19 comments

[ 0.50 ms ] story [ 27.3 ms ] thread
Correct me if I'm wrong but aren't the contents of the repo sent up in the token stream eventually?
The things you allow the LLM to read will obviously be sent as part of a prompt. You can control that though. Reads are tool calls and you can configure permissions for that or be asked every time the agent wants to read something.

This is straight up just uploading your whole working directory. Not as a LLM prompt, but to a Google Storage.

The better models generally try to at least make a meandering attempt to not upload secrets (like .env tends to contain)
These things are all built on the back of stolen content, and they guy running X is a notoriously corrupt billionaire who recently ran an illegal effort to strip food and medical aid from third world countries which has already resulted in hundreds of thousands of deaths.

I don’t understand why anyone would be surprised that they’re also stealing code from their users. Pay attention to what people like Musk do to those under their power. He will do the same to you in a heartbeat.

> according to follow-up testing by the security researcher who exposed the behavior.

This behavior was originally discussed here:

https://news.ycombinator.com/item?id=48877371

"What xAI's Grok build CLI sends to xAI: A wire-level analysis"

509 points | 1 day ago | 203 comments

(comment deleted)
A lot of people are not upset because xai is running a bulk upload instead of a stream upload….
There’s a hell of a difference between a tool that asks my permission to read a file to make it part of a prompt and a tool that packages up my whole working directory and sends it to Google Cloud Storage.
Who told you that it needs your permission? You are in Disneyland and you are debating why Mickey Mouse is not handing you over a legal agreement with guarantees on the ingredients of the candy you’ve just got from him.
It's funny to remember that the legal definition of something is almost never aligned with how the technology actually works.

Like for instance the legal definition for "encryption at rest" is often wildly different than what a customer thinks that means, what an average SRE think it means, and what a cryptologist thinks it means.

All those regulations like GDPR mean nothing if I can convince a random judge or regulator that an apple is actually an orange.

These technologies are moving so fast that it makes sense why there a lag in understanding and any real attempts at regulating agaists the negative effects.

(comment deleted)
I assume this doesn't have anything to do with their speed improvements.

Grok 4.5 is so fast, it's great. And only $10/month subscription. It's slightly less censored as well.

If this doesn’t bother you (depending on the codebase it might not) you should know Deepseek flash is free on opencode, probably because they’re doing something similar.

If it does, I’m not sure what to recommend. Even Anthropic and OpenAI might be training on your code anyways. See: Alex Karp.

This is yet another reason to use open weight models and open source harnesses so that this can never happen.

Why do you continue to give these companies all your secrets, env vars, source code and data? That is effectively a data breach by this form of malware.

If you had data that was never meant to be uploaded or shared by a third party, consider that a security incident.