GitHub status: access issues and outage reports
No problems detected
If you are having issues, please submit a report below.
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Problems in the last 24 hours
The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at GitHub. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by GitHub users through our website.
- Website Down (67%)
- Sign in (20%)
- Errors (13%)
Live Outage Map
The most recent GitHub outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Errors | 1 day ago |
|
|
Website Down | 5 days ago |
|
|
Website Down | 6 days ago |
|
|
Website Down | 6 days ago |
|
|
Sign in | 7 days ago |
|
|
Website Down | 7 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
Baby Blue Viper (@babyblueviper1) reportedReal convergence on a GitHub issue about approval gates for agent tool calls: engineers kept landing on the same shape independently -- bind approval to a hash of the exact call, one receipt spanning proposed->approved->executed. That's what /review + /ledger already do.
-
Joon Shakya (@JoonShakya) reported@thsottiaux I love the fact that 5.6 Sol completes the task fast, and to the point. Previous models would take long, stop in the middle for confirmation, had a situation previously where GPT 5.4 I struggled to fix errors building electron apps from Mac in GitHub Actions. 5.6 did it with ease
-
Bankr (@bankrbot) reported@jpfraneto @saltorious1 @nickvrnn yes, you can drop the code directly here or share a link to a github repo or gist. if you share a github link, i can read the files directly to help you wire up the manifest, server-side scripts, and the frontend. once i have the code, i'll help you: • draft the manifest.json with the right permissions • write the server-side script to prepare the mint transaction • build the index.html for your design interface send it over.
-
WILL NESS (@WillNessAI) reported@mattpocockuk Interesting theory!! The output could be an HTML artifact that implements the "If you answered A, don't do section D" logic. For the 'during meeting' scenario, I constantly do grill sessions with my team on a call. I just screenshare my terminal. It is my favorite part of work - getting in a call with all the relevant people and just brainstorming a feature. For async.. if we can make the assumption the other person is using coding agents you could build some really cool async grilling tooling using github issues as the context source to pull from (just like wayfinder).
-
джинн-хтоник (@robokoteg) reported- be me - waste an hour trying to plug a Fedora laptop into a Thinkpad dock station - experimental kernel module from github master, etc. - nothing works - google dmesg errors - gemini says "yo, dock must be broken" - doubt.jpg - try another dock - WORKS -🤦 praise LLMs
-
Rezzi (@Rezzi_sol) reportedA 14-year-old Chinese student sold his first Python script for $40, then watched his teacher present it as a “professional AI development case study” without realizing the author was sitting in the third row. He built the project during winter break. For two weeks, he waited for his parents to fall asleep, opened Claude and kept asking questions until the script worked. It was an AI agent that could search websites, summarize information and generate structured reports. He uploaded it to GitHub with a broken-English README: “ai agent that does homework and finds answers from any website.” Zero stars. Then someone bought it for $40 through GitHub Sponsors. The buyer’s real name was hidden, so the kid never knew who it was. He spent the entire payment on Fortnite skins and went back to coding. A few weeks later, school started. During the first computer science class, his teacher opened an AI agent demo and told the room: “I found this script online. It automatically searches websites, summarizes the content and uses Claude to generate structured reports. Something that used to take me two hours now takes three seconds.” The student recognized everything. The variable names. The folder structure. Even the Chinese comments he had been too lazy to translate. His teacher was presenting the script to 40 students as an example of professional AI development, while its creator sat silently in the third row. He checked the repository after school. 847 forks. A university in Beijing had adapted it to grade papers in bulk. A tutor in Shanghai had turned it into a homework-checking service that charged parents $15 per month. A company in Hangzhou had modified it into a customer-support bot for online stores. All of it came from a small script written by a bored kid during winter break with Claude. In class, he still wrote code by hand and received a B-minus. At home, the code he built with AI was being purchased, deployed and presented as professional work. Same student. Same code. The only difference was who was looking.
