but these errors were encountered: