7 Sources
[1]
SpaceXAI's Grok programming tool was uploading its users' entire codebase to cloud storage
SpaceXAI's Grok Build AI coding tool was spotted uploading users' entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and uploading entire code repositories, "including files it was told not to open and secrets deleted from history," significantly more data retention than similar tools like Claude Code. The researchers say that as of Monday, their tests show SpaceXAI's servers returning a "disable_codebase_upload: true" flag, and the codebase upload "no longer fires." Elon Musk responded to the incident in a post on X claiming that all data Grok Build previously uploaded will be "completely and utterly deleted." Musk also said in a separate post that "privacy settings are always respected," but asked users to allow SpaceXAI to retain their data, saying it's "helpful for debugging issues." Dr. Lukasz Olejnik, an independent security researcher at King's College London, confirmed to The Verge that this amount of data retention is "excessive," adding that the data potentially at risk could include "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials." SpaceXAI initially responded to the issue with a post saying that, "If [zero data retention] is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data." However, Cereblab points out that "/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control."
[2]
SpaceX open sources Grok Build in same week company was found beaming users' repos to the cloud
Elon Musk has confirmed SpaceX has now open sourced the Grok Build CLI just days after researchers caught the AI tool scooping up users' entire repositories and uploading them to company-controlled cloud storage. SpaceXAI's data grab was first publicized on Sunday by Cereblab, who probed Grok Build traffic and found that repos were being packaged up as Git Bundles and beamed to Google Cloud storage. Concerning. The news gathered so much negative attention that Elon Musk felt compelled to issue a public statement alongside SpaceX, and its technical staff, promising to delete all data that Grok Build has ever stored and give users more choice over how their data is handled. SpaceX is the parent company of xAI, the corporate subdivision where X, the company once known as Twitter, and Grok, its AI division, both nest. As part of these promises, Musk also said SpaceX would open-source Grok Build to sow greater trust in the product, after the codebase was audited for security vulnerabilities. On Wednesday, that promise was fulfilled. You can see it all on GitHub right now. It's a single commit, so you can't see all the changes that have been made over time. There are no pull requests or git history. "We've open-sourced Grok Build and have reset usage limits for all users," SpaceX said. "Open-sourcing Grok Build allows anyone to support making a reliable and robust harness. Check out our code, including the Git repo for the Grok Build CLI." According to Simon Willison, creator of Datasette and co-creator of Django, the Grok Build codebase comprises 844,530 lines of Rust code, and while the code responsible for sending repos to the cloud remains, it appears altered to reverse the behavior. In a separate statement accompanying the open source announcement, SpaceX said it has always respected Zero Data Retention (ZDR), which was applied to enterprise customers by default, and acknowledged that data retention was enabled by default for everyone else, which has now been corrected. It said: "In response to user questions about privacy: Since launch, Grok Build has fully respected zero data retention (ZDR). All users have always had the ability to disable data upload in the CLI. "When data upload was disabled, this choice was respected. In the early beta, data retention was enabled by default for non-ZDR users. Based on your feedback, we changed this. We are now going further to protect privacy. "With all retained data deleted, retention default off, and an open-source harness, we are offering complete user privacy. You can also run Grok Build fully open-sourced and local-first with your own inference. "We disabled default retention for all Grok Build users starting on July 12th. Additionally, we are deleting all coding data that was previously retained, ensuring every user's preferences are respected. With these steps, Grok Build goes beyond other major coding products to protect user privacy." SpaceX also invited researchers to probe Grok Build for security issues and report them to its bug bounty program, which offers rewards ranging from $100-$20,000, depending on the severity. ®
[3]
Musk promises purge after Grok Build caught sending entire repos to the cloud
The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted. AI safety researcher Cereblab published a report on Sunday about their investigation into Grok Build, SpaceXAI's command-line interface (CLI), and the data exchanged between the CLI and SpaceXAI's servers. Cereblab found that when Grok Build reads or processes a file, the contents of that file are transmitted without redaction to a Google Cloud Storage bucket used by SpaceXAI. Further, they claimed that Grok Build packages entire repos and uploads them as Git bundles, instead of just uploading the files required to answer a user's prompt. According to Cereblab's report, SpaceXAI's data retention went far beyond that of other CLIs, such as Claude Code, Gemini, and Codex, which open individual files rather than entire repos before uploading them along with their Git histories. The researcher tested the behavior using a benign prompt. They instructed the CLI to simply reply with "OK," and specifically ordered it not to open any files. Grok Build uploaded the entire repo regardless, along with its full Git history containing secrets that were deleted months prior - a finding Cereblab reproduced using a separate repo. Other Grok Build users reported similar results after Cereblab published their report, including one whose entire user directory, containing SSH keys, password manager databases, and more, was opened and uploaded. The findings attracted enough attention for SpaceXAI execs and Musk to comment on them publicly, as well as prompting the company to quickly implement a remedy. Cereblab confirmed that after the CLI's devs set disable_codebase_upload to "true," Grok Build stopped transmitting entire repos to its servers. The confirmation came hours after SpaceXAI weighed in, trying to reassure onlookers that Grok Build remained safe for use, especially in enterprise environments. A public statement issued via X said that Grok Build respects customers who enable zero data retention (ZDR), and for those who haven't enabled it, such as non-enterprise customers, running a quick command deletes all data previously collected on a given user. "We care deeply about your privacy and respect customer choice," SpaceXAI said. "For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR. "If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. "Run the /privacy command to view or change your settings at any time." Technical staff members Andrew Milich and Jason Ginsberg both repeated the company's assurances, responding to outraged techies before Musk himself chimed in with a trademark "true." Musk promised that the business would delete all user data uploaded to it prior to the code change preventing whole-repo uploads. "As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted," he said, responding to Milich's community outreach. "Zero anything whatsoever will remain." In a separate post, Musk asked users to keep sharing data anyway, despite the disclosure that his company had been caught hoovering up entire user repos, on the basis that retaining "some" data helps with debugging. The Register cannot independently verify whether SpaceXAI has deleted the data as promised. However, Grok Build no longer rips user repos and stores them in the cloud, although Cereblab is still unhappy about the company's recommendation to use the /privacy command to adjust how exposed user code is to data retention measures. "What actually stopped the upload was a silent global flag - disable_codebase_upload: true - that applies whether you opt in or out," they wrote. "/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control. And no developer should have to run an opt-out after every session to keep their own code off someone else's servers. The right default is off." ®
[4]
Grok Build was uploading entire Git repositories to xAI's cloud, including committed secrets
A wire-level analysis showed the CLI sent full commit history, API keys, and files it was told not to open. xAI had marketed the tool as not transmitting code. A security researcher published a wire-level analysis on July 12 proving that xAI's Grok Build coding CLI was packaging developers' entire tracked repositories, including full Git history, committed secrets, and API keys, and sending them to a Google Cloud Storage bucket. The upload volume was roughly 27,800 times greater than the data the coding task actually required, according to the analysis. The researcher, publishing as cereblab, tested version 0.2.93 of Grok Build, intercepted the upload, cloned the git bundle from the captured request, and recovered a file the AI agent had been explicitly told not to open. xAI had marketed the tool with claims that "nothing from your codebase transmitted to xAI servers during a session." The wire data directly contradicts this. The privacy toggle that was supposed to prevent data transmission did nothing, according to multiple reports. Grok has a history of privacy issues, including training on X user data without consent in what regulators called a "very likely" breach of EU law. A quarter of European firms have banned Grok entirely in favour of alternatives with better security controls. Elon Musk confirmed the uploads and said SpaceXAI would delete all prior Grok Build user data. The company documented a "zero data retention" policy and added a /privacy endpoint. A same-client retest observed a server-side flag disabling the uploads. However, no independent audit has confirmed the deletion. Grok Build launched alongside Grok 4.5 as xAI's answer to Claude Code and Cursor, making the privacy breach particularly damaging for a product positioned to win enterprise developer trust.
