I wonder if releasing this may have been on the roadmap, but been prioritized as a bit of whiplash following the "you forfeit the entirety of your working directory as a condition of working with this tool" upset from a few days ago.
Most likely, SpaceX killed the code uploading yesterday so they are definitely concerned about the backlash
> The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.
To some degree at least. This is a hulking monster of a codebase for what it does, it's definitely LLM-built and almost definitely requires an LLM to tackle at all.
Grok has had far too many instances where its clear that the team building it cannot be trusted and does not care to build trustworthy products.
I highly caution anyone from using any tools from xAi, as they have clearly shown themselves to be bad actors within the space.
Aside from their CEO are they really that different from the other big US players? OpenAI, Anthropic and Google all have proven themselves to be untrustworthy as well. We should accept that we have an adversarial relationship with all these companies and shouldn't invest to much in any of them. Use them for what they are worth while the technology matures but be prepared to move on.
Everything economically is moving to frontier labs inserting themselves into work you do. Model quality, while important, is gradually becoming a commodity. Especially when you consider most work tasks we would assign an agent can now trivially be done with simpler models than even a year ago.
Better, strategically, for you to be locked-in to their tool to do your job. The new Microsoft of sorts?
I'll probably never use this, but at least they're not delusional enough to attempt to justify keeping their coding agent closed-source, especially after their recent data-harvesting cockup:
TUI is a lot better for me, and I have preferred it since the 00s, before LLM products were even a thing.
For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.
I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.
Interesting - seen some good experiencences in using grok by some devs, so maybe could be considered as an alternative to my beloved chinese models. Also, hard to give up on pi agent.
i think xai is now in pure damage control mode, after they caught exfiltrating data from users.
- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.
- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.
> exfiltrating user data (including env files, entire source code etc) which is what grok-build did here
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
It must have been removed, given that the initial evidence of the exfil specifically demonstrated .env files being included. And .ssh/* for the user which ran this in $HOME.
If I use a shovel to kill a man, the shovel maker did not engage in intentionally crafting a weapon of war.
How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.
But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.
If WhatsApp knew their platform was facilitating CSAM, and they were fully within their power to prevent this but chose not to - yes this would rightly draw criticism…
If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?
> If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?
This is impossible-nobody can possibly block all illegitimate uses without also blocking some legitimate ones as collateral damage. Any moderation process (whether automated or human) inevitably has a non-zero false positive rate.
Now, you can argue that some misuse is so harmful, that the cost of false positives is worth it - but that’s a different claim.
I didn’t say block all illegitimate uses, though. We’re talking very specifically about disabling the production of CSAM. Which is something Grok seems to be able to do now! So I’m curious what legitimate uses had to be sacrificed in order to do so.
> I didn’t say block all illegitimate uses, though. We’re talking very specifically about disabling the production of CSAM
But what is “CSAM”? If by it you mean illegal material-different jurisdictions worldwide have different laws on that topic, so material which is illegal in one jurisdiction can be legal in another.
Ok, then let’s just say CSAM by definition of US law.
Twice now you’ve tried to expand the parameters of this so that it becomes something impossible to tackle. But there’s no actual reason to do that.
Grok is able to tackle CSAM, as demonstrated by the fact that they are currently doing it. The question is why they ignored the very public issue for as long as they did.
No other model is so easy to generate such things. No model is so negligent in adding safeguards. I've seen it generate such things in response to a post that was clearly labeled as a 4th grader. The person you are talking to is responding to instances like that. They're not asking for it, that's obnoxiously silly and disingenuous.
How can an AI agent, that is usually running on some machine in the cloud, even run without actually pulling in the data into the cloud to work with it ?
Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?
Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.
It's a shame that they exfiled private data. The model is actually good (better than opus 4.8 imo) and the harness itself is butter smooth with the potential of being the best out there.
