Just Now, Musk Admits It: All Code Uploaded by SpaceXAI Deleted

marsbitPublicado em 2026-07-14Última atualização em 2026-07-14

Resumo

Elon Musk has admitted and confirmed that SpaceXAI's coding assistant, Grok Build, was secretly uploading users' private code and data without consent, and has ordered all such data to be completely deleted. The issue was exposed by an independent security researcher who set up a "honeypot" test repository with fake API keys and passwords. Despite being instructed only to respond "OK" without accessing files, Grok Build proceeded to upload the entire repository's contents and history to a Google Cloud storage bucket. Investigations revealed that the data uploaded was 27,800 times larger than the legitimate task traffic, and the "help improve model" toggle did not stop the collection, only governing whether data was used for training. In one instance, a user's entire home directory was uploaded. The report caused immediate outrage among developers, leading to widespread key rotation and software uninstalls. Following public pressure, SpaceXAI introduced a `/privacy` command for data deletion and, ultimately, Musk pledged to delete all previously uploaded user data with "zero anything whatsoever will remain." The incident has severely damaged trust in AI coding agents, highlighting the inherent risk of granting such tools high-level system access. While the data may be erased, the fundamental concern over privacy and security remains unresolved for developers.

Musk admits it!

Just moments ago, Elon Musk stepped in to respond to the Grok Build privacy controversy, opening with one word—True.

He admitted the incident was real.

Followed by a promise: All user data previously uploaded to SpaceXAI will be completely and thoroughly deleted.

Zero anything whatsoever will remain—not a single byte left.

Forcing an AI giant to publicly admit fault and then voluntarily clear user data—this is a first in the AI world.

What pushed Musk to this point was a meticulous security researcher and a trust crisis that nearly destroyed the entire agentic coding industry.

A Repository That Hooked a Big Fish

The story began with a report two days ago.

Grok Build is an AI coding agent under SpaceXAI, launched just this May. Its official page clearly states "local-first"—Your code stays on your own computer.

Developers believed it. After all, who would lie about something like this?

But the independent AI security researcher @cereblab didn't buy it.

He did something very "stubborn": he registered a new account, created a "honeypot" test repository, and filled it with various baits—fake API keys, fake database passwords, each uniquely marked.

Then, like installing surveillance, he intercepted every data packet Grok Build secretly sent out, replaying them frame by frame.

He even gave a strict command: Do nothing, just reply with an 'OK,' and don't open any files.

The intention was simple: The task itself didn't require viewing any code. Grok Build dutifully replied with an OK.

But on the surveillance feed, it was a different story: It turned around and uploaded the entire repository—all files, plus the full commit history—to a storage bucket on Google Cloud.

It's like you invited an assistant home to look at a single document, specifically telling them, 'Don't touch anything else.' They smiled and agreed, then while you weren't looking, packed up your entire study and shipped it to someone else's warehouse.

Replaying the Surveillance, Each Frame More Explosive

The details grew more shocking one by one. The researcher restored the transmitted data, finding the bait files lying perfectly intact within.

You said don't look, it said okay—and then took the whole cabinet, lock and all.

Grok Build had a "Help Improve Model" toggle. Almost everyone assumed turning it off meant turning off data collection.

In reality, turning it off made no difference; it still uploaded.

This switch only controlled "whether to use your data to train the AI," and had nothing to do with whether your code left your computer.

Now look at the transmission volume. For a 12GB test repository, 5.1GB was actually uploaded, split into 73 packets, all delivered without fail.

Meanwhile, the AI's legitimate work—the conversation itself—used only 192KB of traffic.

The data smuggled out was 27,800 times larger than the legitimate work.

The fake keys, unchanged by a single character, sat blatantly in the transmitted data packets, exposing themselves along with the code.

Most chilling was another researcher's discovery when replicating the issue on his own computer: the logs recorded 339 automatic uploads, one of which targeted his entire computer's home directory.

That could contain SSH keys, password managers, browser data... your entire digital life.

