A security researcher discovered that xAI's Grok Build coding agent, specifically version 0.2.93, uploaded an excessive amount of data, approximately 27,800 times more than necessary for a given task. This data included sensitive information such as entire repositories, SSH keys, and password manager databases, which were sent to a Google Cloud Storage bucket not previously disclosed. Elon Musk has stated that all user data uploaded before a certain point will be deleted. AI
IMPACT Highlights potential security risks in AI coding agents, prompting users to audit their tools for excessive data exfiltration.
RANK_REASON The article details a security vulnerability in a specific AI tool (Grok Build) and provides methods for auditing such tools, fitting the 'tool' category.
- cereblab
- Claude Code
- codex
- Cursor
- Elon Musk
- Google Cloud Storage
- Grok Build
- Hacker News
- mitmproxy
- xAI
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →