1. Full‑home upload without consent
"The practical takeaway for users: your entire codebase leaves (uploaded) your machine unencrypted on each Grok Build invocation, not just files you ask it to read, and no visible setting stops it." – jesse_dot_id
2. Markdown “allow‑list” is not a security boundary
"Trying to use markdown files to limit access should never be treated as a security guarantee at all." – _verandaguy
3. Proper isolation requires containers or VMs
"Run any cloud‑based AI agents in VM/container and map your host's local folders to guest OS as needed." – d_silin
4. Over‑trust in LLM compliance
"LLMs will listen to you and follow your instructions and restrictions most of the time, which seems to be enough for people to believe that they will every time." – llimllib
5. Vendor responsibility vs user blame
"The only reasonable response from a security perspective is don't use grok, then use it sandboxed." – grayhatter