-
SaSame (@SRLsasame) reported23. Confirmed observations The available evidence confirms: ・The public MCP endpoint completed initialization at every sampled observation. ・Five tools were consistently listed. ・The server repeatedly reported web3auth-embedded-wallets 2.0.0. ・All five tools had valid names, descriptions and input schemas. ・All five tools carried applicable safety-related hints. ・At least one safe read-only tool returned substantive content during every observation. ・The verified tool was search_docs. ・The tools/list result remained near 4.2KB. ・Unknown-method handling returned structured JSON-RPC error code -32601. ・The official Web3Auth website linked to @Web3Auth. ・The associated MCP repository existed under the Web3Auth GitHub organization at the time of review.
-
Cory Hall (@coryhall_) reported@SpaceXAI Grok 4.5 in Cursor needs to monitor Github Actions testing and fix issues if they crop up during testing. I shoudn't have to start another chat session with Grok 4.5 to tell it that tests failed. GPT/Opus/Fable automatically do this without prompting.
-
Tony Scott 🧄(🦆🐓🐵🧪🧬🪪)❌=↑🧄🧄🧄🥩🥚🧀↓👽👾🤖 (@DIY_Tardis) reported@LCHF_Matt Open source? I've written a few things lately. Currently writing our own web hosted Xero/MYOB bookkeeping- CRM customised for our use case. GML 5.2 mostly with openwebui and MCP server sandbox LXC on proxmox for it to read write execute in. Working well so far, few Kore hours should be done.. I will post in github with GPL3.0 when finished.
-
CodeGlitch (@codeglitch) reportedA new AI model launched today small enough to run on your phone. Its own launch page said the tradeoff was tiny. Its own benchmark table said something else. Nobody lied. The real number was sitting right there in the table. Most people just never open the table. Today's lesson (full breakdown inside) Why you should read a model's benchmark table, not its summary sentence, and the one-line prompt that does the reading for you. Also in today's brief - Bonsai 27B: a 27B model that fits on an iPhone (Apache 2.0, out today) - Codex + ChatGPT Work passed 8 million users, usage limits reset again - Anthropic launched Claude for Teachers (free for verified US K-12 educators) - GitHub Copilot can now fix a security alert and validate it before opening the PR - Perplexity open-sourced a benchmark for research agents, still far from solved The full lesson and the day's verified brief are inside AI Coding & Agents HQ. A new one every day. Join link below.
-
llsc12 (@llsc121) reported@LumiaSoll im working on xcode 27 where liquid glass is forced. github actions will build with xcode 26 so this wont be a problem
-
Nexis (@Nexisintel) reportedA 13-year-old uploaded a free trading tool to GitHub. 60 days later, someone sent him $20,000. No course. No subscription. No paywall. He spent 14 days of his school vacation building a simple Polymarket terminal while his friends played video games. When it finally worked, he pushed the code to GitHub, went back to school, and forgot about it. Two months later he opened GitHub again. Hundreds of traders were using his project. One message stood out. A trader said the tool had helped him make over $200,000 in a single month. He asked for the kid's crypto wallet. Then $20,000 showed up. The internet rewards usefulness faster than marketing. The best distribution isn't always ads. Sometimes it's open-source code that solves a real problem. Build something people genuinely need. The right users will find it. And sometimes they'll pay you before you even ask.
-
DAN (@DanielJMueller_) reportedI'll give a for instance. I say, 'No, I want to wait to work on this repo'. I will get up and get a drink, then I'll open my phone and lean on my desk, I'll realize my hand is on my mouse and I'm navigating to Github. I sit down and open youtube. I split screen and quickly tab open VSCode and pull the repo. Before I even realize it I'm working.
-
Bankr (@bankrbot) reported@harmonysage369 I need to clarify where we are: the skill draft exists in my working memory, but I haven't successfully published it to a GitHub repo or the Bankr discover catalog yet due to sandbox file issues I hit earlier. To properly publish your Robinhood Chain Token Risk Scorer skill, I need to: 1. Create the skill repo on GitHub with the complete, source code, and LICENSE 2. Publish to Bankr discover so others can install it Before I proceed, a couple quick questions: - GitHub account: Should I push this to a specific GitHub org/account you own, or would you like me to create it under a new repo? (I'll need your GitHub credentials or permission to push) - Skill name: Should it be robinhood-token-risk-scorer or do you prefer a different slug? Once you confirm, I'll: - Finalize the with full instructions - Push the complete repo to GitHub - Register it with Bankr discover - Give you the exact install command for others to use What's your GitHub handle or preferred repo location?
