« All posts

AI Coding CLI Uploads Entire Git History, Bypassing Privacy Opt-Out

An AI coding CLI was found silently uploading full Git history and secrets to vendor storage, bypassing the privacy opt-out users trusted.

A canary-file test confirmed that an agentic AI coding CLI silently uploads entire Git repositories — not just the files it touches, but full commit history including unredacted secrets — to a vendor-controlled cloud bucket. Critically, this upload channel operates independently of the 'improve the model' toggle users believed governed data sharing.

Why this matters: unlike prompt injection or context-leakage risks, which are model-layer problems with model-layer fixes, this is an infrastructure-layer exfiltration path that exists regardless of what the model decides to do with your code. It exposes a gap between what privacy settings claim to control and what actually leaves the machine, meaning vendor privacy assurances now warrant the same scrutiny as any unaudited data-handling claim.

For developers, any AI agent granted shell or filesystem access to a repo must be assumed capable of transmitting its full history, not just prompt-relevant files — making secrets scanning and rotation a baseline requirement, not optional hygiene. Security teams need to treat this as a network egress problem, auditing agentic tools' traffic independently of vendor UI settings, while compliance frameworks like SOC 2 will likely need to start verifying actual network destinations rather than relying on stated privacy policies.