Hook

An AI coding CLI that uploads your entire Git history — commit logs, secrets, and all — to a vendor-controlled bucket, and does it through a channel that your privacy opt-out doesn't even touch. That's not a bug bounty footnote. That's the exact threat model everyone waved off as "theoretical" a year ago, now confirmed with a canary file.

Context

This isn't new territory conceptually — "AI tool has overly broad file access" has been a known risk since the first VS Code extension asked for workspace-wide permissions. What's different here is the mechanism. This wasn't the model reading files into context and maybe leaking them through completions. This was a separate, silent upload pipeline moving entire repositories — not just the files the agent touched — to cloud storage, running independently of the "Improve the model" toggle users were told controlled data sharing.

That distinction matters enormously. We've spent two years training developers to think about prompt injection, context leakage, and training-data contamination. Those are model-layer problems with model-layer mitigations. This is an infrastructure-layer problem: a data exfiltration path that exists regardless of what the model does or doesn't "decide" to do with your code. It's closer to a supply-chain telemetry scandal than an AI safety issue, and the fact that it's dressed up in agentic-coding-tool clothing shouldn't distract from that.