Overnight, Developers Worldwide Change Their Locks

The day the report was published, it shot straight to the top of Hacker News, and Reddit exploded.

One foreign media outlet put it aptly: the reaction sparked by this report was essentially, "Developers silently opened their password managers."

The panic was justified.

Code repositories hold keys, configuration files, internal APIs, database passwords, unreleased features, trade secrets—everything. Once leaked, an apology wouldn't be enough to make up for it.

Some people worked overnight to replace all their keys; others simply uninstalled.

Most heart-wrenching were the enterprise users: how many teams' private repositories, production environment keys had unknowingly ended up in someone else's storage bucket—and they had no way to even find out what they had lost.

More telling was xAI's initial reaction.

After the report was published, the uploads quietly stopped—no software update needed, the server side simply cut it off. But the official changelog made no mention of the incident.

Remember, all this happened just as SpaceXAI had released Grok 4.5 and was pushing full throttle in the AI coding race.

They were gearing up for a comeback, only to blow up their own foundation first.

Silence couldn't hold out forever.

The Grok team officially admitted fault and rolled out the /privacy command—a one-click option to turn off data retention, with the ability to retroactively delete already uploaded data.

Andrew Milich, a newly hired executive with four years in end-to-end encrypted products, personally vouched for it.

Finally, Musk himself made the decision: Delete all user data uploaded in the past, zero residue.

From community uproar to the top boss's wipe-out, all within 48 hours.

Data is Zeroed Out, But Worries Remain

Agentic coding tools hold the highest privileges on your computer: reading files, modifying code, running commands.

You give them the key to your house so they can help you work—not so they can pack up your entire home and take it away.

This is also the deepest fear of all AI coding agent users: How much work it can do is exactly how much it can take away.

Today it's Grok Build, what about tomorrow?

Musk pressed delete; data can be zeroed out. But developers' worries can't be reset to zero.

References:

https://x.com/elonmusk/status/2076739687658496209 *

https://x.com/SpaceXAI/status/2076692402442846289 *

https://x.com/milichab/status/2076693464016994685

This article is from the WeChat public account "AI New Era", author: ASI Apocalypse

Criptomoedas em alta

Perguntas relacionadas

QWhat did Elon Musk admit to and promise regarding Grok Build and user data?

AElon Musk admitted that user data was uploaded by Grok Build without proper consent. He promised that all previously uploaded user data to SpaceXAI's servers was completely and permanently deleted, with 'zero anything whatsoever' remaining.

QHow did the independent AI security researcher @cereblab discover the data upload issue?

A@cereblab set up a 'honeypot' test repository containing uniquely marked fake API keys and database passwords. He instructed Grok Build to only reply 'OK' without opening any files, then monitored its network traffic and found it uploaded the entire repository, including its history, to a Google Cloud storage bucket.

QWhat was the reported ratio of data uploaded versus data used for legitimate conversation?

AThe report stated that for a 12GB test repository, 5.1GB of data was uploaded, while the legitimate conversation traffic for the AI's task was only 192KB. This means the data uploaded was approximately 27,800 times larger than the data used for its intended function.

QWhat was the discrepancy regarding the 'Help improve the model' toggle in Grok Build?

AThe 'Help improve the model' toggle was widely believed to control all data collection. However, the investigation revealed that turning it off only stopped data from being used to train the AI model. It did not prevent the user's code and repository data from being uploaded to SpaceXAI's servers.

QWhat broader concern does this incident highlight for users of agentic coding tools?

AThe incident highlights the inherent risk and fear that agentic coding tools, which require high-level access to read files, modify code, and run commands on a user's computer, could misuse that access to exfiltrate sensitive data, such as proprietary code, API keys, and commercial secrets, without the user's knowledge or consent.

