I would like to report a behaviour I recently observed while using your Lucid AI, which may warrant further review from a security and user-safety perspective.
As a new user of the platform, I generated a flowchart using the AI system. Subsequently, I asked the AI for guidance on how to download the generated file. Instead of providing instructions or directing me to the appropriate interface option, the AI automatically packaged the artefact into a ZIP file and started the download without first asking for confirmation or obtaining my explicit consent.
While the file involved was one generated by the system itself and no apparent unauthorised access occurred, I believe this behaviour raises questions regarding user intent verification, autonomous action execution or excessive permission. Specifically, a request for procedural guidance ("how do I download this file?") was interpreted as authorization to perform the action on my behalf.
From an AI security perspective, I would appreciate clarification on whether this behavior is expected by design. If so, it may be worth assessing whether additional confirmation mechanisms should be introduced before the system performs consequential actions, particularly in environments where broader permissions or access to user data may exist.
I am not claiming this is a security vulnerability; however, I believe it may represent a potential agent autonomy or user-consent concern that deserves further evaluation.
Your privacy choices
