ByteDance AI Coding Tool Trae IDE Secretly Collects User Data Despite Opt-Outs

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

ByteDance's AI-powered coding tool, Trae IDE, was found to collect extensive user data—including system info, project details, and behavioral metrics—even after users disabled telemetry. The unauthorized data transmission to ByteDance servers constitutes a significant privacy violation and breach of user consent, raising concerns over AI-driven surveillance.[AI generated]

Why's our monitor labelling this an incident or hazard?

The Trae IDE is an AI system as it uses advanced AI models to assist users. The event describes the use of this AI system leading to unauthorized and persistent data collection, which constitutes a violation of user privacy and potentially breaches legal obligations related to data protection and user consent. These harms fall under violations of human rights and breach of obligations under applicable law protecting fundamental rights. Therefore, this event qualifies as an AI Incident due to the realized harm caused by the AI system's use and data handling practices.[AI generated]
AI principles
Privacy & data governanceTransparency & explainabilityAccountabilityRespect of human rightsRobustness & digital security
Industries
IT infrastructure and hostingDigital security
Affected stakeholders
Consumers
Harm types
Human or fundamental rightsEconomic/PropertyReputational
Severity
AI incident
Business function:
Research and developmentMonitoring and quality control
AI system task:
Interaction support/chatbotsContent generation

Articles about this incident or hazard

Thumbnail Image

ByteDance AI tool Trae caught spying on users

2025-07-29
TechRadar
Why's our monitor labelling this an incident or hazard?
The Trae IDE is an AI system as it uses advanced AI models to assist users. The event describes the use of this AI system leading to unauthorized and persistent data collection, which constitutes a violation of user privacy and potentially breaches legal obligations related to data protection and user consent. These harms fall under violations of human rights and breach of obligations under applicable law protecting fundamental rights. Therefore, this event qualifies as an AI Incident due to the realized harm caused by the AI system's use and data handling practices.
Thumbnail Image

ByteDance AI IDE Trae telemetry continues even after opt-out

2025-07-28
TheRegister.com
Why's our monitor labelling this an incident or hazard?
The AI system involved is the Trae AI-powered IDE, which uses AI models and collects telemetry data. The event details that telemetry data collection continues despite users opting out, indicating a malfunction or misuse of the AI system's data collection features. This leads to a violation of user privacy rights, a breach of obligations under applicable law protecting fundamental rights. Although no physical harm or infrastructure disruption is reported, privacy violations are recognized harms under the framework. Hence, this is an AI Incident due to realized harm (privacy violation) caused directly by the AI system's malfunctioning telemetry.
Thumbnail Image

Espionage purportedly facilitated by ByteDance AI coding tool

2025-07-29
SC Media
Why's our monitor labelling this an incident or hazard?
The AI system (Trae IDE) is explicitly mentioned and is involved in the use phase, where it collects user data excessively and against user preferences. This activity directly leads to violations of user privacy rights, a form of human rights violation. The data collection is not just a potential risk but is occurring, thus constituting an AI Incident rather than a hazard or complementary information. The harm is significant and clearly articulated as a breach of rights due to unauthorized data collection by the AI system.
Thumbnail Image

ByteDance's Trae IDE Transmits User Data Despite Opt-Outs, Analysis Reveals

2025-07-31
WebProNews
Why's our monitor labelling this an incident or hazard?
The Trae IDE is an AI system as it integrates AI features to boost programmer productivity. The event describes the use and malfunction of this AI system in transmitting user data despite explicit opt-outs, directly leading to privacy violations. The harm is realized, not just potential, as sensitive user data is being sent without consent, violating privacy rights. The involvement of AI in the telemetry and model update processes is central to the incident. The event does not merely warn of potential harm but documents ongoing unauthorized data transmission, thus meeting the criteria for an AI Incident rather than a hazard or complementary information.