Grok Build uploaded all Git repositories to xAI’s cloud, including committed secrets.



On July 12, a security researcher published wire-level analysis proving that xAI’s Grok Build coding CLI packages all tracked developers’ repositories, including full Git history, commit secrets, and API keys, and sends them to Google Cloud Storage. The download size was approximately 27,800 times the data required by the encoding task, according to the analysis.

A researcher publishing as Sereblab tested version 0.2.93 of the Grok Build, intercepted the download, cloned the git package from the captured request, and recovered a file he had explicitly told the AI ​​agent not to open. xAI marketed this tool with claims that “nothing is transferred from your codebase to the xAI servers during a session.” Wire data directly contradicts this.

According to multiple reports, the privacy switch that was supposed to prevent data transmission did nothing. Grok has a history of privacy issuesincluding regulators’most likely” Breach of EU law A quarter of European firms have banned Grok entirely in favor of alternatives with better safety controls.

Elon Musk confirmed the downloads and said SpaceXAI will delete all previous Grok Build user data. The company has documentedzero data retention” policy and added the /privacy endpoint. A retest of the same client observed a server-side flag that disabled downloads. However, no independent audit confirmed the removal. Grok Build was launched alongside Grok 4.5 xAI’s response to Clod’s Code and Cursor makes the privacy breach particularly damaging for a product that would gain the trust of an enterprise developer.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *