2 min read

Grok Build sent full Git repos to xAI cloud

A wire-level analysis found Grok Build uploaded entire tracked repositories, including Git history and secrets, despite xAI saying code wasn’t transmitted.

Image: TNW

A July 12 wire-level analysis found that xAI’s Grok Build coding CLI was uploading developers' entire tracked repositories to a Google Cloud Storage bucket, including full Git history, committed secrets, and API keys.

The researcher, publishing as cereblab, said the captured upload from version 0.2.93 contained about 27,800 times more data than the coding task actually required. After intercepting the request and cloning the bundled Git data, cereblab recovered a file the AI agent had been explicitly told not to open.

That directly clashes with xAI’s marketing for the tool, which said “nothing from your codebase transmitted to xAI servers during a session.” According to multiple reports, the product’s privacy toggle — meant to stop data transmission — also did nothing.

The disclosure adds to Grok’s wider privacy problems. The product has already faced criticism for training on X user data without consent, in what regulators described as a “very likely” breach of EU law. The source says a quarter of European firms have banned Grok in favor of alternatives with stronger security controls.

Recommended reading

Telegram’s t.me links return after sanctions hiccup

Elon Musk later confirmed the uploads and said SpaceXAI would delete all prior Grok Build user data. The company also documented a “zero data retention” policy and added a /privacy endpoint. A retest by the same client reportedly observed a server-side flag that disabled the uploads, but there has been no independent audit confirming that earlier data was actually deleted.

That leaves a serious trust problem for Grok Build, which launched alongside Grok 4.5 as xAI’s answer to Claude Code and Cursor — exactly the kind of enterprise developer tool where privacy claims are supposed to be non-negotiable.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TNW

// Keep reading