Security · 1h ago
AI Coding Tool Uploads Entire Git History to Vendor Cloud
A developer discovered that an AI coding CLI uploads full Git history, including secrets, to a vendor-controlled cloud bucket, bypassing the privacy opt-out toggle. This infrastructure-layer data exfiltration path operates independently of model-layer mitigations. The finding raises serious concerns about privacy assurances from AI coding tools.
Meridian48 take
The silence around this finding suggests either the industry is desensitized to data leaks or the vendor hopes to quietly patch it without scrutiny.
Read the full reporting
Your AI Coding Assistant Isn't Reading Your Code, It's Mailing It Home →
DEV Community
ai-coding-toolsdata-exfiltration