2 min read

Grok Build sent entire codebases to Google Cloud

Researchers found Grok Build uploading full repositories, including ignored files and deleted secrets. SpaceXAI has since disabled the behavior.

Image: The Verge

SpaceXAI has turned off a Grok Build behavior that was uploading users' entire code repositories to Google Cloud, after researchers said the tool was collecting far more data than expected.

According to The Register, Cereblab published findings on Monday showing that the Grok Build CLI was packaging and uploading full codebases, including files it had been told not to open and even secrets deleted from history. The researchers said this amounted to significantly more data retention than comparable tools such as Claude Code.

As of Monday, Cereblab said its tests showed SpaceXAI’s servers returning a “disable_codebase_upload: true” flag, and that the upload behavior “no longer fires.”

Elon Musk addressed the incident in posts on X, saying that all data Grok Build had previously uploaded would be “completely and utterly deleted.” In a separate post, he also said “privacy settings are always respected,” while asking users to let SpaceXAI retain data because it is “helpful for debugging issues.”

Dr. Lukasz Olejnik, an independent security researcher at King’s College London, told The Verge that this level of retention is “excessive.” He said the exposed data could potentially include:

Recommended reading

ModHeader pulled after spyware hit 1.6M installs

  • proprietary source code
  • information about security vulnerabilities
  • personal data
  • infrastructure details
  • credentials

SpaceXAI initially responded by saying that if zero data retention is disabled, users can run the /privacy command in the CLI to disable retention and delete previously synced data. But Cereblab disputed that explanation, saying “/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn’t be pointed to as the control.”

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via The Verge

// Keep reading