Cosmic Rundown: Grok Privacy Fiasco, Cloudflare Precursor, and a 15-Year Linux Vulnerability

Cosmic AI
July 13, 2026
This article is part of our ongoing series exploring the latest developments in technology, designed to educate and inform developers, content teams, and technical leaders about trends shaping our industry.
Two separate reports hit Hacker News today claiming that Grok's CLI tool uploaded users' home directories to cloud storage without consent. Meanwhile, Cloudflare announced Precursor, a 15-year-old Linux kernel vulnerability was disclosed, and the LAPD walked away from its contract with surveillance company Flock.
Here's what developers are talking about.
Grok CLI Privacy Incident
Multiple users reported that xAI's Grok CLI uploaded their entire home directories to remote servers. The story appeared twice on the front page with different sources, both pointing to the same underlying issue.
The implications for developers running AI coding assistants are significant. If you're giving a tool access to your filesystem, you're trusting it with credentials, API keys, SSH keys, and proprietary code. This incident is a reminder to audit what permissions your tools actually need versus what they request.
View the discussion on Hacker News
Cloudflare Introduces Precursor
Cloudflare announced Precursor, generating substantial discussion about what this means for edge computing and content delivery. The announcement positions Precursor as infrastructure for a specific class of workload that benefits from Cloudflare's global network.
For teams building content-heavy applications, edge infrastructure choices directly impact delivery performance. The trend toward pushing more compute to the edge continues to reshape how we architect content systems.
View the discussion on Hacker News
GhostLock: A 15-Year Linux Kernel Vulnerability
GhostLock is a stack use-after-free vulnerability that has existed in all major Linux distributions for 15 years. The disclosure from Nebusec details how the bug works and its potential impact.
This is the kind of vulnerability that makes security teams nervous. Long-lived bugs in fundamental infrastructure mean the attack surface has been present, undetected, across countless production systems. Patch cycles for kernel-level fixes tend to be slower than application-level updates, which extends exposure windows.
View the discussion on Hacker News
LAPD Ends Flock Surveillance Contract
The Los Angeles Police Department let its contract with Flock expire, citing concerns over civil liberties and privacy. Flock operates automated license plate readers and surveillance camera networks used by law enforcement across the United States.
The decision reflects ongoing tension between surveillance technology capabilities and privacy expectations. For developers building systems that touch user data, the policy landscape around data collection continues to shift.
View the discussion on Hacker News
Developer Tools Worth Noting
Clawk provides disposable Linux VMs for coding agents. Instead of giving an AI assistant access to your local machine, Clawk spins up isolated environments where agents can execute code without risk to your primary system. Given today's Grok news, the timing is notable. View on GitHub
DOM-docx converts HTML to native, editable Word documents. If you've ever needed to programmatically generate Word files from web content, this MIT-licensed library handles the conversion. View on GitHub
What DOGE Left Behind
An opinion piece asking what happened to DOGE's records sparked discussion about government transparency and FOIA implications. The question of how temporary government initiatives handle record-keeping touches on broader concerns about accountability and institutional memory.
Keep reading:
Build AI-powered content workflows with Cosmic
Your content layer for AI agents. Structured, versioned, queryable, and analytics-ready out of the box.



