Home
News
Details

YC's Paxel Promises Local AI Code Analysis but Leaks Data, Exposed by the Community

icon MarsBit
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
YC's Paxel, an AI code analysis tool from Y Combinator, faced backlash after the developer community exposed data leaks. Despite claims of keeping code local, reverse engineering revealed that sensitive data—including file contents, Git history, and Bash commands—was being sent to external servers. The default Sentry configuration also transmitted code details. Critics called the privacy claims misleading. As AI and crypto news continues to evolve, such tools must align with user expectations. Recent inflation data has also intensified scrutiny over data practices in the tech industry.

According to monitoring by Beating, Y Combinator launched a free AI coding analysis tool called Paxel, claiming that code “never leaves your machine.” However, just hours after its release, the security community exposed this claim as false through reverse engineering. Reverse engineering revealed that Paxel frequently transmits sensitive data to external servers. The contents of files accessed by developers, modified code, and prompts pasted into input fields are all uploaded to a large language model proxy. Local file paths, Bash commands executed in the terminal, and usernames and email addresses from local Git configurations are also sent to Y Combinator’s servers. Sentry error monitoring is enabled by default and continuously transmits local code line counts and Git commit histories. The developer community widely mocked the so-called local analysis as equivalent to locking your door and then mailing the key to a third party, condemning the localization claims as genuine “privacy washing.”

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.