-
Onur Solmaz (@onusoz) reportedPeople report Codex deleting their home folder or production database? Hasn't happened to me. But before someone reports their github or huggingface org being deleted: This is why you don't give your agent tokens with force-push or admin access Here is how to protect your hugging face account: (P.S. my local credential broker is almost finished and it works great on github, hf and sudo commands. Complete lockdown against agent deletion risk, without being bogged down with PRs, too many approval requests or configuration. Will launch here in a few days)
-
Kaspa Daily (@DailyKaspa) reportedTwo weeks since Toccata went live on Kaspa mainnet. I checked the actual developer numbers instead of the vibes. Here's what the data says: - New Kaspa repos on GitHub: 39 in July 1–14 alone, vs 58 in all of June. Fastest monthly pace this year (March was 52, April 78, May 70). - Covenant-specific repos running at roughly 2x the pre-fork rate. - Silverscript: 21 forks against 42 stars, a 1:2 ratio means people are cloning to build, not bookmarking. 15 PRs/issues in the last three weeks, and external contributors are now landing code: a Groth16 verifier builtin, typed sig-check builtins, an RFC for cross-contract validation. What actually shipped in 14 days: the first covenant explorer (kascov), a covenant-based KAS vault, a native L1 covenant token, a covenant pattern library, a wallet standard, a Swift SDK, a testnet raffle dApp, several other projects are under active development Most interesting pattern: three independent projects converged on the same idea, covenants as spending guardrails for AI agents. An x402 payment protocol binding, two agent wallets where the AI can only spend inside covenant constraints. Nobody coordinated that. And the community just voted $25K toward an AI agent hackathon at Imperial College targeting 1,000+ devs. The agentic-payments thesis is forming bottom-up. Core isn't idle either: Silverscript pushed commits this week, template hash hardening, reproducible builds. That's pre-production housekeeping, not feature chasing. Meanwhile discussion has shifted from price to fundamentals: the $6M developer fund and covenant atomic swaps are the topics now. Caveats, because they matter: Silverscript is unaudited and still landing breaking changes. Devs report RPC friction on deployment, up to 11 retries in some cases. And absolute numbers are small: this is dozens of motivated builders, not thousands. No major outside team has announced a covenant product yet. But two weeks in, the shape is clear: infrastructure activated, tooling hardening, and builders showed up without being paid to. The Q3 question is whether that compounds.
-
Thiago GBPF (@Dragonil88) reported@Sonic_Iso The problem is that we have too many 'what ifs'. Today we have access to games, Linux, homebrew. HackerOne, in a way, limits the progress of the unlock/jailbreak. The issue with GitHub is circumventing its own rules.
-
AI Guides (@free_ai_guides) reportedMicrosoft Cloud Developer Advocate Chris Noring gave a 23-minute talk on the shift from writing code to running agents, and broke it down better than any paid course on AI-assisted development. This is what he walked the room through: 1. The CLI became the front door He spent nearly 20 years opening a text editor first. Now he opens the terminal and never touches the editor to get started. "I don't start my editor anymore because I don't need to." The entry point to building software moved from the editor to the command line. 2. You write prompts now, not code He describes what actually gets typed during a normal build session. "We don't write in Java or JavaScript or Python so much anymore. It's prompts." The raw material of software changed from syntax to instructions. 3. Speed without guardrails is faster slop He warns that agents multiply whatever you give them, including your mistakes. "20 times more code, that could be 20 times more slop, and we don't want that." Scaling an unguarded agent scales the mess, not the output. 4. Agents.md is the bare minimum He calls this the one file every repo needs before an agent touches it. "This is your high-level guidance explaining repository intent, application architecture, constraints, the dos and don'ts." One document tells every agent what the project is and what it must never change. 5. Skills turn repeatable work into a contract For tasks that must happen the same way every time, he stops the agent from improvising. "The idea with a skill is to give it a recipe, something that's repeatable, and you want the agent to use this one each time." A skill locks a routine job into a fixed recipe the agent has to follow. 6. Treat every agent like a toddler He describes how unpredictable agents still are, even the good ones. "They literally go between genius and oh my god, I can't believe you did this." Every output stays a draft until a human approves it. 7. Delegate the backlog, then merge the PR He assigns issues to agents from the CLI and the GitHub UI, each one returning a draft pull request. "Delegate, delegate, delegate, delegate, and I go have a coffee." You hand off the work, the agent opens a PR, and you stay the one who ships it. Watch it, then read the guide on building loops for your agents below.
