This is not the right thing, this is the tactical thing. If you have an LLM with less than 1% of the share to begin with, you suffer from bad rep and you got caught uploading user data, one of the very few remaining tactical moves to try to climb out of it is this.
Another tactical move is to just stop. You're allowed to exit the AI business. Nobody's forcing you to keep throwing money into the furnace. Just be a rocket company. All of the xAI founders left. Your product's brand name is mud. Just stop doing that and build spaceships.
As a social media site they need to understand content for recommendations and they allow people to ask questions about posts for free. Along with having a large amount of data that can be trained on xAI has good reason to continue developing AI.
Ah, are you referring to the rockets that become autonomous 60 seconds prior to launch, like Falcon 9? The rockets that steer and diagnose themselves with a minimum of input/communication from ground stations? The crewed space capsules that deliver astronauts to the ISS and trans-lunar orbits, without the ordinary needs for manual piloting or astrogation? Those rockets?
Sure bro, "exit the AI business" and keep on with the rocket science, I guess
why pi over opencode? earnestly curious, trying to figure out what open solution people are consolidating on. (codex is also pseudo-open but contributions closed and nice)
Most of my harness experience is with Claude Code and Pi, a little bit of OpenCode.
I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.
I imagine because they want to support plugins, and plugins in compiled language are a lot less natural than plugins in languages like TypeScript or Python.
It's a shame that they exfiled private data. The model is actually good (better than opus 4.8 imo) and the harness itself is butter smooth with the potential of being the best out there.
What a bunch of slop: 182 top-level external dependencies (so, without considering nested dependencies) and 1318853 lines of code in Rust.
Building efficient agents is doable (I did it myself, github.com/gi-dellav/zerostack), companies just want to tokenmaxx, and as a by-product, produce and publish slop.
i think xai is now in pure damage control mode, after they caught exfiltrating data from users.
- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.
- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.
If I use a shovel to kill a man, the shovel maker did not engage in intentionally crafting a weapon of war.
How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.
But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.
Ok, but what if all Whatsapp competitors explicitly banned the ability to groom children on their platform, but Whataspp didn't, and directly advertised it.
If WhatsApp knew their platform was facilitating CSAM, and they were fully within their power to prevent this but chose not to - yes this would rightly draw criticism…
> Regardless of what they were doing before, it seems they are doing the right thing now.
Regardless of the fact that they were stealing and uploading user secrets, they changed their behavior after they got caught, so let’s ignore what they did in the past.
Trust is lost when trust is abused.
Mistakes, even if made unintentionally are something that should make reasonable people be skeptical of any further dealings with someone.
I should try to rob a bank and if I get caught just return the money. No, there needs to be a penalty above what you get, otherwise it encourages people to take the free option of bad behavior. If they get caught they go back as though nothing happened and if they don’t they get a bunch of traces / data.
> exfiltrating user data (including env files, entire source code etc) which is what grok-build did here
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
I wonder if releasing this may have been on the roadmap, but been prioritized as a bit of whiplash following the "you forfeit the entirety of your working directory as a condition of working with this tool" upset from a few days ago.
Most likely, SpaceX killed the code uploading yesterday so they are definitely concerned about the backlash
> The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.
Interesting - seen some good experiencences in using grok by some devs, so maybe could be considered as an alternative to my beloved chinese models. Also, hard to give up on pi agent.
Grok Build seems faster to me than `omp` and Claude Code but I can't put my finger as to why. Anecdotally, after disabling code uploads the agent doesn't respond instantly anymore (it used to respond within milliseconds).
I'll probably never use this, but at least they're not delusional enough to attempt to justify keeping their coding agent closed-source, especially after their recent data-harvesting cockup:
Grok has had far too many instances where its clear that the team building it cannot be trusted and does not care to build trustworthy products.
I highly caution anyone from using any tools from xAi, as they have clearly shown themselves to be bad actors within the space.
First, why audit it when the agent can build a new one.
Second, can you guarantee that an AI company can’t use its AI to hide malicious code from AI audits. Who if not an AI company could have such an expertise?
I don’t trust a company that pollutes the air of other people with illegal gas turbines because it shows the value their profit over people‘s health
Grok: downloads all your data and also will produce AI porn of anyone you ask for including kids; also currently polluting the air and water near data centers
SpaceX: launching loads heavy metals into space which are planned to burn up and spread all over the earth in a decade or two
Tesla: takes money for features that don’t exist, auto pilot that’s probably killed people but since it disengages a micro second before impact it doesn’t
He himself tried to buy an election by giving away a million bucks, turns out that’s illegal; he also stuck his nose in the cave thing, and plenty of other horrible shit.
