logoalt Hacker News

ahmadyanyesterday at 9:33 PM5 repliesview on HN

i think xai is now in pure damage control mode, after they caught exfiltrating data from users.

- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.

- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.


Replies

bobsomersyesterday at 10:01 PM

And for generating an absolutely gargantuan amount of CSAM and non-consensual sexualized images, but yeah, exfiltrating data too.

show 3 replies
m4rtinktoday at 12:48 AM

How can an AI agent, that is usually running on some machine in the cloud, even run without actually pulling in the data into the cloud to work with it ?

Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?

Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.

electricloveyesterday at 9:38 PM

[flagged]

show 1 reply
lifthrasiiryesterday at 9:40 PM

> exfiltrating user data (including env files, entire source code etc) which is what grok-build did here

I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.

[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...

show 2 replies