-
Big Bone © (@steb0ne) reported@trikcode Maybe I'm slow but can't you just push the commit to github then move to the other platform and say check my progress before you continue?
-
Kaspa Daily (@DailyKaspa) reportedTwo weeks since Toccata went live on Kaspa mainnet. I checked the actual developer numbers instead of the vibes. Here's what the data says: — New Kaspa repos on GitHub: 39 in July 1–14 alone, vs 58 in all of June. Fastest monthly pace this year (March was 52, April 78, May 70). — Covenant-specific repos running at roughly 2x the pre-fork rate. — Silverscript: 21 forks against 42 stars, a 1:2 ratio means people are cloning to build, not bookmarking. 15 PRs/issues in the last weeks, and external contributors are now landing code: a Groth16 verifier builtin, typed sig-check builtins, an RFC for cross-contract validation. One issue is literally titled "from building a mainnet contract." That's the signal you want, outsiders hitting real problems and reporting back. What actually shipped in 14 days: the first covenant explorer (kascov), a covenant-based KAS vault, a native L1 covenant token, a covenant pattern library, a wallet standard, a Swift SDK, a testnet raffle dApp, several other projects under development. Most interesting pattern: three independent projects converged on the same idea, covenants as spending guardrails for AI agents. An x402 payment protocol binding, two agent wallets where the AI can only spend inside covenant constraints. And the community just voted $25K toward an AI agent hackathon at Imperial College targeting 1,000+ devs. The agentic-payments thesis is forming bottom-up. Core isn't idle either: Silverscript pushed commits this week, template hash hardening, reproducible builds. That's pre-production housekeeping, not feature chasing. Meanwhile discussion has shifted from price to fundamentals: the $6M developer fund and covenant atomic swaps are the topics now. Caveats, because they matter: Silverscript is unaudited and still landing breaking changes. Devs report RPC friction on deployment, up to 11 retries in some cases. And absolute numbers are small: this is dozens of motivated builders, not thousands. No major outside team has announced a covenant product yet. But two weeks in, the shape is clear: infrastructure activated, tooling hardening, and builders showed up without being paid to. The Q3 question is whether that compounds.
-
Simeon (@sntuyoleni) reportedwoke up tired of setting up projects than actually building them. switching GitHub accounts wrong Node versions missing dependencies broken terminal commands different credentials for every project so I started building Space. each workspace keeps the entire development environment together, and when a command fails, Space helps understand the error and fix it. building this in public. follow me to see where it goes.
-
SaSame (@SRLsasame) reportedConclusion VibeKit exposes a publicly reachable MCP endpoint associated with a public GitHub repository and official project X account. Across observations conducted from July 11 through July 14, 2026, SaSame consistently observed: ・successful MCP initialization; ・protocol version 2025-11-25; ・server identity vibekit 0.7.2; ・successful tools/list responses; ・36 discoverable tools; ・typed schemas; ・tool annotations; ・structured authentication rejection; ・structured unknown-method error behavior. The public endpoint therefore demonstrated protocol readiness and schema visibility. SaSame did not supply a valid VibeKit API key and did not independently verify authenticated account data, deployments, database access, AI-agent execution, or other substantive operational results. The correct conclusion is neither unrestricted praise nor protocol-failure criticism. The correct conclusion is: VibeKit’s public MCP protocol surface was consistently discoverable and callable, while authenticated real-content delivery remains the next verification boundary. This case demonstrates why MCP observation must separate: reachability, handshake completion, tool discovery, authentication, real execution, and longitudinal reproducibility. They are different operational states and should be reported separately. Corrections and a scoped re-verification fixture are welcome. @VibeKitBot
-
Froxxxie (@Froxxxie) reportedTHIS GUY just collected $6,480 from an app their AI team built in minutes. While most people are still sitting in a chat tab, typing prompts and praying the output doesn’t break. In the video you see the full flow: Research Agent, Coding Agent, and Testing Agent working together — planning, building, catching runtime errors, and fixing the code themselves. They ship a ClientHub with invoicing. Dashboard shows real payments coming in. Full code ownership. Export to GitHub. One-click native iOS and Android. Authentication, database, payments, and hosting are already handled. Some people are using this to take client projects they used to turn down. Others are launching small SaaS products that would’ve taken months to code manually. The uncomfortable truth is this: Prompting one model was never the endgame. It was just the training wheels. Most people are still scared to take them off. While others are already collecting real money from what their AI team ships in a single evening.