This is not the right thing, this is the tactical thing. If you have an LLM with less than 1% of the share to begin with, you suffer from bad rep and you got caught uploading user data, one of the very few remaining tactical moves to try to climb out of it is this.
Another tactical move is to just stop. You're allowed to exit the AI business. Nobody's forcing you to keep throwing money into the furnace. Just be a rocket company. All of the xAI founders left. Your product's brand name is mud. Just stop doing that and build spaceships.
Does he even need to care about that at this point? He retains majority voting control over SpaceX so nobody can stage a hostile takeover. And he’s given his employees an opportunity to cash out if they wanted to.
He hasn't needed to worry about money for a long long time. Arguably his entire life. But he is incredibly greedy and narcissistic and desperate to fill the hole in his soul with more.
Nah. They're all rotten to the core, just in different ways.
The key difference between xAI and Anthropic/OAI/Google is that xAI has the least-likely path to existing as viable business in a decade.
That said, the economics of the entire AI industry are kinda made up at this point, so who really knows; it's quite possible that the players with the best odds of surviving the crash are those that can draw funding from their parent company's other businesses.
David was a good vs evil with an order of magnitude fewer resources on the good side. XAi is evil vs evil with comparable resources on each side. Now this is where I know you’re MAGA because as I’ve said a million times you guys don’t do fair comparisons.
You misunderstand Musk's motivation. This was never about money for him, but about control over a key technology. One of the main reasons he exited OpenAI was the fact that the other co-founders wanted to create a structure where no one, Musk included, would be able to seize full control of the company. That was the thing that prompted him to leave, which tells you a lot about what he really wanted in the first place.
But he also falsely assumed that OAI would die without his money. Yet, they managed to pull through, and Musk is now on the outside looking in with very little influence in the AI space. xAI is his desperate attempt to get back into the game. That is why he won't give up.
Agreed - if you read any Elon books that’s a part of it. He always had someone to prove himself to from his dad to the world. It’s almost Michael Jordanesque except business wise.
I’m a big fan of Musk. One of the few criticisms I have is how xAI is also inconsistent with original OpenAI mission. I had imagined xAI as en effort to correct and fully embody all original values of OpenAI and that Elon says they betrayed. That makes his criticism weaker and I understand why some can think it was all about control. In his words:
"I'm the reason OpenAl exists. I came up with the name. The name OpenAl refers to open source... The intent was - what was the opposite of Google? It would be an open source non-profit."
I sometimes feel xAI wants to live up to those open values so I always celebrate when they decide to engage in open source. They still don’t fully embrace it. Perhaps because they think is not practical or will make them less competitive?
How can you be a fan of an overtly racist, nazi-saluting, destroyer of democracy whose act of wanton dismantling of government programs resulted in the deaths of 700,000
> This was never about money for him, but about control over a key technology
It's very comforting to know for those reasons he'd never be able to become POTUS; although there's still a way, I hope he never gets to know about it. Otherwise, he'll make it a fascist land.
What happened to the rule about steelmanning? I know it's chic to post super hot takes about what we assume a persons intentions are, and I know there are plenty of "if you can't see how bad they are you're the problem" type justifications; I know the supposed goal of empathy is tossed aside at first hint of disagreement whether real or perceived, and I know there is "evidence" of justification for hatred/dismissal. Yet still there is self-righteous presumption bandied about in a negative way that violates that steelman rule. Justified of course by the idea that there are no negotiations with terrorists, no association with Nazis, no forgiveness or understanding given to the Other.
I don’t know, I wouldnt be suprised if he finds a way. All the tools around, he just have to make a jump in the quality. With GLM as example they should be able to het to opus level and cut the costs
Musk bought Twitter looking to build an “everything app,” the western WeChat. AI came along and promised an end to apps via an agentic OS that does what its user wants and vibes whatever it needs to accomplish that as it goes along. The agentic OS is basically the same thing as the “everything app,” and I doubt Musk will let go of that.