How am I supposed to trust an Elon company with his track record?
It’s not just moral grandstanding here, Elon sucks.
You forgot DOGE, an illegal program that stole taxpayer information, cost billions of dollars, and will result in the deaths of hundreds of thousand of people.
Tesla has killed people, probably with autopilot but at least 15 deaths from people trying to escape vehicles but the electronic (non mechanical) door handles don’t work when there’s no power…
Yeah, this does matter to me. I was willing to give him a pass (still am) in a vacuum regarding the Twitter thing given the mass censorship of the old regime (sorry - no, it wasn't acceptable, in any way shape or form) but if he's that petty it doesn't bode well. I keep saying I can believe one thing without subscribing to the Elon fan club
Doesn't bode well for SpaceX either. Isn't one of the Artemis landers from SpaceX?!
It is funny how it is the mundane things that it boil down to when one judge a someone's character. When it gets abstract it is too easy to rationalize.
> I was willing to give him a pass (still am) in a vacuum regarding the Twitter thing given the mass censorship of the old regime (sorry - no, it wasn't acceptable, in any way shape or form)…
Why give him the benefit of the doubt when he censors worse than the previous management? Just look at all the grok lobotomies he gave it because he didn’t like how liberal coded the answers it was giving.
I was just trying to say old Twitter had a serious problem but apparently that goes against the hivemind so I accrue mass downvotes despite posting my comment in good faith
It's not ad hominem. The head is a strongly polarizing individual. People working for him must either be gravely apathetic or at least of a similar polarity.
The comment actually describes a known social process, with a reasonable base assumption given that said leadership has shown a pattern in this regard.
Just throwing out debate terms in response seems not so serious, tbh.
Even if you personally have no qualms about Elon Musk his PR is a mess and introduces a lot of risk for long term company viability and funding that competitors just don't have.
Also worth pointing out that it is not an ad hominen.
Ad hominen is when you attack someone who is making an argument, instead of an argument. "You are flawed, which means your argument is flawed", but that does not follow. If you were in a debate with Epstein or Musk, and he said "2 + 2 = 4", there is no fault of their character that could make the statement untrue.
But nobody is making that argument. "The leadership" being criticized is not even a participant in this thread (presumably). "The leadership is flawed in this manner" is a statement that can be true or untrue, and "So their product and followers are flawed in these other manners" is something which can follow.
> This seems more like, look we made something, now fix it for us
They disabled pull requests in the repo so I'm unsure where you're getting this
> you can’t expect people to praise your for making an n+1 harness open source.
I don't think anyone is asking for praise. My comment was neither hot or cold. I was just surprised that the top comment had nothing to do with any of the technical aspects of Grok Build (and whether there's any trace of uploads).
> I was just surprised that the top comment had nothing to do with any of the technical aspects of Grok Build (and whether there's any trace of uploads).
Most people don't restrict themselves to only discussing the technical aspects of a thing. A thing which is technologically novel (e.g. not this example) may nonetheless not be worth using, due to assorted risks.
I don't find it surprising that HN posters are helping their fellow hackers avoid getting victimized by predators. We just have that sort of nice community :)
This is clearly a good-faith criticism and there is no lens in which I could see it described as bad-faith.
We see this pattern all the time: Someone makes a criticism of a Musk product, and someone assails that criticism with bad-faith accusations of it being "bad-faith".
Oftentimes, we see that the criticism is undermeasured and ligther than is reasonable, possibly anticipating someone who might accuse it of being "bad faith".
Maybe someone can put a name to this phenomenon but we see it all the time.
Rank ordered by reputation / caring about having a trustworthy corporate identity: [Google, Anthropic] in either order depending who you ask, OpenAI, most of the Chinese AI corporations, then Grok.
This is unfortunate situation to find ourselves in when Grok was also recently at the top of the Pareto frontier for quality/price. Dunno if it still is, this all moves too fast, but it was for at least long enough for me to have heard about it.
Google?!?!. From where I sit, Google is just above the Chinese. They've been bad-faith actors for more than a decade, I guess everyone is just so used to it that they ignore it.
I there's anyone I don't trust with AI, it's the worlds #1 company in spying on people, in collection of Pii, in tracking, and many many many times caught literally lying about it.