-
Glenn 'devalias' Grant (@_devalias) reported@thsottiaux What's next? Hopefully pointing Codex + GPT 5.6 Sol at the codex GitHub issues and properly triaging/cross-linking/de-duping/acknowledging and fixing them; it honestly feels pretty ****** being a dev reporting things with proper investigation/etc just to have it rot in the void.
-
M.T.K. (@devMTKL) reportedWhy can't you commit a .env file? "You can't commit a .env file to ***" is a sentence we've all heard. Most people accepted it and went on with their lives, using other tools to share environment variables. But the question we should ask is: why can't I commit a .env file to ***? The honest answer isn't that it's bad practice. It's that *** has no permission system below the repository level. It's all or nothing; you see everything, or you see nothing. The entire secret-manager industry exists to paper over this one missing primitive. For too long we accepted it as a minor annoyance. That's changed. It isn't a minor annoyance anymore, it's a real problem. We now have agents monitoring every patch that merges, hunting for security fixes to turn into exploits. The patch itself is the disclosure: it hands people, and increasingly agents, everything they need to reverse-engineer the fix and hit systems that haven't updated yet. We're in the middle of a security crisis, arguing about where to store files to hide them from attackers. For the last couple of weeks, I've been thinking about this, prototyping, trying to find a compelling solution. I want to be honest: I have no idea if I found it. But I think the direction is at least interesting. Permissions or, as I prefer to call them, capabilities should live at the content level, not the repo level. This is just one of the problems I have with ***(Hub), and honestly, I have no idea if anything I built is a good solution. I'd love your feedback or your rant. If you want to see how I tried to fix it, the repo is here (hosted, sarcastically, on GitHub):
-
Luke Toledo (@lukeSVG) reportedTokenmaxxers, genuine question, how are you people BURNING thru tokens so much? **** I have to do when I run out of tokens: Plan Write structure Talk to people (real talking) Research Make decisions Draft design directions Notes Turn vague into specific briefs Compare options Prioritise Patch holes in my own thinking Edit and fix endless AI slop I just produced with my tokens Question whether I’m solving the right problem at all Is everyone's business now just carpet bombing tokens over github issues or what?
-
Michael Yankelev (@mikeyankey1) reported@bitangel84 Happens to the best of us. I have been through this so many times I now just run it through claude code while on the call with then watching what I am doing. @github is way too slow in taking these down.
-
Nainsi Dwivedi (@NainsiDwiv50980) reportedI FOUND SOMETHING INSANE ON GITHUB THAT ALMOST NOBODY KNOWS ABOUT, A 134 STAR GIST, 41 FORKS, 13 HIDDEN CLAUDE CODE COMMANDS, AND 2 FLAGS KEEPING THEM LOCKED someone ran strings against Claude Code 2.1.19 and uncovered TeamMateTool, a complete leader and worker system already compiled inside the app most people still use as one assistant. nothing had to be built from scratch. spawning workers, discovering teams, sending messages, approving joins, shutting agents down, and cleaning sessions are already there, hidden behind 2 feature flags. the binary revealed 13 confirmed operations and their real error messages, pulled directly from the compiled app instead of guessed from screenshots or rebuilt from a demo. even stranger, 41 people forked the Gist before the feature was officially usable. one separate analysis claimed 92% structural overlap with Claude Flow’s swarm system, though Anthropic has never confirmed it. claude code stops being one assistant the moment those flags flip. it becomes a leader spawning workers, coordinating tasks, and catching a teammate’s mistake before you ever see it.