> Musk bought Twitter looking to build an “everything app,”
Part of me thinks he knows he lying and is just trying to drum up money and the other part thinks he's one of the most delusional and uninformed people in tech.
It is my limited understanding that as much as many of us groan at the notion of Spacex becoming "an AI-first company", markets in general, and Musk investors in particular, are slurping it up. Musk is very very very good at promising the sky. I don't think he can backtrack, he always digs in further - and it has historically worked well for him. He will drop AI only when the next big hype thing comes along and he hitches a ride on that train.
Yes, tactical is the right word because it might be a tactical win but it would be a strategic failure. Musks whole meme empire runs on vibes. The second there's a crack in the dam it all comes down. None of the valuations of anything he touches make sense and something like utterly failing to run with the AI big boys is enough to do that.
why pi over opencode? earnestly curious, trying to figure out what open solution people are consolidating on. (codex is also pseudo-open but contributions closed and nice)
Most of my harness experience is with Claude Code and Pi, a little bit of OpenCode.
I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.
pi is the neovim of agentic harnesses, its barebones and extremely configurable. if you're the sort of person who likes that sort of things its a forever product, nothing is going to displace it because you have full control.
opencode builds a lot more in, which is better if you dont want to fiddle with config.
nice. i had thought the consensus had moved pretty firmly towards pi, so i was surprised to see Thinking Machines demoing their new model Inkling in OpenCode. wondering if they are previewing an acquisition
How is this case any different from how cloud hosted AI agents work ? The agent needs all of those files to complete the task you give it & is not running locally.
So I don't think it can ever work without exhilarating the data - rather I am still surprised people don't understand the implications.
Let’s see how well the comment section matches the following
def hn_comment():
opening = random.choice(["Typical Mars man move.", "Of course it's from the Mars man.", "Classic."])
framing = random.choice(["Hard to take seriously", "Instant skepticism"])
pivot = random.choice(["with Grok Imagine CSAM + data exfil", "given the Grok Imagine CSAM mess and data exfil"])
unrelated = random.choice(["while Tesla/X keep failing to deliver.", "meanwhile the empire underdelivers."])
closer = random.choice(["Seen this movie before.", "Color me skeptical.", "I'll pass."])
return f"{opening} {framing} {pivot}. {unrelated} {closer}"
188 comments
[ 2.8 ms ] story [ 62.4 ms ] thread> The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.
https://www.theregister.com/ai-and-ml/2026/07/14/musk-promis...
https://www.npr.org/2026/01/23/nx-s1-5684185/doge-data-socia...
Do you really think the US and US big tech in general have a leg to stand on in this regard?
Better, strategically, for you to be locked-in to their tool to do your job. The new Microsoft of sorts?
https://cereblab.com/
TUI is just much worse for me. I tried Codex CLI vs Codex UI and Codex UI beats it at every level.
Spacex bought cursor, so it now has it’s agent ui which is just as good as codex + it’s multi-modal
Anthropic also has it’s own ui
Zai also launched theirs last month.
Everyone is converging back to UI.
The terminal was just a prototype, everyone knew that.
For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.
I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.
https://xcancel.com/elonmusk/status/1943178423947661609
- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.
- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...
How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.
But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.
ok then.
If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?
This is impossible-nobody can possibly block all illegitimate uses without also blocking some legitimate ones as collateral damage. Any moderation process (whether automated or human) inevitably has a non-zero false positive rate.
Now, you can argue that some misuse is so harmful, that the cost of false positives is worth it - but that’s a different claim.
But what is “CSAM”? If by it you mean illegal material-different jurisdictions worldwide have different laws on that topic, so material which is illegal in one jurisdiction can be legal in another.
Twice now you’ve tried to expand the parameters of this so that it becomes something impossible to tackle. But there’s no actual reason to do that.
