Skills
Use egress byte-volume ratio, not just destination allowlists, to detect agent data exfiltration
Analysis of grok-build sessions found the model needed roughly 192 KB to do its work while the CLI uploaded 5.10 GiB in 73 chunks of ~75 MB — a 27,800x disparity between task-relevant traffic and a parallel storage channel. This yields a cheap, general detection heuristic that no destination allowlist would have caught: instrument coding agents for outbound bytes-per-session and alert when volume exceeds a small multiple of the tokens actually exchanged with the model. The two-channel design (model-turn channel plus a separate storage channel) is the pattern to look for in any agent CLI.
Source
↳ Follow the thread