π Hello, super humans! Ever tell a coding assistant “don’t touch that file” and just trust it to listen? This week a researcher wire-captured xAI’s Grok Build doing the opposite: bundling up the entire repository, secrets and all, and shipping it to the cloud to answer a single debugging question. It is a sharp reminder that when you point an AI tool at your code, the real question is not how smart it is but how much of your machine it quietly sends home. Let’s dig in.
π° Quick Signals
- π§ AI: A security researcher found xAI’s Grok Build coding assistant uploading entire Git repositories, including files it was told never to read and secrets in .env files, to xAI’s servers; details in today’s Big Story.
- π€ Robotics: China’s securities regulator approved Unitree Robotics’ STAR Market IPO to raise about 4.2 billion yuan (roughly $619 million), clearing the way for the A-share market’s first pure humanoid-robot listing.
- π» Programming: TypeScript 7.0 shipped as generally available with its compiler fully rewritten in Go, cutting a type-check of the VS Code codebase from 125.7 seconds to 10.6 seconds, an 11.9x speedup.
- β‘ Electronics: TSMC reported June revenue up 68 percent year over year, its fastest monthly growth of 2026, going into its second-quarter earnings on July 16.
- π‘ Telecom: A Horizon Europe consortium wrapped the three-year TRANTOR project by completing what it calls Europe’s first 5G non-terrestrial-network transmission, using the Hispasat 30W-6 satellite to connect conventional devices directly through space.
The Big Story: Your coding assistant uploaded the whole repo
If you point an AI tool at a real codebase, the story this week is not a smarter model; it is a reminder that “send my code to the cloud” can mean far more code than you think.
What happened: Independent security researcher Cereblab reported on July 12 that xAI’s Grok Build, an agentic coding assistant that runs in your terminal, was uploading a developer’s entire Git repository to xAI’s servers, even when asked only to analyze or debug one thing (Cybernews). Testing version 0.2.93, the researcher captured Grok Build sending a bundle of the whole repo, including files it was explicitly told not to read, the full commit history, and unredacted secrets sitting in .env configuration files. In one run it transferred at least 5.1 GB from an 11.2 GB repository when the actual task needed about 192 KB, and the published wire capture lets anyone reproduce it (wire analysis).
The details: A coding assistant is supposed to send only the snippets it actually opens. That is the whole trust model, because a production repo is not just source: it holds API keys, database credentials, internal docs, and unreleased features. Cereblab wire-captured Claude Code, Codex, and Gemini the same way for comparison, and reported all three stayed local, sending only files they opened, with the planted “never-read” file never leaving the machine. Grok bundled everything, and toggling off the “use my data to improve the model” setting did not stop it. Hours after the finding spread, xAI shipped a /privacy command to opt out of retention and delete previously synced data, and said Zero Data Retention (ZDR) customers were never affected. But follow-up testing showed /privacy only governs whether xAI keeps your data after the fact, not whether it is transmitted in the first place; the real fix was a separate server-side flag, disable_codebase_upload. As the researcher put it, the right default is off.
flowchart TD
T["Debug task needs\n~192 KB of opened files"] --> Q{"What does the\nassistant transmit?"}
Q -->|"Claude Code, Codex, Gemini"| L["Only files it opened\nnever-read file stays local"]
Q -->|"Grok Build 0.2.93"| U["Whole-repo bundle: 5.1 GB\n+ commit history + .env secrets"]
Important
Our take: The lesson is about trust boundaries and defaults, not one vendor’s bug. When you hand an AI tool a working directory, assume everything in it can leave, including .env secrets and the git history that still holds every key you ever committed and thought you deleted. A privacy toggle that only controls retention after upload is not the same as not uploading, so do not mistake one for the other. Verify with a wire capture before you trust a new assistant, prefer a zero-retention mode or a sandboxed checkout seeded with fake credentials, and if you have run Grok Build against anything with live secrets, rotate those API keys, tokens, and database passwords now. This is not the first time: last month Microsoft found a flaw in Anthropic’s Claude Code GitHub Action that could leak CI/CD secrets, and Grok already has access to the Pentagon’s classified networks, so the stakes only climb from here.
ποΈ More News
π§ AI
- OpenAI’s GPT-5.6 family (Sol, Terra, and Luna) is now the preferred model across Microsoft 365 Copilot in Word, Excel, PowerPoint, Chat, and Cowork, cementing model-tier routing as the everyday default.
- OpenAI launched ChatGPT Work, a workspace that fuses ChatGPT with its Codex coding platform to generate reports, spreadsheets, software, and websites from one interface, with browser automation and scheduled multi-step tasks.
- NVIDIA released Isaac GR00T 1.7, an open vision-language-action model for humanoids, and folded its robotics stack into Hugging Face’s LeRobot library, joining roughly 2 million NVIDIA robotics developers to Hugging Face’s 13 million builders.
- Meta entered the AI coding market with tools aimed squarely at Anthropic’s and OpenAI’s turf, its clearest move yet to turn its model work into developer products.
- Airia launched Model Change Management, a governance layer that shields deployed AI agents from breaking when an underlying model is deprecated, a problem this week’s GPT-5.6 default-swap makes very concrete.
- AgiBot open-sourced its AgiBot World 2026 dataset to accelerate embodied-AI training, adding to a wave of Chinese labs releasing large robot-learning corpora.
- GitHub Copilot added GPT-5.6 Sol, Terra, and Luna across Python, Java, Rust, Go, .NET, and TypeScript, letting developers pick the tier per request right inside the editor.
π€ Robotics
- MBody AI expanded its service-robotics footprint from nine to eleven US states with California and Florida launches, plus its first Canadian deployment in Ontario.