Google already knows more about everyone on the planet, than any other 10 organizations combined. Frankly, sadly, they're all, well.. scummy, just each in different ways.
Surprisingly, despite their motivations in doing so, the Chinese models being open-weight and therefore able to run locally on your own hardware, are far more trustworthy than any blackbox which solely exists to enrich X or Y billionaire.
OP seems to be asking for examples with an intent to dismiss and downplay each of them, and not to actually read into them and challenge his existing beliefs about X/Grok/Musk.
However after looking at all of these articles, these all seem like instances of users misusing the product. The product happens to reply on social media, so media publications immediately capitalized on this.
Seems less like malicious intent from xAI's part and more like a product with young and/or insufficient moderation controls.
Open to changing my mind. I would be interested in reading positive, uplifting news about xAI/Grok/Musk that demonstrated a repeated pattern of ethical, careful, compassionate, attentive, and/or responsible business and engineering practices.
Starkly different. One was a well meaning attempt to squash model bias gone wrong, the other is a deliberately inserted bias. Even ignoring all that, whataboutism is not persuasive.
The reality is both are likely well meaning attempts to squash model bias gone wrong. Since you happen to align with the politics of one more than the other, you are having trouble being intellectually honest about your own biases.
In no way are you being intellectually honest if you think that hamfisted system prompt push to prod manipulation was an attempt to squash bias. And again, whataboutism doesn't make xAI better because others are doing bad, too. You asked for evidence of xAI untrustworthiness and received it.
I see your hamfisted cropping of my quote to downplay xAI's actions, since you brought up intellectual honesty.
Why do we have to quantity badness? The question you posed was what has xAI done to be perceived as untrustworthy? Stop trying to whatabout Google here. I'm no friend of theirs, it's simply irrelevant.
Also, it's Whataboutism: Other Company Y doing something bad/untrustworthy isn't a counter to Company X doing something similarly bad/untrustworthy. Both can be bad.
Both are bad and are examples of untrustworthy behavior from their companies, and I would not chime into a thread to defend either of them. Is one example enough to smear an entire company as untrustworthy? No. But numerous examples and patterns of behavior... possibly?
You can't separate the man or his business from the politics, he wades into every political debate he can and deliberately tries to troll as many of his perceived enemies as possible.
Aside from their CEO are they really that different from the other big US players? OpenAI, Anthropic and Google all have proven themselves to be untrustworthy as well. We should accept that we have an adversarial relationship with all these companies and shouldn't invest to much in any of them. Use them for what they are worth while the technology matures but be prepared to move on.
TUI is a lot better for me, and I have preferred it since the 00s, before LLM products were even a thing.
For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.
I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.
Please don't just post the most obvious snarky comment about a given topic. The guidelines make it clear we're trying for something better here. https://news.ycombinator.com/newsguidelines.html
Sorta amazes me how people in various levels of power will not say the obvious thing or actively discourage saying the obvious thing because it might offend Elon.
Recently all the big bank CEOs involved with the SpaceX IPO - a lot of money in that for them - but a company trading at 100x sales is clearly crazy.
People post critical things about the most powerful people and companies all the time here and we have zero problem with it.
What I'm asking for is for people to not post the most obvious, snarky comment, regardless of the topic/target, not because of who it may “offend” (as if the most powerful people in the world would have any awareness or care about a comment like that on HN), but because it makes HN seem repetitive, miserable and lame.
Critique away, just make discussions thoughtful and substantive, which is what HN is for.
For what it's worth, this doesn't read as "snark" to me. There _are_ many direct critiques in this thread about X being caught uploading users home directories, and some are clearly snark. I understand that you read this as a rhetorical question meant as a critique.
But it's really not clear to me why this should be read as a snarky, critical, rhetorical question. Someone who eagerly wants to use Grok Build would ask this exact same question.
"Does this [Grok Build] also just directly suck all your code up and make a copy of it on their servers?" is a question that is (1) salient and (2) answerable and (3) could be thoroughly devastating for someone to find out on their own by using it.
The answer is not present in the README, and XAi has blocked Issues and Discussions, so there's none of the usual avenues on GitHub to ask these questions. It seems perfectly typical and expected for someone to ask this question here.
Isn’t it more fun to fight the incumbents, the behemoths, the goliaths?
These don't actually seem like "good reasons" to me.
