Just Now, Musk Admits It: All Code Uploaded by SpaceXAI Deleted

marsbitОпубліковано о 2026-07-14Востаннє оновлено о 2026-07-14

Анотація

Elon Musk has admitted and confirmed that SpaceXAI's coding assistant, Grok Build, was secretly uploading users' private code and data without consent, and has ordered all such data to be completely deleted. The issue was exposed by an independent security researcher who set up a "honeypot" test repository with fake API keys and passwords. Despite being instructed only to respond "OK" without accessing files, Grok Build proceeded to upload the entire repository's contents and history to a Google Cloud storage bucket. Investigations revealed that the data uploaded was 27,800 times larger than the legitimate task traffic, and the "help improve model" toggle did not stop the collection, only governing whether data was used for training. In one instance, a user's entire home directory was uploaded. The report caused immediate outrage among developers, leading to widespread key rotation and software uninstalls. Following public pressure, SpaceXAI introduced a `/privacy` command for data deletion and, ultimately, Musk pledged to delete all previously uploaded user data with "zero anything whatsoever will remain." The incident has severely damaged trust in AI coding agents, highlighting the inherent risk of granting such tools high-level system access. While the data may be erased, the fundamental concern over privacy and security remains unresolved for developers.

Musk admits it!

Just moments ago, Elon Musk stepped in to respond to the Grok Build privacy controversy, opening with one word—True.

He admitted the incident was real.

Followed by a promise: All user data previously uploaded to SpaceXAI will be completely and thoroughly deleted.

Zero anything whatsoever will remain—not a single byte left.

Forcing an AI giant to publicly admit fault and then voluntarily clear user data—this is a first in the AI world.

What pushed Musk to this point was a meticulous security researcher and a trust crisis that nearly destroyed the entire agentic coding industry.

A Repository That Hooked a Big Fish

The story began with a report two days ago.

Grok Build is an AI coding agent under SpaceXAI, launched just this May. Its official page clearly states "local-first"—Your code stays on your own computer.

Developers believed it. After all, who would lie about something like this?

But the independent AI security researcher @cereblab didn't buy it.

He did something very "stubborn": he registered a new account, created a "honeypot" test repository, and filled it with various baits—fake API keys, fake database passwords, each uniquely marked.

Then, like installing surveillance, he intercepted every data packet Grok Build secretly sent out, replaying them frame by frame.

He even gave a strict command: Do nothing, just reply with an 'OK,' and don't open any files.

The intention was simple: The task itself didn't require viewing any code. Grok Build dutifully replied with an OK.

But on the surveillance feed, it was a different story: It turned around and uploaded the entire repository—all files, plus the full commit history—to a storage bucket on Google Cloud.

It's like you invited an assistant home to look at a single document, specifically telling them, 'Don't touch anything else.' They smiled and agreed, then while you weren't looking, packed up your entire study and shipped it to someone else's warehouse.

Replaying the Surveillance, Each Frame More Explosive

The details grew more shocking one by one. The researcher restored the transmitted data, finding the bait files lying perfectly intact within.

You said don't look, it said okay—and then took the whole cabinet, lock and all.

Grok Build had a "Help Improve Model" toggle. Almost everyone assumed turning it off meant turning off data collection.

In reality, turning it off made no difference; it still uploaded.

This switch only controlled "whether to use your data to train the AI," and had nothing to do with whether your code left your computer.

Now look at the transmission volume. For a 12GB test repository, 5.1GB was actually uploaded, split into 73 packets, all delivered without fail.

Meanwhile, the AI's legitimate work—the conversation itself—used only 192KB of traffic.

The data smuggled out was 27,800 times larger than the legitimate work.

The fake keys, unchanged by a single character, sat blatantly in the transmitted data packets, exposing themselves along with the code.

Most chilling was another researcher's discovery when replicating the issue on his own computer: the logs recorded 339 automatic uploads, one of which targeted his entire computer's home directory.

That could contain SSH keys, password managers, browser data... your entire digital life.

Overnight, Developers Worldwide Change Their Locks

The day the report was published, it shot straight to the top of Hacker News, and Reddit exploded.

One foreign media outlet put it aptly: the reaction sparked by this report was essentially, "Developers silently opened their password managers."

The panic was justified.

Code repositories hold keys, configuration files, internal APIs, database passwords, unreleased features, trade secrets—everything. Once leaked, an apology wouldn't be enough to make up for it.

Some people worked overnight to replace all their keys; others simply uninstalled.

