Remix.run Logo
ahmadyan 5 hours ago

i think xai is now in pure damage control mode, after they caught exfiltrating data from users.

- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.

- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.

bobsomers 5 hours ago | parent | next [-]

And for generating an absolutely gargantuan amount of CSAM and non-consensual sexualized images, but yeah, exfiltrating data too.

blizzard_dev_17 3 hours ago | parent | next [-]

You're the one wanting to generate that though

jdiff 2 hours ago | parent [-]

No other model is so easy to generate such things. No model is so negligent in adding safeguards. I've seen it generate such things in response to a post that was clearly labeled as a 4th grader. The person you are talking to is responding to instances like that. They're not asking for it, that's obnoxiously silly and disingenuous.

dijit 4 hours ago | parent | prev [-]

If I use a shovel to kill a man, the shovel maker did not engage in intentionally crafting a weapon of war.

How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.

But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.

afavour 4 hours ago | parent | next [-]

Just as well Grok isn’t a shovel then, hey?

If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?

skissane 3 hours ago | parent [-]

> If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?

This is impossible-nobody can possibly block all illegitimate uses without also blocking some legitimate ones as collateral damage. Any moderation process (whether automated or human) inevitably has a non-zero false positive rate.

Now, you can argue that some misuse is so harmful, that the cost of false positives is worth it - but that’s a different claim.

afavour 3 hours ago | parent [-]

I didn’t say block all illegitimate uses, though. We’re talking very specifically about disabling the production of CSAM. Which is something Grok seems to be able to do now! So I’m curious what legitimate uses had to be sacrificed in order to do so.

skissane 40 minutes ago | parent [-]

> I didn’t say block all illegitimate uses, though. We’re talking very specifically about disabling the production of CSAM

But what is “CSAM”? If by it you mean illegal material-different jurisdictions worldwide have different laws on that topic, so material which is illegal in one jurisdiction can be legal in another.

afavour 7 minutes ago | parent [-]

Ok, then let’s just say CSAM by definition of US law.

Twice now you’ve tried to expand the parameters of this so that it becomes something impossible to tackle. But there’s no actual reason to do that.

Grok is able to tackle CSAM, as demonstrated by the fact that they are currently doing it. The question is why they ignored the very public issue for as long as they did.

solumunus 4 hours ago | parent | prev | next [-]

If WhatsApp knew their platform was facilitating CSAM, and they were fully within their power to prevent this but chose not to - yes this would rightly draw criticism…

dijit 4 hours ago | parent [-]

oh, we're just making shit up now because we don't like a company..

ok then.

jazzpush2 4 hours ago | parent | prev [-]

Ok, but what if all Whatsapp competitors explicitly banned the ability to groom children on their platform, but Whataspp didn't, and directly advertised it.

dijit 4 hours ago | parent [-]

I find the premise of your comment completely incredulous.

I totally understand tribalism, and Elon and X aren't exactly well favoured. (not even by me)

But what you're saying right now is that they advertised the fact that they can create child pornography and deepfakes..

I simply don't believe it, unless you provide evidence.

brokencode 3 hours ago | parent [-]

Elon himself promoted Grok’s “spicy mode” that allowed generating NSFW content that the other AI vendors wouldn’t touch with a 20 foot pole.

Believe whatever you want. Elon’s beliefs and personality problems have been baked into the core of Grok, so it’s no surprise that it turned out to be a CSAM-generating MechaHitler that steals people’s data.

Anybody surprised when Grok turns out to be trash really should read up on the guy who made it.

dijit 3 hours ago | parent [-]

Tumblr also permitted some more risqué content.

Yet we (rightly) condemned those that used this leniency to do nefarious things.

I'm really ready to get on the Elon hate train, and I will grant you that there was a problem that needs fixing, but I'm really not happy with the amount of censorship on these generative AI platforms.

Groks harness also clearly biases towards Elons views, Yet the washington post claims it's the most even handed and least likely to give politically biased answers: https://www.washingtonpost.com/technology/interactive/2026/0...

idk how to interpret all this, despite being genuinely anti-Elon, I don't think I'm personally willing to immolate a company forever because the guardrails were temporarily too loose.

I'm not trying to make an equivalency for facts vs deepfake porn, but there is one there unfortunately, and overall internet freedom has been curtailed a lot by advertising friendliness.

brokencode 2 hours ago | parent [-]

I also don’t think one mistake should define a company. But for me it’s just about trust.

Musk has proven time after time that he doesn’t deserve my trust. I will never trust Grok as long as he’s in charge of it.

I agree that the guardrails on the top models have gotten out of hand, though.

Fable for instance won’t answer even basic health questions. As if you are going to take nutrition advice and make a bioweapon with it.

Partly this is due to government interference. Hopefully we get to a better place as competition heats up with open and Chinese models.

m4rtink 2 hours ago | parent | prev | next [-]

How can an AI agent, that is usually running on some machine in the cloud, even run without actually pulling in the data into the cloud to work with it ?

Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?

Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.

5 hours ago | parent | prev | next [-]
[deleted]
electriclove 5 hours ago | parent | prev | next [-]

[flagged]

solid_fuel 5 hours ago | parent [-]

> Regardless of what they were doing before, it seems they are doing the right thing now.

Regardless of the fact that they were stealing and uploading user secrets, they changed their behavior after they got caught, so let’s ignore what they did in the past.

SirHackalot 5 hours ago | parent | next [-]

Average Musk Stan mentality… It’s why we’re here.

electriclove 5 hours ago | parent | prev [-]

[flagged]

SimianSci 5 hours ago | parent | next [-]

Trust is lost when trust is abused. Mistakes, even if made unintentionally are something that should make reasonable people be skeptical of any further dealings with someone.

This is not their first mistake.

sarjann 5 hours ago | parent | prev | next [-]

I should try to rob a bank and if I get caught just return the money. No, there needs to be a penalty above what you get, otherwise it encourages people to take the free option of bad behavior. If they get caught they go back as though nothing happened and if they don’t they get a bunch of traces / data.

5 hours ago | parent | prev | next [-]
[deleted]
tapoxi 5 hours ago | parent | prev [-]

That's not FUD though, they literally did that. Once trust is lost you don't just get it back. It takes a very long time to rebuild that.

lifthrasiir 5 hours ago | parent | prev [-]

> exfiltrating user data (including env files, entire source code etc) which is what grok-build did here

I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.

[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...

threecheese 4 hours ago | parent | next [-]

It must have been removed, given that the initial evidence of the exfil specifically demonstrated .env files being included. And .ssh/* for the user which ran this in $HOME.

stefan_ 5 hours ago | parent | prev [-]

No, those are directory names not uploaded. Here are the file names skipped:

https://github.com/xai-org/grok-build/blob/main/crates/codeg...

It's about not uploading compiled binary stuff, but they want all your environment data all the same.