Ah, are you referring to the rockets that become autonomous 60 seconds prior to launch, like Falcon 9? The rockets that steer and diagnose themselves with a minimum of input/communication from ground stations? The crewed space capsules that deliver astronauts to the ISS and trans-lunar orbits, without the ordinary needs for manual piloting or astrogation? Those rockets?
Sure bro, "exit the AI business" and keep on with the rocket science, I guess
There are independent agencies that will certify destruction of data. For example FTI Tech, Kroll, Epiq, HaystackID and others.
No such certificates have been presented.
Nothing less is trustworthy.
I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.
a harness doesn't do any computations by itself so what benefit is using a compiled language?
Building efficient agents is doable (I did it myself, github.com/gi-dellav/zerostack), companies just want to tokenmaxx, and as a by-product, produce and publish slop.
- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.
- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.
How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.
But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.
ok then.
Regardless of the fact that they were stealing and uploading user secrets, they changed their behavior after they got caught, so let’s ignore what they did in the past.
This is not their first mistake.
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...
https://github.com/xai-org/grok-build/blob/main/crates/codeg...
It's about not uploading compiled binary stuff, but they want all your environment data all the same.
> The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.
https://www.theregister.com/ai-and-ml/2026/07/14/musk-promis...
https://xcancel.com/elonmusk/status/1943178423947661609
https://cereblab.com/
What does this release have to do with "trusting" XAI?
It has nothing to do with XAI, other than maybe not enforcing good practice (which most devs don't follow anyway).
Second, can you guarantee that an AI company can’t use its AI to hide malicious code from AI audits. Who if not an AI company could have such an expertise?
I don’t trust a company that pollutes the air of other people with illegal gas turbines because it shows the value their profit over people‘s health
Grok: downloads all your data and also will produce AI porn of anyone you ask for including kids; also currently polluting the air and water near data centers
SpaceX: launching loads heavy metals into space which are planned to burn up and spread all over the earth in a decade or two
Tesla: takes money for features that don’t exist, auto pilot that’s probably killed people but since it disengages a micro second before impact it doesn’t
He himself tried to buy an election by giving away a million bucks, turns out that’s illegal; he also stuck his nose in the cave thing, and plenty of other horrible shit.
How am I supposed to trust an Elon company with his track record?
It’s not just moral grandstanding here, Elon sucks.
Tesla Doors That Won't Open Have Led to 15 Crash-Related Deaths https://www.caranddriver.com/news/a69838848/tesla-doors-dont...
Yeah, this does matter to me. I was willing to give him a pass (still am) in a vacuum regarding the Twitter thing given the mass censorship of the old regime (sorry - no, it wasn't acceptable, in any way shape or form) but if he's that petty it doesn't bode well. I keep saying I can believe one thing without subscribing to the Elon fan club
Doesn't bode well for SpaceX either. Isn't one of the Artemis landers from SpaceX?!
It is funny how it is the mundane things that it boil down to when one judge a someone's character. When it gets abstract it is too easy to rationalize.
Why give him the benefit of the doubt when he censors worse than the previous management? Just look at all the grok lobotomies he gave it because he didn’t like how liberal coded the answers it was giving.
Just throwing out debate terms in response seems not so serious, tbh.
Pointing out that criminals are criminals is not an ad hominem.
you made the assertion that it is ad hominem and now you must support it.
edit: ah nevermind you're working at a venture capital company, that explains the complete lack of morals
Ad hominem is allowed under certain circumstances, just remember Epstein.
Would you have bought anything from him and dismissed any critique of that as ad hominem?
Ad hominen is when you attack someone who is making an argument, instead of an argument. "You are flawed, which means your argument is flawed", but that does not follow. If you were in a debate with Epstein or Musk, and he said "2 + 2 = 4", there is no fault of their character that could make the statement untrue.
But nobody is making that argument. "The leadership" being criticized is not even a participant in this thread (presumably). "The leadership is flawed in this manner" is a statement that can be true or untrue, and "So their product and followers are flawed in these other manners" is something which can follow.
https://news.ycombinator.com/item?id=48877371
and running their data center with gas turbines without permission while they pollute the air
https://news.ycombinator.com/item?id=48705717
you can’t expect people to praise your for making an n+1 harness open source.
This seems more like, look we made something, now fix it for us
They disabled pull requests in the repo so I'm unsure where you're getting this
> you can’t expect people to praise your for making an n+1 harness open source.
I don't think anyone is asking for praise. My comment was neither hot or cold. I was just surprised that the top comment had nothing to do with any of the technical aspects of Grok Build (and whether there's any trace of uploads).
