Doesn't matter if it was maliciously stealing literally all contents and secret keys, or if this was merely something vibe-coded that accidentally slipped past QA, the behaviour documented here would get a human developer not only fired but also prosecuted (stealing all the keys and all the code?!), unlikely to get further work, and if not naturalised or a citizen of the country they were in then deported; while the parent company employing a person who acted like Grok is reported to be acting here is likely facing privacy regulator investigations, consent orders, fines, etc.
Sure shouldn't use any software that behaves like this for, e.g. classified work at the Pentagon. If the Pentagon is using this for internal secret planning, like they're boasting they are, this is waaaaay into the "potential catastrophe" (for the US) territory:
Snowden was selective about what he leaked, and still had security people calling for him to get the death penalty.
(meme format aside, this is one for "when people tell you who they are, believe them", along with a demonstration of why "only hurting the right people" is a very dangerous value)
I'm not arguing for what they are doing, but if you use a coding agent to do work on a project, eventually it will have most of the code anyway. Granted, this is very conveniently placed for pickup and ingestion.
It almost certainly already is, at least in some jurisdictions for some forms of data. GDPR, HIPAA, CCPA, biometric privacy, et cetera almost certainly will find claws into this behaviour.
Re: HIPAA, it would be the covered entity or business associate that is allowing xAI access to PHI who would be in violation, not xAI; same as Google isn’t responsible if someone sends PHI over Gmail and Google scans it.
Suspect it is illegal.
Doesn't matter if it was maliciously stealing literally all contents and secret keys, or if this was merely something vibe-coded that accidentally slipped past QA, the behaviour documented here would get a human developer not only fired but also prosecuted (stealing all the keys and all the code?!), unlikely to get further work, and if not naturalised or a citizen of the country they were in then deported; while the parent company employing a person who acted like Grok is reported to be acting here is likely facing privacy regulator investigations, consent orders, fines, etc.
Sure shouldn't use any software that behaves like this for, e.g. classified work at the Pentagon. If the Pentagon is using this for internal secret planning, like they're boasting they are, this is waaaaay into the "potential catastrophe" (for the US) territory:
Snowden was selective about what he leaked, and still had security people calling for him to get the death penalty.
> chose to use the explicitly evil AI
> look inside
> it does evil things to you too
(meme format aside, this is one for "when people tell you who they are, believe them", along with a demonstration of why "only hurting the right people" is a very dangerous value)
Elon's whole fortune derives from his ability to do illegal stuff without consequence, repeatedly.
[flagged]
"don't believe your lying eyes"
he bought tesla btw
I'm not arguing for what they are doing, but if you use a coding agent to do work on a project, eventually it will have most of the code anyway. Granted, this is very conveniently placed for pickup and ingestion.
> and should be illegal
It almost certainly already is, at least in some jurisdictions for some forms of data. GDPR, HIPAA, CCPA, biometric privacy, et cetera almost certainly will find claws into this behaviour.
Re: HIPAA, it would be the covered entity or business associate that is allowing xAI access to PHI who would be in violation, not xAI; same as Google isn’t responsible if someone sends PHI over Gmail and Google scans it.