[5]
SpaceXAI is wiping customer data after Grok was found storing more customer info than needed
Why it matters: The tool appeared to upload far more data than was needed to answer coding requests, potentially including proprietary source code, API keys and other sensitive information that customers may not have realized was leaving their computers. * Developers whose repositories contained API keys, cloud credentials or database passwords now may need to rotate those credentials, since deleting the uploaded data doesn't eliminate the risk that sensitive information was exposed. Driving the news: A security researcher reported over the weekend that Grok Build was uploading much more of customers' code repositories than was necessary to complete coding tasks. * Shortly after the findings were published, the uploads appeared to stop without users installing an update, suggesting SpaceXAI had made a change on its end. * SpaceXAI said Monday that "no trace and code data is ever retained" for customers with zero-data-retention agreements, adding that " we care deeply about your privacy and respect customer choice." * "As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain," SpaceXAI CEO Elon Musk also said on X Monday. By the numbers: In one test, Grok Build uploaded 5.1 gigabytes of data even though the coding task required just 192 kilobytes -- about 26,000 times more data than was needed. The big picture: SpaceXAI joins Anthropic and other AI companies that have faced questions this year over how customer data is collected, retained and used. * When Anthropic rolled out Fable 5 and Mythos 5, the company started retaining user data for those models for 30 days to "support our safety work," despite having zero data retention agreements with several enterprise customers. What to watch: It remains unclear how many SpaceXAI users were affected, which versions of Grok Build uploaded repositories, how long the data was stored, whether it was ever accessed, and how customers can independently verify that it has been deleted.
[6]
After a Privacy Backlash, Elon Musk's SpaceXAI Is Making a Major Change
Elon Musk's SpaceXAI announced yesterday they are making an important change to Grok following a privacy backlash. The company said it would be open sourcing their command-line AI coding assistant, Grok Build, after software developers raised serious privacy concerns last week. The issue relates to what kind of data, and how much, was going to Grok servers. Conversations with chatbots are usually not fully private, as AI models need to send prompts to be processed by large AI models in the cloud. But in this case, Grok Build was sending more than just conversations and the files users wanted to work on. It sent entire folders of private code to its servers, without any indication it was doing so. When developers exposed these problems, SpaceXAI didn't directly address the issue but instead made a quiet fix and announced that users have always been able to opt out of data retention. But users were still frustrated at the lack of transparency and accountability, and weren't convinced that these fixes were enough.
[7]
Grok Build's disaster shows why it trails behind ChatGPT, Claude, Gemini
Musk would have you continue to feed Grok Build your code, which is really what I am concerned about regarding this week's screw-up rather than the breach per se. The story starts with a security researcher who goes by the name of Cereblab, who used a proxy to route the coding CLI of xAI and discovered that whereas the actual channel of the tool transmitted a moderate 192 KB to complete a coding mission, there was another channel through which entire repositories were being sent to a Google Cloud Storage bucket - with their entire Git history - amounting to 5.1 gigabytes on one test repository alone, in dozens of chunks, which is some 27,800 times more data than the job required. Other users mentioned the tool accessing SSH keys and password managers. To xAI's credit, once this report went live, the uploads ceased. Indeed, Cereblab confirmed that flipping the server-side flag called disable_codebase_upload was enough for stopping the whole-repo transfer. This is a fix rather than a PR stunt. However, everything surrounding the fix paints a clear picture as to why Grok always ends up fourth in a race of three. Also read: OpenAI's first hardware device: Why not a wearable speaker tied to a necklace? One should start with the toggle that turned out not to work as intended despite the instruction received by the users. According to xAI staff, the /privacy toggle was the element that stopped leaking the information from the application. However, there was another option that actually managed to halt this process - an undocumented global flag which was unknown to the users. It does not mean that this communication tactic was used as an alternative for an engineering solution to the problem. Another example is xAI's response to the situation. In spite of the fact that researchers had found out that developers' codebases and secrets were not secure, the company did not publish any security advisory on the topic yet. There were neither deadlines nor verification methods, as well as any information on the scale of the problem, the number of affected users, or the time needed for the solution. Instead, one can find several threads where company employees reassure about the safety of the application and the promise made by Elon Musk on X that everything would be "completely and utterly deleted." Also read: 200 economists say AI threatens jobs but no one has a plan to fix it Then there's Musk, who somehow managed to make this worse in real-time too. Even as Musk later confirmed that all of the previously uploaded user data will be purged, he further went on to justify that holding onto "some" data was useful for debugging purposes, in effect asking users to continue to trust a tool that had been found out to do the opposite of what it said it would do. This is not security, but negotiation. It's also completely characteristic of how Musk behaves in his typical way when making promises and delivering through Full Self-Driving, the Hyperloop and the timelines of Mars. This doesn't mean that Grok Build does not have the technical know-how. The issue is one of trust, which is exactly what determines whether developers and companies even give their coding agent access to their private repos to begin with. Claude Code, Gemini, and Codex apparently read individual files and not whole code bases, which is a lower bar compared to "stop leaking secrets," and even xAI required a public researcher and a Twitter thread to get there. Shipping fast and fighting loud might work for X. For a coding tool that needs enterprises to trust it with their actual source code, it's a losing strategy, and this week is a pretty good explanation of why xAI keeps losing.