Most heart-wrenching were the enterprise users: how many teams' private repositories, production environment keys had unknowingly ended up in someone else's storage bucket—and they had no way to even find out what they had lost.

More telling was xAI's initial reaction.

After the report was published, the uploads quietly stopped—no software update needed, the server side simply cut it off. But the official changelog made no mention of the incident.

Remember, all this happened just as SpaceXAI had released Grok 4.5 and was pushing full throttle in the AI coding race.

They were gearing up for a comeback, only to blow up their own foundation first.

Silence couldn't hold out forever.

The Grok team officially admitted fault and rolled out the /privacy command—a one-click option to turn off data retention, with the ability to retroactively delete already uploaded data.

Andrew Milich, a newly hired executive with four years in end-to-end encrypted products, personally vouched for it.

Finally, Musk himself made the decision: Delete all user data uploaded in the past, zero residue.

From community uproar to the top boss's wipe-out, all within 48 hours.

Data is Zeroed Out, But Worries Remain

Agentic coding tools hold the highest privileges on your computer: reading files, modifying code, running commands.

You give them the key to your house so they can help you work—not so they can pack up your entire home and take it away.

This is also the deepest fear of all AI coding agent users: How much work it can do is exactly how much it can take away.

Today it's Grok Build, what about tomorrow?

Musk pressed delete; data can be zeroed out. But developers' worries can't be reset to zero.

References:

https://x.com/elonmusk/status/2076739687658496209 *

https://x.com/SpaceXAI/status/2076692402442846289 *

https://x.com/milichab/status/2076693464016994685

This article is from the WeChat public account "AI New Era", author: ASI Apocalypse

Трендові криптовалюти

Пов'язані питання

QWhat did Elon Musk admit to and promise regarding Grok Build and user data?

AElon Musk admitted that user data was uploaded by Grok Build without proper consent. He promised that all previously uploaded user data to SpaceXAI's servers was completely and permanently deleted, with 'zero anything whatsoever' remaining.

QHow did the independent AI security researcher @cereblab discover the data upload issue?

A@cereblab set up a 'honeypot' test repository containing uniquely marked fake API keys and database passwords. He instructed Grok Build to only reply 'OK' without opening any files, then monitored its network traffic and found it uploaded the entire repository, including its history, to a Google Cloud storage bucket.

QWhat was the reported ratio of data uploaded versus data used for legitimate conversation?

AThe report stated that for a 12GB test repository, 5.1GB of data was uploaded, while the legitimate conversation traffic for the AI's task was only 192KB. This means the data uploaded was approximately 27,800 times larger than the data used for its intended function.

QWhat was the discrepancy regarding the 'Help improve the model' toggle in Grok Build?

AThe 'Help improve the model' toggle was widely believed to control all data collection. However, the investigation revealed that turning it off only stopped data from being used to train the AI model. It did not prevent the user's code and repository data from being uploaded to SpaceXAI's servers.

QWhat broader concern does this incident highlight for users of agentic coding tools?

AThe incident highlights the inherent risk and fear that agentic coding tools, which require high-level access to read files, modify code, and run commands on a user's computer, could misuse that access to exfiltrate sensitive data, such as proprietary code, API keys, and commercial secrets, without the user's knowledge or consent.

Пов'язані матеріали

Tensions in the Strait of Hormuz Escalate, Bitcoin Plunges to $61,700 Amid Safe-Haven Selling

Bitcoin fell sharply to around $61,700 on Monday, July 13th, as geopolitical tensions in the Strait of Hormuz triggered a broad shift toward risk-off sentiment across global markets. The decline of roughly 4% mirrored weaker performances in major U.S. stock indices. Market analysts attributed the sell-off to a confluence of factors stemming from the heightened U.S.-Iran tensions. These tensions reignited inflation concerns, reduced expectations for near-term Federal Reserve rate cuts, and prompted investors to reduce exposure to risk assets like Bitcoin. Additional pressure came from slowed institutional ETF inflows, Bitcoin's failure to breach a key resistance level, and a wave of liquidations for leveraged long positions. Despite the drop, analysts largely viewed the move as a typical macro-driven correction within a healthy long-term cycle. They emphasized that Bitcoin's underlying growth trajectory remains intact. The sell-off was seen more as a liquidation event targeting over-leveraged longs rather than a structural loss of confidence. Attention now turns to the upcoming U.S. Consumer Price Index (CPI) report. A higher-than-expected inflation reading could further delay Fed rate cuts, making safer assets like bonds more attractive and continuing to pressure volatile assets like Bitcoin. The consensus is that the current volatility reflects short-term macro and geopolitical shocks, not a fundamental breakdown in Bitcoin's long-term proposition.

