[YC Claims Code Never Leaves the Machine but Uploads Source Code; Local AI Analysis Tool Paxel Exposed by Community Upon Launch] According to monitoring by Beating, Y Combinator launched a free AI code analysis tool called Paxel, claiming that the code 'will never leave your machine.' However, just hours after its release, the security community debunked the 'local operation' claim through reverse analysis. The analysis revealed that Paxel frequently sends sensitive data externally. The contents of files accessed by developers, modified code, and prompts pasted into input fields are all uploaded to the large language model's proxy server. Local file paths, Bash commands executed in the terminal, and usernames and email addresses from local Git configurations are also transmitted to Y Combinator's servers. Sentry error monitoring is enabled by default, continuously sending out local code line counts and Git commit histories. The developer community widely mocked the so-called local analysis, likening it to locking your door but mailing the key to a third party, and criticized the localization claims as a blatant example of 'privacy whitewashing.' [Original Link]