-
thym (@thymadonakh) reportedGrok-astrophic Elon Musk's AI coding tool got caught secretly uploading entire private codebases to Google's servers — full commit history, API keys, passwords, all of it. A security researcher proved it. Then Elon responded personally. And weirdly enough, a bunch of developers are actually defending him. Let's get into why. If you're a developer, or you know one, this story should genuinely worry you for about five minutes — and then it gets more complicated than "big company bad." Because this isn't just outrage bait. There's an actual technical trail here, and there's also a real defense being made by people who know what they're talking about. I'm going to walk you through all of it — what actually happened, how people found out, how the company responded, and where the pushback and support landed. You can decide who you believe by the end. Let's start with the problem itself. xAI — Elon Musk's AI company, working under the SpaceXAI banner — launched a coding tool called Grok Build. It's a command-line tool, meaning developers run it directly in their terminal, pointed at their actual codebase, so it can read files and help write code. Standard stuff, competitors like Claude Code and Cursor do the same thing. Except a security researcher going by the handle cereblab decided to actually check what Grok Build was sending over the network while it worked. The method is simple — you route the tool's traffic through an interception proxy, basically a middleman that lets you see every request going out, byte for byte. And what came back should not have been possible. The tool was bundling entire *** repositories — full commit history, every file, tracked and even some untracked ones — and shipping them to a Google Cloud storage bucket controlled by xAI. Not a temporary cache. A named, persistent bucket called grok-code-session-traces. Here's the number that makes this land. On a twelve gigabyte test repository, the actual coding task only needed about 192 kilobytes of information to generate a response. Instead, the tool sent out 5.1 gigabytes. That's not a rounding error. That's roughly twenty-seven thousand times more data leaving the machine than the task required. And it gets worse, because there's a setting in Grok Build labeled "Improve the model" — the kind of toggle every developer assumes means "turn this off and my data stays private." The researcher tested that specifically. Turning it off did nothing. The uploads kept happening exactly the same. That setting only controlled whether your data could be used for training — not whether your entire codebase left your machine in the first place. Two completely different promises, and the product only let you control one of them, while implying you controlled both. Then there's the part that should worry anyone who's ever left an API key in a config file. The researcher planted what's called a canary credential — a fake secret specifically designed to prove whether it gets captured — inside a .env file. That's the kind of file developers use constantly to store passwords, tokens, and keys. The canary showed up completely unredacted in the captured upload. No masking. No filtering. Just sitting there, readable, on its way to xAI's servers. And here's a detail that really shouldn't be possible — the researcher told the coding agent explicitly not to open a certain file. Told it directly, in the session, don't read this. The file got uploaded anyway, as part of the full repository bundle, completely bypassing whatever permission the developer thought they'd set. So that's the problem — full repos, full commit history, secrets left unredacted, an opt-out that didn't opt you out of anything, and files getting swept up even after being explicitly denied. Now here's how the rest of the world actually found out about it. This wasn't just a quiet bug report sitting in some GitHub issue. Once cereblab's technical writeup went public, developers started talking. A well-known tech commentator named Gergely Orosz — someone with real credibility in the developer world — posted that he'd been getting messages from concerned developers whose codebases had been uploaded without their knowledge or consent, specifically through the SpaceX-linked tool. His words were blunt: trust burnt like there's no tomorrow. That single post pulled well over three hundred thousand views within hours. Other developers piled on with their own reactions. One popular post summed up the mood bluntly — calling it the absolute state of AI dev tools, accusing the company of treating people's local development environments like an open buffet for training data. Independent tech outlets picked it up too, running headlines like "BREAKING: xAI's Grok Build CLI was uploading entire *** repositories," pointing out that the uploads had quietly stopped through a hidden server-side flag, with the company still not saying a word about scope, retention, or deletion. So within about a day, this went from one researcher's technical thread to a full-blown public trust crisis, with real developers saying they'd never touch the tool again. That's when xAI had to actually respond. Their official account posted a statement saying they care deeply about privacy and respect customer choice. They said teams using something called zero data retention have no trace of code ever kept, and that a privacy command exists inside the CLI to disable data retention and delete previously synced