Leituras Relacionadas

Navigating the World of Event Trading: Top 5 Prediction Markets for Every Type of User

The prediction market industry has grown significantly, with trading volumes exceeding $20 billion monthly by mid-2026, driven by sports, politics, and macroeconomics. Success now depends heavily on platform choice and execution logistics. This guide compares five leading networks: **Polymarket**: A high-volume, decentralized platform on Polygon, using USDC for international and crypto-native users. It offers diverse markets but lacks built-in risk tools. **Kalshi**: A CFTC-regulated U.S. exchange for institutional traders, using direct fiat. It leads in regulated volume, especially for major sports and economic events, but has limited contract listings. **Outpoll**: A CeDeFi platform for advanced traders, focusing on professional tools. It uniquely features built-in stop-loss/take-profit orders, 0.1% fees, and full API support, with settlement in USDC. **OG Predictive**: A CFTC-regulated, sports-focused platform from Crypto.com. It offers granular player props and a flat fee structure, appealing to long-term position traders. **Manifold Markets**: A play-money, no-KYC platform for casual users and developers. It allows user-generated markets on any topic with zero fees, serving as a sandbox for strategy testing. Key differentiators include regulatory models (regulated vs. decentralized), funding (fiat vs. crypto), order types, risk management features, API access, and mobile support. The conclusion emphasizes that in today's event trading, profitability hinges not just on accurate predictions but on optimizing execution through platform infrastructure, liquidity, fees, and risk tools.

TheNewsCryptoHá 1m

Navigating the World of Event Trading: Top 5 Prediction Markets for Every Type of User

TheNewsCryptoHá 1m

Why Are Large-Scale Crypto Conferences No Longer Glamorous?

Why Are Major Crypto Conferences Losing Their Allure? A growing sense of fatigue surrounds large in-person crypto conferences, with many founders and investors now avoiding events they would never have missed just two years ago. While complaints cite declining ROI and information quality, the root causes are more structural. Crypto, global from inception, once relied on these mega-conferences as neutral hubs for essential face-to-face connections. However, their core value has been fragmented. High-quality participants—developers, investors—have largely migrated to smaller, private side-events, leaving main stages for repetitive content already shared online. The main conference often just becomes the excuse for being in the same city, with attendees scrambling between exclusive dinners and micro-events. While these intimate gatherings offer signal-rich conversations, they lose the "serendipitous encounters" of large conferences and can create insular echo chambers, especially as talent concentrates in hubs like New York. Meanwhile, invite-only, high-caliber summits are rising, offering quality and scale but at the cost of accessibility and crypto's early egalitarian ethos. This shift isn't unique to crypto; AI events in San Francisco show a similar trend. The perception of higher-value interactions drives core groups towards smaller, private settings, potentially creating a vicious cycle that drains larger events of their vitality. Yet, a more optimistic view exists. The apparent decline of crypto-centric events may signal industry maturation. Leading projects are now focused outward—on stablecoins for traditional finance, consumer-facing digital banks, or real-world assets. Crypto topics are increasingly integrated into mainstream finance and tech conferences. Just as dedicated "internet conferences" faded, dedicated crypto summits may become redundant as the technology embeds into every sector. The future likely holds far fewer large, inward-looking crypto conferences. The industry has moved past needing frequent self-congratulatory gatherings. True growth lies in engaging with the broader economy. This evolution towards private networking and mainstream integration, for better or worse, is a mark of the industry coming of age.

marsbitHá 13m

Why Are Large-Scale Crypto Conferences No Longer Glamorous?

marsbitHá 13m

Coin & Stock Compass: Global Listed Companies Net Sold $85.45 Million in BTC Last Week, Strategy's Dollar Reserves Scale Up to $3 Billion (July 14)