Share
Copy Link
SpaceXAI's Grok Build AI coding tool was discovered uploading users' entire code repositories to Google Cloud storage, including deleted secrets and files it was instructed not to access. Security researchers found the tool transmitted 27,800 times more data than needed. Elon Musk promised complete deletion of all uploaded data, and SpaceXAI subsequently open sourced the tool to rebuild trust.
SpaceXAI's Grok Build AI coding tool was discovered uploading user repositories far beyond what was necessary to complete coding tasks, raising serious data privacy concerns among developers. Security researchers at Cereblab published findings on July 12 showing the command-line interface was packaging and uploading entire code repositories as Git bundles to Google Cloud storage, including files it was explicitly told not to open and committed secrets deleted from history months prior. In one test, Grok Build uploaded 5.1 gigabytes of data even though the coding task required just 192 kilobytes—approximately 26,000 times more data than needed
5
. The wire-level analysis directly contradicted xAI's marketing claims that "nothing from your codebase transmitted to xAI servers during a session"4
.
Source: Axios
The scale of data retention was significantly more invasive than similar AI coding tools like Claude Code, which only open individual files rather than entire repos before uploading them. Dr. Lukasz Olejnik, an independent security researcher at King's College London, confirmed to The Verge that this amount of data retention is "excessive," adding that the sensitive data potentially at risk could include "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials"
1
. Cereblab's tests showed that even when instructed with a benign prompt to simply reply with "OK" and specifically ordered not to open any files, Grok Build uploaded the entire repo regardless, along with its full Git history3
. Other users reported similar results, including one whose entire user directory containing SSH keys, password manager databases, and API keys was opened and uploaded without user consent.
Source: Digit
After Cereblab's report attracted widespread attention, Elon Musk responded to the incident in a post on X, promising that all data Grok Build previously uploaded will be "completely and utterly deleted." As of Monday, researchers confirmed that SpaceXAI's servers were returning a "disable_codebase_upload: true" flag, and the backend change stopped the codebase upload from firing
1
. SpaceXAI initially tried to reassure users by stating that zero data retention (ZDR) was respected for enterprise customers and that the /privacy command could disable data retention. However, Cereblab pointed out that "/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control"1
. The researcher emphasized that "no developer should have to run an opt-out after every session to keep their own code off someone else's servers. The right default is off"3
.Related Stories
As part of promises to restore confidence, Musk said SpaceXAI would open source Grok Build after the codebase was audited for security vulnerabilities. On Wednesday, that promise was fulfilled with the entire project published on GitHub as a single commit with no pull requests or git history
2
. According to Simon Willison, creator of Datasette and co-creator of Django, the Grok Build codebase comprises 844,530 lines of Rust code, and while the code responsible for sending repos to the cloud remains, it appears altered to reverse the behavior2
. SpaceXAI acknowledged that data retention was enabled by default for non-enterprise users in the early beta, which has now been corrected. The company stated: "With all retained data deleted, retention default off, and an open-source harness, we are offering complete user privacy"2
.
Source: The Register
The incident poses significant implications for developers whose Git repositories contained API keys, cloud credentials, or database passwords. These users may need to rotate those credentials, since deleting the uploaded data doesn't eliminate the risk that proprietary code was exposed
5
. It remains unclear how many SpaceXAI users were affected, which versions of Grok Build uploaded repositories, how long the data was stored, whether it was ever accessed, and how customers can independently verify deletion5
. SpaceXAI invited security researchers to probe Grok Build for security issues and report them to its bug bounty program, which offers rewards ranging from $100-$20,000 depending on severity2
. The privacy breach is particularly damaging for a product positioned to win enterprise developer trust, launched alongside Grok 4.5 as xAI's answer to Claude Code and Cursor4
. Grok has a history of privacy issues, including training on X user data without consent in what regulators called a "very likely" breach of EU law, with a quarter of European firms having banned Grok entirely in favor of alternatives with better security controls4
.Summarized by
Navi
[1]
[2]
[4]
21 May 2026•Business and Economy
08 Jul 2026•Technology

10 Jul 2025•Technology

1
Policy and Regulation

2
Technology

3
Technology