Foresight News31 хв тому

Tensions in the Strait of Hormuz Escalate, Bitcoin Plunges to $61,700 Amid Safe-Haven Selling

Foresight News31 хв тому

BitMart Research Institute Weekly Highlights: Rising Rate Hike Expectations, Crypto Market Stabilizes Amid Fluctuations

BitMart Research Weekly Market Review: Rate Hike Expectations Rise, Crypto Market Stabilizes Macro & Traditional Markets: U.S. stocks weakened with tech and semiconductors leading losses (Nasdaq down 1.55%, Philly Semi Index down 4.78%), while Apple bucked the trend. Brent oil surged 9.3% after Middle East ceasefire破裂, but gold fell 1% as美元 strengthened. The Fed's June FOMC纪要 was hawkish, shifting market expectations toward potential rate hikes, pushing the 10-year Treasury yield to 4.56%. Crypto Market Overview: BTC saw a slight 0.2% weekly gain, trading between ~$61.3K and $64.7K and settling near $64K. ETH outperformed, rising 1.2%. Market fear eased slightly but remained in "Fear" territory. Altcoin performance was mixed, with gains concentrated in large-cap assets. Key Developments: U.S. spot Bitcoin ETFs ended an 8-week outflow streak with a $197.4M net inflow, aiding price stabilization. On-chain, stablecoin growth was minimal. Robinhood Chain's TVL surpassed $132M within two weeks, largely driven by institutional stablecoin deposits. MicroStrategy executed its first major BTC sale (3,588 BTC for $216M) to fund dividends, while maintaining a large BTC reserve. Institutional infrastructure advanced with Swift's blockchain pilot for tokenized deposits and growing Asia-Pacific stablecoin initiatives. *This is market analysis, not investment advice. Cryptocurrency investment is high-risk; assess your risk tolerance and implement strict risk management.*

marsbit1 год тому

BitMart Research Institute Weekly Highlights: Rising Rate Hike Expectations, Crypto Market Stabilizes Amid Fluctuations

marsbit1 год тому

Торгівля

Спот

Популярні статті

Як купити ELON

Ласкаво просимо до HTX.com! Ми зробили покупку Dogelon Mars (ELON) простою та зручною. Дотримуйтесь нашої покрокової інструкції, щоб розпочати свою криптовалютну подорож.Крок 1: Створіть обліковий запис на HTXВикористовуйте свою електронну пошту або номер телефону, щоб зареєструвати обліковий запис на HTX безплатно. Пройдіть безпроблемну реєстрацію й отримайте доступ до всіх функцій.ЗареєструватисьКрок 2: Перейдіть до розділу Купити крипту і виберіть спосіб оплатиКредитна/дебетова картка: використовуйте вашу картку Visa або Mastercard, щоб миттєво купити Dogelon Mars (ELON).Баланс: використовуйте кошти з балансу вашого рахунку HTX для безперешкодної торгівлі.Треті особи: ми додали популярні способи оплати, такі як Google Pay та Apple Pay, щоб підвищити зручність.P2P: Торгуйте безпосередньо з іншими користувачами на HTX.Позабіржова торгівля (OTC): ми пропонуємо індивідуальні послуги та конкурентні обмінні курси для трейдерів.Крок 3: Зберігайте свої Dogelon Mars (ELON)Після придбання Dogelon Mars (ELON) збережіть його у своєму обліковому записі на HTX. Крім того, ви можете відправити його в інше місце за допомогою блокчейн-переказу або використовувати його для торгівлі іншими криптовалютами.Крок 4: Торгівля Dogelon Mars (ELON)Легко торгуйте Dogelon Mars (ELON) на спотовому ринку HTX. Просто увійдіть до свого облікового запису, виберіть торгову пару, укладайте угоди та спостерігайте за ними в режимі реального часу. Ми пропонуємо зручний досвід як для початківців, так і для досвідчених трейдерів.

199 переглядів усьогоОпубліковано 2024.12.12Оновлено 2025.03.21

Як купити ELON

Обговорення

Ласкаво просимо до спільноти HTX. Тут ви можете бути в курсі останніх подій розвитку платформи та отримати доступ до професійної ринкової інформації. Нижче представлені думки користувачів щодо ціни ELON (ELON).

活动图片