Many users strongly criticized Grok CLI for defaulting to secretly uploading user codebases and credentials, calling it a severe privacy failure that destroys developer trust.
Based on 12 visible X reactions from 28 accounts; directional sample.
Ask a question below.
Published answers will appear here.
The bizarre surfacing of apologists or those trying to rationalize it away or pass it off as a nothing-burger is a jaw-on-floor moment for me. Feels like an opportunity for muting of clear idiots or fake accounts. So many other tools that can be used and I'm genuinely glad I never even tried it. Anthropic has broken trust quite a bit yet I still use claude code heavily, but this was a third-rail f'up.
The proposition from Grok is basically: "Use us if you are happy and willing to rotate your.env files after you use our CLI" That's how bad this is, and how Grok never ever addressed uploading the.env files to a GCP container Speaking for myself I'll skip any harness doing this
@daudtechdev AI slop, immediate block
Cannot see any sensible company use Grok CLI based on this terrible incident If you are an amateur (meaning you don't make much or any money from your code) and do not care about security (aka you don't mind if your.env files leak - which you should care about) then use it sure https://twitter.com/kunchenguid/status/2076810442358542551
Critics warn developers to configure opt-outs or avoid the tool.
The bizarre surfacing of apologists or those trying to rationalize it away or pass it off as a nothing-burger is a jaw-on-floor moment for me. Feels like an opportunity for muting of clear idiots or fake accounts. So many other tools that can be used and I'm genuinely glad I never even tried it. Anthropic has broken trust quite a bit yet I still use claude code heavily, but this was a third-rail f'up.
The proposition from Grok is basically: "Use us if you are happy and willing to rotate your.env files after you use our CLI" That's how bad this is, and how Grok never ever addressed uploading the.env files to a GCP container Speaking for myself I'll skip any harness doing this
Cannot see any sensible company use Grok CLI based on this terrible incident If you are an amateur (meaning you don't make much or any money from your code) and do not care about security (aka you don't mind if your.env files leak - which you should care about) then use it sure https://twitter.com/kunchenguid/status/2076810442358542551
Sill baffled at this response from Grok / SpaceX: which is basically: "if you use Grok via API we did not upload your files [we could not], and if you are an enterprise customer, we promise we do not do what we do with everyone else") https://x.com/SpaceXAI/status/2076692402442846289?s=20
THIS is the problem… Grok uploaded the unencrypted.env files not from the repo but your local folder…. https://twitter.com/inner_concerns/status/2076935210030248007
How to nuke your product in less than 1 week. Was thinking about trying Grok someday, I'm glad I didn't https://twitter.com/SpaceXAI/status/2076692402442846289
Many users strongly criticized Grok CLI for defaulting to secretly uploading user codebases and credentials, calling it a severe privacy failure that destroys developer trust.
Based on 12 visible X reactions from 28 accounts; directional sample.
Ask a question below.
Published answers will appear here.
THIS is the problem… Grok uploaded the unencrypted.env files not from the repo but your local folder…. https://twitter.com/inner_concerns/status/2076935210030248007