The things you allow the LLM to read will obviously be sent as part of a prompt. You can control that though. Reads are tool calls and you can configure permissions for that or be asked every time the agent wants to read something.
This is straight up just uploading your whole working directory. Not as a LLM prompt, but to a Google Storage.
These things are all built on the back of stolen content, and they guy running X is a notoriously corrupt billionaire who recently ran an illegal effort to strip food and medical aid from third world countries which has already resulted in hundreds of thousands of deaths.
I don’t understand why anyone would be surprised that they’re also stealing code from their users. Pay attention to what people like Musk do to those under their power. He will do the same to you in a heartbeat.
There’s a hell of a difference between a tool that asks my permission to read a file to make it part of a prompt and a tool that packages up my whole working directory and sends it to Google Cloud Storage.
Who told you that it needs your permission? You are in Disneyland and you are debating why Mickey Mouse is not handing you over a legal agreement with guarantees on the ingredients of the candy you’ve just got from him.
It's funny to remember that the legal definition of something is almost never aligned with how the technology actually works.
Like for instance the legal definition for "encryption at rest" is often wildly different than what a customer thinks that means, what an average SRE think it means, and what a cryptologist thinks it means.
All those regulations like GDPR mean nothing if I can convince a random judge or regulator that an apple is actually an orange.
These technologies are moving so fast that it makes sense why there a lag in understanding and any real attempts at regulating agaists the negative effects.
If this doesn’t bother you (depending on the codebase it might not) you should know Deepseek flash is free on opencode, probably because they’re doing something similar.
If it does, I’m not sure what to recommend. Even Anthropic and OpenAI might be training on your code anyways. See: Alex Karp.
This is yet another reason to use open weight models and open source harnesses so that this can never happen.
Why do you continue to give these companies all your secrets, env vars, source code and data? That is effectively a data breach by this form of malware.
If you had data that was never meant to be uploaded or shared by a third party, consider that a security incident.
19 comments
[ 0.50 ms ] story [ 27.3 ms ] threadThis is straight up just uploading your whole working directory. Not as a LLM prompt, but to a Google Storage.
I don’t understand why anyone would be surprised that they’re also stealing code from their users. Pay attention to what people like Musk do to those under their power. He will do the same to you in a heartbeat.
This behavior was originally discussed here:
https://news.ycombinator.com/item?id=48877371
"What xAI's Grok build CLI sends to xAI: A wire-level analysis"
509 points | 1 day ago | 203 comments
See also this related ongoing thread:
Grok CLI uploaded the whole home directory to GCS - https://news.ycombinator.com/item?id=48892468
Like for instance the legal definition for "encryption at rest" is often wildly different than what a customer thinks that means, what an average SRE think it means, and what a cryptologist thinks it means.
All those regulations like GDPR mean nothing if I can convince a random judge or regulator that an apple is actually an orange.
These technologies are moving so fast that it makes sense why there a lag in understanding and any real attempts at regulating agaists the negative effects.
Grok 4.5 is so fast, it's great. And only $10/month subscription. It's slightly less censored as well.
If it does, I’m not sure what to recommend. Even Anthropic and OpenAI might be training on your code anyways. See: Alex Karp.
Why do you continue to give these companies all your secrets, env vars, source code and data? That is effectively a data breach by this form of malware.
If you had data that was never meant to be uploaded or shared by a third party, consider that a security incident.