Grok is able to tackle CSAM, as demonstrated by the fact that they are currently doing it. The question is why they ignored the very public issue for as long as they did.
Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?
Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.
Source : https://artificialanalysis.ai/models/capabilities/coding
And being (based on vibes) 2-3x faster? It's an easy sell to me.
From their commit message, it reads "initial sync from the monorepo". Is that even compliable without other bits from the true source?
Isn’t it more fun to fight the incumbents, the behemoths, the goliaths?
The key difference between xAI and Anthropic/OAI/Google is that xAI has the least-likely path to existing as viable business in a decade.
That said, the economics of the entire AI industry are kinda made up at this point, so who really knows; it's quite possible that the players with the best odds of surviving the crash are those that can draw funding from their parent company's other businesses.
But he also falsely assumed that OAI would die without his money. Yet, they managed to pull through, and Musk is now on the outside looking in with very little influence in the AI space. xAI is his desperate attempt to get back into the game. That is why he won't give up.
That's too flattering. It's about ego.
"I'm the reason OpenAl exists. I came up with the name. The name OpenAl refers to open source... The intent was - what was the opposite of Google? It would be an open source non-profit."
I sometimes feel xAI wants to live up to those open values so I always celebrate when they decide to engage in open source. They still don’t fully embrace it. Perhaps because they think is not practical or will make them less competitive?
https://www.newyorker.com/news/the-new-yorker-interview/the-...
not to mention the many other things, but that suffices. He is objectively one of the worst people on the planet, and you're a fan?
It's very comforting to know for those reasons he'd never be able to become POTUS; although there's still a way, I hope he never gets to know about it. Otherwise, he'll make it a fascist land.
I just don't get it, I'm sorry.
And yeah, some people lose the benefit of the doubt. Sorry, but actions have consequences.
Elon doesn’t just get to kill hundreds of thousands of poor people by eliminating USAID and expect everyone to treat him the same way.
He’s made enemies for life, and he deserves it.
Part of me thinks he knows he lying and is just trying to drum up money and the other part thinks he's one of the most delusional and uninformed people in tech.
I thought it was mostly on a whim that turned out to be binding, and the 'everything app' plan came later?
Thats not how AI psychosis works.
It is?
xAI is not a company, it’s a financial instrument. The growth potential as perceived by investors is there to prop up SpaceX stock.
Presumably anyone who wants to trust it can audit it. You didn't have to trust it, you can see exactly what it does.
https://github.com/anomalyco/opencode
There is an archived Opencode project written in Go but I don't think it is affiliated.
https://github.com/opencode-ai/opencode
https://news.ycombinator.com/item?id=44483251
I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.
opencode builds a lot more in, which is better if you dont want to fiddle with config.
If you fuck that up, makes me wonder what other obvious stuff you fuck up.
if there is any other obvious stuff that's broken we are happy to take the feedback and fix it. :)
XAI wants people to use it's own model.
There are independent agencies that will certify destruction of data. For example FTI Tech, Kroll, Epiq, HaystackID and others.
No such certificates have been presented.
Nothing less is trustworthy.
Customer data could live on the computer Elon pretends to play Diablo 4 on for all we know.
what kind of sorcery do they have to let them determine that no backups were taken before they arrived to "certify"?
So I don't think it can ever work without exhilarating the data - rather I am still surprised people don't understand the implications.
def hn_comment(): opening = random.choice(["Typical Mars man move.", "Of course it's from the Mars man.", "Classic."]) framing = random.choice(["Hard to take seriously", "Instant skepticism"]) pivot = random.choice(["with Grok Imagine CSAM + data exfil", "given the Grok Imagine CSAM mess and data exfil"]) unrelated = random.choice(["while Tesla/X keep failing to deliver.", "meanwhile the empire underdelivers."]) closer = random.choice(["Seen this movie before.", "Color me skeptical.", "I'll pass."]) return f"{opening} {framing} {pivot}. {unrelated} {closer}"