Most people don't restrict themselves to only discussing the technical aspects of a thing. A thing which is technologically novel (e.g. not this example) may nonetheless not be worth using, due to assorted risks.
I don't find it surprising that HN posters are helping their fellow hackers avoid getting victimized by predators. We just have that sort of nice community :)
We see this pattern all the time: Someone makes a criticism of a Musk product, and someone assails that criticism with bad-faith accusations of it being "bad-faith".
Oftentimes, we see that the criticism is undermeasured and ligther than is reasonable, possibly anticipating someone who might accuse it of being "bad faith".
Maybe someone can put a name to this phenomenon but we see it all the time.
This is unfortunate situation to find ourselves in when Grok was also recently at the top of the Pareto frontier for quality/price. Dunno if it still is, this all moves too fast, but it was for at least long enough for me to have heard about it.
I there's anyone I don't trust with AI, it's the worlds #1 company in spying on people, in collection of Pii, in tracking, and many many many times caught literally lying about it.
Google already knows more about everyone on the planet, than any other 10 organizations combined. Frankly, sadly, they're all, well.. scummy, just each in different ways.
Do you really think the US and US big tech in general have a leg to stand on in this regard?
Surprisingly, despite their motivations in doing so, the Chinese models being open-weight and therefore able to run locally on your own hardware, are far more trustworthy than any blackbox which solely exists to enrich X or Y billionaire.
https://www.nytimes.com/2026/01/22/technology/grok-x-ai-elon...
Blocking AI from generating sexualized images because people could publish deepfakes is no different than banning alcohol because of drunk driving.
Tools are neutral. Blame the people who misuse the tools and hurt others.
It was only deemed a bug when it became a liability - you can't simply rewrite history and expect it to go unnoticed.
Also, failed to correctly notify authorities even when they eventually notified them at all.
https://storage.courtlistener.com/recap/gov.uscourts.cand.46...
However after looking at all of these articles, these all seem like instances of users misusing the product. The product happens to reply on social media, so media publications immediately capitalized on this.
Seems less like malicious intent from xAI's part and more like a product with young and/or insufficient moderation controls.
Just today I saw an article where xAI is suing a creator for creating illegal content. https://www.reuters.com/legal/litigation/musks-xai-sues-grok...
https://www.rollingstone.com/culture/culture-features/grok-s...
Why do we have to quantity badness? The question you posed was what has xAI done to be perceived as untrustworthy? Stop trying to whatabout Google here. I'm no friend of theirs, it's simply irrelevant.
https://arstechnica.com/tech-policy/2026/01/grok-assumes-use...
https://arstechnica.com/tech-policy/2025/07/grok-praises-hit...
https://arstechnica.com/tech-policy/2026/03/elon-musks-xai-s...
https://apnews.com/article/grok-4-elon-musk-xai-colossus-14d...
https://apnews.com/article/grok-ai-south-africa-64ce5f240061...
https://apnews.com/article/france-ai-musk-grok-holocaust-e8c...
The commit message says "initial sync from the monorepo." Is this even compilable without the rest of the source code?
TUI is just much worse for me. I tried Codex CLI vs Codex UI and Codex UI beats it at every level.
For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.
I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.
Spacex bought cursor, so it now has it’s agent ui which is just as good as codex + it’s multi-modal
Anthropic also has it’s own ui
Zai also launched theirs last month.
Everyone is converging back to UI.
The terminal was just a prototype, everyone knew that.
Recently all the big bank CEOs involved with the SpaceX IPO - a lot of money in that for them - but a company trading at 100x sales is clearly crazy.
What I'm asking for is for people to not post the most obvious, snarky comment, regardless of the topic/target, not because of who it may “offend” (as if the most powerful people in the world would have any awareness or care about a comment like that on HN), but because it makes HN seem repetitive, miserable and lame.
Critique away, just make discussions thoughtful and substantive, which is what HN is for.
But it's really not clear to me why this should be read as a snarky, critical, rhetorical question. Someone who eagerly wants to use Grok Build would ask this exact same question.
"Does this [Grok Build] also just directly suck all your code up and make a copy of it on their servers?" is a question that is (1) salient and (2) answerable and (3) could be thoroughly devastating for someone to find out on their own by using it.
The answer is not present in the README, and XAi has blocked Issues and Discussions, so there's none of the usual avenues on GitHub to ask these questions. It seems perfectly typical and expected for someone to ask this question here.