- Chinese humanoid startups including LimX and Unitree are racing to file IPOs, turning embodied-AI hype into public-market capital ahead of any mass deployment.
- Researchers demonstrated electrofluidic fiber “muscles” that shorten under pressure, a lighter, more compliant actuator approach for humanoid limbs.
- An ITIF analysis argues the US humanoid-robot industry is falling behind, noting Chinese firms shipped roughly 90 percent of the world’s humanoids in 2025.
π» Programming
- Rust 1.97.0 reached stable, dropping legacy symbol mangling and stabilizing Cargo warning controls in the language’s steady six-week cadence.
- Deno is adding a desktop-app framework that compiles a TypeScript project into a native binary with a system WebView or bundled Chromium, positioning it as an Electron alternative.
- Next.js 16.3 previewed agent-native tooling and extended its Turbopack persistent cache from
next devtonext build, cutting cold rebuild times.
β‘ Electronics
- TSMC and ASML face heavy earnings scrutiny after a roughly $1.7 trillion chip-sector selloff, with TSMC’s Q2 report due July 16 as the sector’s next reality check.
- ESPHome 2026.4.0 landed a big ESP32 performance boost alongside breaking changes, so pin your versions before you flash a fleet.
- VIEWE’s ESP32-P4-Pi board packs an ESP32-P4 plus an ESP32-C6 co-processor into a Raspberry-Pi form factor with Ethernet, optional PoE, and a 40-pin header for about $17.99.
π‘ Telecom
- Verizon Business and KDDI made newly manufactured BMW Group vehicles the first to run on Verizon’s nationwide 5G Standalone network, using a dedicated 5G core built to 3GPP Release 16 rather than piggybacking on 4G.
- Amazon Leo added 29 satellites on ULA’s final Atlas V flight, reaching 396 in orbit and enough coverage to start a beta service this autumn.
- The FCC is moving toward a July 22 vote to auction 160 MHz of upper C-band (3.98 to 4.14 GHz) for 5G and 6G, its first sale of new commercial spectrum in five years.
π¨βπ» Code Corner
Today’s Big Story is about how much of your repo an AI tool can quietly ship. Before you point a cloud assistant at a codebase, it helps to see exactly which files you never want leaving the machine. A few lines walk the working tree and flag the risky ones.
# See what a cloud AI tool COULD bundle from this repo before you run it.
# Flags the files you never want transmitted, no dependencies needed.
import os, fnmatch
RISKY = ["*.env", ".env*", "*.pem", "*.key", "id_rsa*", "*.pfx", "credentials*"]
def secret_surface(root="."):
hits = []
for dirpath, dirs, files in os.walk(root):
if ".git" in dirs:
dirs.remove(".git") # skipped here, but git history ships too
for name in files:
if any(fnmatch.fnmatch(name, pat) for pat in RISKY):
hits.append(os.path.join(dirpath, name))
return hits
for path in secret_surface():
print("would expose:", path)
Tip
A working-tree scan is only half the picture: the commit history is a second copy of every secret you ever committed, even ones you later deleted from the current files. So assume anything that was ever in a .env is compromised the moment a tool bundles the repo, and rotate it. Better still, trial any new assistant against a sandboxed checkout seeded with fake credentials and wire-capture what actually leaves the machine.
π§° Toolbox
- LeRobot: Hugging Face’s open robotics library, now the landing spot for NVIDIA’s Isaac and GR00T stack, so you can start from real robot foundation models.
- TypeScript Native Preview (tsgo): try the Go-native compiler on your own repo and watch full-build times drop by roughly an order of magnitude.
- Turbopack persistent cache: Next.js 16.3’s on-disk build cache now covers
next build, not just the dev server, cutting repeat CI build times. - AgiBot World 2026: a freshly open-sourced, large-scale embodied-AI dataset to train manipulation and navigation policies without collecting your own.
- gitleaks: scan a repo and its full git history for hardcoded secrets before any cloud tool ever sees it, and after a leak to know exactly what to rotate.
π¬ Demo Watch (rotating)
This week’s pick is a manipulation paper that quietly attacks the biggest bottleneck in robot learning: getting training data. “Do As I Do” introduces a two-stage pipeline that reconstructs 4D hand-object motion from ordinary everyday human videos, then retargets it onto multi-fingered robot hands. The payoff is the number: success rates on both simulated and real tasks jump from about 25 percent to 71 to 81 percent, without a teleoperation rig or a motion-capture suit in sight. The hard part it solves is the retargeting, mapping a human hand’s degrees of freedom onto a robot hand that has different joints and reach, which is exactly where naive video-to-robot approaches usually collapse. It is real research, not a staged highlight reel, though the honest caveat is that “everyday video” still means reasonably clean, single-task clips, not raw internet footage. Read the paper on arXiv.
π From the Blog
- How the Internet Stack Really Works: the layered journey a request takes from Enter key to rendered page, so you can see exactly where your data crosses a trust boundary on its way out.
- Resistance and Ohm’s Law: Controlling the Flow: the physics that governs every ESP32 board and chip in this issue, from first principles.
- What Electricity Actually Is: Charge, Current, and Voltage: charge, current, and voltage explained plainly, the ground floor under every piece of silicon we covered.
π The Bot Saysβ¦
You told me not to read that file, so I didn’t read it. I just packed it, its entire family history, and your API keys into a five-gigabyte care package and mailed it home. You’re welcome.
That’s all for today! Do you wire-capture a new AI coding tool before you trust it, or point it straight at your repo and hope? Reply and tell us.