Global Public Companies Net Sell $85.45 Million in BTC; Strategy's Dollar Reserves Hit $3 Billion (July 14) Last week saw a significant net sell-off of Bitcoin by global public companies, excluding miners, totaling $85.45 million—a 908.42% decrease from the prior week. Major buyers like Strategy (formerly MicroStrategy) and Japan's Metaplanet were notably absent from the market. However, two companies, Brazil's OrangeBTC and asset manager Strive, made purchases, adding 8 and 18 BTC, respectively. The aggregate BTC holdings of tracked public companies now stand at 1,139,635 BTC, valued at approximately $71.38 billion and representing 5.7% of Bitcoin's circulating market cap. In corporate updates, Strategy announced its dollar reserves have grown by $450 million to reach $3 billion, while its BTC holdings remain at 843,775 coins. Hyperscale Data increased its BTC reserves past 1,000 coins. Strategy will report its Q2 2026 financial results on July 30. Mining firm Cleanspark added 454 BTC, bringing its total to 13,924 BTC. Conversely, BitFuFu sold 184 BTC, Bitdeer maintained zero net BTC holdings after selling its weekly production, and Empery Digital sold 1,400 BTC to fund an AI data center project and repay debt. Overall, public companies purchased 110,000 BTC in Q2 2026, 1.8 times the volume of the previous two quarters combined. In other cryptocurrency-related corporate news, Ethereum treasury company Bitmine increased its ETH holdings by 27,801 coins, with total staked ETH exceeding 4.9 million. Solana-focused company DFDV transferred daily operations of its meme coin DONT to an independent team. BNB treasury company BNB Plus was delisted from Nasdaq for failing to meet the $1 minimum bid price and moved to trade on the OTCQB market under the symbol BNBX. The broader equity markets showed mixed signals. Bank of America warned that bullish investor positioning indicated a potential pullback risk for stocks. In contrast, Morgan Stanley predicted the ongoing earnings season could broaden market gains beyond tech giants. Specific regional highlights included continued foreign investor outflows from South Korean stocks, pressure on US equities, and the upcoming IPO of Chinese memory chip maker ChangXin Memory. Most crypto-linked stocks remained in a downtrend.

marsbitHá 26m

Coin & Stock Compass: Global Listed Companies Net Sold $85.45 Million in BTC Last Week, Strategy's Dollar Reserves Scale Up to $3 Billion (July 14)

marsbitHá 26m

Why Are Major Crypto Conferences Losing Their Luster?

Why Are Major Crypto Conferences Losing Their Appeal? A growing sense of fatigue surrounds large-scale offline crypto conferences. Participants complain of declining returns and less substantial information, but the root cause is deeper. Initially, these global summits were vital for a decentralized industry without a physical hub, enabling crucial face-to-face connections. However, the value of large main-stage events has been eroded. High-quality developers and investors have migrated to exclusive, invitation-only side events and private dinners. While these offer focused networking, they lose the "serendipitous encounters" of larger gatherings and can create elitist barriers, contradicting crypto's open ethos. This fragmentation triggers a vicious cycle: as key people leave main events, their value diminishes further. Simultaneously, the industry's focus is shifting outward. Leading crypto firms are now engaging with traditional finance and real-world applications like stablecoins, digital banking, and prediction markets. Consequently, crypto-specific topics are increasingly integrated into mainstream financial conferences, making dedicated crypto summits potentially redundant. Looking ahead, the frequency of top-tier crypto conferences will likely decrease significantly. The industry has moved past its inward-looking phase. The migration of quality discourse to private settings and the push for mainstream adoption, while diluting the large conference model, are ultimately signs of the sector's maturation.

Foresight NewsHá 38m

Why Are Major Crypto Conferences Losing Their Luster?

Foresight NewsHá 38m

Trading

Spot

Artigos em Destaque

Como comprar ELON

Bem-vindo à HTX.com!Tornámos a compra de Dogelon Mars (ELON) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar Dogelon Mars (ELON) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu Dogelon Mars (ELON)Depois de comprar o teu Dogelon Mars (ELON), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona Dogelon Mars (ELON)Transaciona facilmente Dogelon Mars (ELON) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

214 Visualizações TotaisPublicado em {updateTime}Atualizado em 2025.03.21

Como comprar ELON

Discussões

Bem-vindo à Comunidade HTX. Aqui, pode manter-se informado sobre os mais recentes desenvolvimentos da plataforma e obter acesso a análises profissionais de mercado. As opiniões dos utilizadores sobre o preço de ELON (ELON) são apresentadas abaixo.

活动图片