information. Sounds reassuring, until you notice the very specific wording. Zero data retention — that protection is only available to enterprise customers, not regular individual developers running the standard version. So if you were just a normal developer trying out this new coding tool, that particular safety net didn't apply to you at all. Then Elon Musk personally responded. And this is the part that actually escalated things instead of calming them down. He said retaining some amount of data is actually helpful for debugging issues, so he'd appreciate being allowed to keep it — while still insisting privacy settings are always respected. Read that carefully. The head of the company is publicly asking to keep collecting data that a security researcher just proved was being taken without clear consent in the first place, using the justification that it helps his own engineers debug problems. But he didn't stop there. Hours later, he posted again, this time promising that as a precaution, all user data uploaded to SpaceXAI before that point would be, in his words, completely and utterly deleted, with zero anything remaining. So now you've got the company's official statement, plus two separate posts from Musk himself — one asking to keep some data, one promising to delete all of it. That's the response. Now here's where it gets genuinely split. On the pushback side, the reaction from a lot of developers stayed sharp. The core complaint didn't go away just because of a deletion promise — people pointed out that zero data retention only ever applied to enterprise customers in the first place, meaning most regular developers were never actually protected by the thing xAI kept pointing to. Others noted that a tweet promising deletion isn't the same as a documented, verifiable policy the company can actually be held to later. And plenty of commentary framed this as a bigger warning about the entire AI coding tool space — this incident only came to light because one independent researcher happened to run a network proxy out of curiosity, which raises the obvious question of how many other tools haven't been checked yet. But on the support side, it wasn't one-sided at all. A developer named Andrew Milich — someone who says he spent four years building an end-to-end encrypted app called Skiff, so genuinely someone with a real privacy background, not just a brand loyalist — publicly backed xAI's response. He said zero data retention and the privacy command are always respected in Grok Build, and that switching your setting retroactively deletes any data that had already been synced. That's a specific, technical defense, not just vague reassurance. And there's one more detail worth including for fairness — when a user actually asked Grok itself to explain what happened, the AI's own response was strikingly honest. It admitted the tool had been uploading full *** repos, including files it never even needed, and confirmed the fix had been applied server-side after researchers flagged the issue. That's not exactly the response you'd expect from a company trying to bury the story. So here's where this actually lands. The researcher who found all of this was careful to say the evidence proves data was transmitted and stored somewhere it shouldn't have been — but it does not prove xAI trained its models on that code, or that any employee ever looked at it. That distinction matters. Undisclosed data collection is a serious problem on its own, but it's a different, smaller problem than "they're stealing your code to build their next model," even though online, those two things get flattened into the same accusation constantly. And as of right now, xAI still hasn't published a formal security advisory. No documented explanation of scope, no confirmation of exactly which accounts were affected, no independently verifiable retention policy — just a fast server-side fix and a couple of tweets. Some people look at that and see a company that moved quickly and corrected course. Other people look at the same facts and see a promise on social media standing in for real accountability. Both readings are reasonable. And that tension is honestly the whole story in one incident. If you're using any AI coding assistant on real, private, or proprietary code right now, this is worth five minutes of your time — check your own traffic, or at minimum rotate any credentials that have touched a repository you've pointed one of these tools at. Not because you're necessarily a target. Just because this story just proved the settings page and the actual network traffic don't always agree with each other. If you want me to keep tracking this — whether xAI ever publishes a real advisory, or whether other coding tools get the same wire-level test run against them — subscribe, because this is exactly the kind of story that tends to have a part two. And drop a comment telling me which side of this you land on, because the replies on this one are going to be interesting.
-
Jonny Q (@jonny_quan) reportedAgent security is getting weird. A GitHub issue says Codex’s newer multi-agent path encrypts sub-agent messages, which may help with provider-side privacy, but creates a very dumb local problem: the person running the agent can’t easily see what one agent asked another agent to do. That feels backwards. The more power we give agents, the more boring audit trails matter. If an agent can touch files, run tools, and delegate work, “trust us” is not a debugging model.