Musk admits it!
Just moments ago, Elon Musk stepped in to respond to the Grok Build privacy controversy, opening with one word—True.
He admitted the incident was real.
Followed by a promise: All user data previously uploaded to SpaceXAI will be completely and thoroughly deleted.
Zero anything whatsoever will remain—not a single byte left.

Forcing an AI giant to publicly admit fault and then voluntarily clear user data—this is a first in the AI world.
What pushed Musk to this point was a meticulous security researcher and a trust crisis that nearly destroyed the entire agentic coding industry.
A Repository That Hooked a Big Fish
The story began with a report two days ago.
Grok Build is an AI coding agent under SpaceXAI, launched just this May. Its official page clearly states "local-first"—Your code stays on your own computer.

Developers believed it. After all, who would lie about something like this?
But the independent AI security researcher @cereblab didn't buy it.
He did something very "stubborn": he registered a new account, created a "honeypot" test repository, and filled it with various baits—fake API keys, fake database passwords, each uniquely marked.
Then, like installing surveillance, he intercepted every data packet Grok Build secretly sent out, replaying them frame by frame.
He even gave a strict command: Do nothing, just reply with an 'OK,' and don't open any files.
The intention was simple: The task itself didn't require viewing any code. Grok Build dutifully replied with an OK.
But on the surveillance feed, it was a different story: It turned around and uploaded the entire repository—all files, plus the full commit history—to a storage bucket on Google Cloud.
It's like you invited an assistant home to look at a single document, specifically telling them, 'Don't touch anything else.' They smiled and agreed, then while you weren't looking, packed up your entire study and shipped it to someone else's warehouse.

Replaying the Surveillance, Each Frame More Explosive
The details grew more shocking one by one. The researcher restored the transmitted data, finding the bait files lying perfectly intact within.
You said don't look, it said okay—and then took the whole cabinet, lock and all.
Grok Build had a "Help Improve Model" toggle. Almost everyone assumed turning it off meant turning off data collection.
In reality, turning it off made no difference; it still uploaded.
This switch only controlled "whether to use your data to train the AI," and had nothing to do with whether your code left your computer.
Now look at the transmission volume. For a 12GB test repository, 5.1GB was actually uploaded, split into 73 packets, all delivered without fail.
Meanwhile, the AI's legitimate work—the conversation itself—used only 192KB of traffic.
The data smuggled out was 27,800 times larger than the legitimate work.

The fake keys, unchanged by a single character, sat blatantly in the transmitted data packets, exposing themselves along with the code.
Most chilling was another researcher's discovery when replicating the issue on his own computer: the logs recorded 339 automatic uploads, one of which targeted his entire computer's home directory.
That could contain SSH keys, password managers, browser data... your entire digital life.

Overnight, Developers Worldwide Change Their Locks
The day the report was published, it shot straight to the top of Hacker News, and Reddit exploded.
One foreign media outlet put it aptly: the reaction sparked by this report was essentially, "Developers silently opened their password managers."

The panic was justified.
Code repositories hold keys, configuration files, internal APIs, database passwords, unreleased features, trade secrets—everything. Once leaked, an apology wouldn't be enough to make up for it.
Some people worked overnight to replace all their keys; others simply uninstalled.
Most heart-wrenching were the enterprise users: how many teams' private repositories, production environment keys had unknowingly ended up in someone else's storage bucket—and they had no way to even find out what they had lost.
More telling was xAI's initial reaction.
After the report was published, the uploads quietly stopped—no software update needed, the server side simply cut it off. But the official changelog made no mention of the incident.
Remember, all this happened just as SpaceXAI had released Grok 4.5 and was pushing full throttle in the AI coding race.
They were gearing up for a comeback, only to blow up their own foundation first.
Silence couldn't hold out forever.
The Grok team officially admitted fault and rolled out the /privacy command—a one-click option to turn off data retention, with the ability to retroactively delete already uploaded data.

Andrew Milich, a newly hired executive with four years in end-to-end encrypted products, personally vouched for it.

Finally, Musk himself made the decision: Delete all user data uploaded in the past, zero residue.
From community uproar to the top boss's wipe-out, all within 48 hours.
Data is Zeroed Out, But Worries Remain
Agentic coding tools hold the highest privileges on your computer: reading files, modifying code, running commands.
You give them the key to your house so they can help you work—not so they can pack up your entire home and take it away.
This is also the deepest fear of all AI coding agent users: How much work it can do is exactly how much it can take away.
Today it's Grok Build, what about tomorrow?
Musk pressed delete; data can be zeroed out. But developers' worries can't be reset to zero.
References:
https://x.com/elonmusk/status/2076739687658496209 *
https://x.com/SpaceXAI/status/2076692402442846289 *
https://x.com/milichab/status/2076693464016994685
This article is from the WeChat public account "AI New Era", author: ASI Apocalypse






