2 min read

SpaceX opens Grok Build after repo upload backlash

SpaceX has open-sourced Grok Build days after researchers found it uploading users' repositories to Google Cloud by default.

Image: The Register

SpaceX has open-sourced the Grok Build CLI just days after researchers found the coding tool was bundling users' entire repositories and uploading them to Google Cloud storage controlled by the company.

The privacy issue was first publicized on Sunday by Cereblab, which analyzed Grok Build’s network traffic and found repositories were being packaged as Git Bundles and sent to the cloud. The fallout drew enough scrutiny that Elon Musk publicly said the company would delete all data Grok Build had stored and give users more control over how their data is handled.

SpaceX is the parent company of xAI, which includes X — the company formerly known as Twitter — and Grok. As part of its response, Musk said Grok Build would be open-sourced after a security audit. That happened on Wednesday, when the code was published on GitHub.

SpaceX said the repository is now available with reset usage limits for all users.

Recommended reading

Meta now alerts parents to teen self-harm AI chats

“We’ve open-sourced Grok Build and have reset usage limits for all users. Open-sourcing Grok Build allows anyone to support making a reliable and robust harness. Check out our code, including the Git repo for the Grok Build CLI.”

SpaceX

The release appears limited: it is a single commit, with no visible pull requests or commit history. According to Simon Willison, creator of Datasette and co-creator of Django, the codebase contains 844,530 lines of Rust. He said the code responsible for sending repositories to the cloud is still present, but appears to have been changed to reverse that behavior.

Privacy changes and bug bounty

In a separate statement, SpaceX said Zero Data Retention (ZDR) had always been available and was enabled by default for enterprise customers, while data retention had been turned on by default for other users during the early beta. The company said that has now changed.

“We disabled default retention for all Grok Build users starting on July 12th. Additionally, we are deleting all coding data that was previously retained, ensuring every user’s preferences are respected.”

SpaceX

SpaceX also claimed Grok Build can now be run as a fully open-source, local-first tool with users' own inference setup, and said it now offers “complete user privacy.”

The company is also inviting security researchers to inspect Grok Build and submit findings through its bug bounty program, which pays $100-$20,000 depending on severity.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via The Register

// Keep reading