xAI Quietly Patches Grok Build CLI After Security Researcher Exposes Undisclosed Repository Uploads
Key Takeaways
- ▸Grok Build CLI was uploading entire developer repositories to Google Cloud Storage without explicit consent or transparent disclosure
- ▸The 'Improve the model' opt-out toggle did not prevent code uploads, indicating false user control over data collection
- ▸A security researcher discovered this through packet capture analysis showing 5.1 GB uploaded versus 192 KB needed for the actual task
Summary
A security researcher discovered that xAI's Grok Build CLI was uploading complete developer repositories, including full Git history, credentials, and secrets, to a Google Cloud Storage bucket named grok-code-session-traces. The researcher, publishing under the handle cereblab, analyzed traffic from version 0.2.93 using the mitmproxy interception tool and found that on a 12 GB test repository, the CLI uploaded 5.1 gigabytes of code despite only needing 192 KB for the actual coding task. Any team that ran Grok Build on a private or proprietary codebase inadvertently handed xAI an undisclosed copy of its entire source history.
Critically, the "Improve the model" toggle—which developers would reasonably expect to control data collection—did not stop the uploads. Server responses still returned trace_upload_enabled: true, and the repository transfer proceeded regardless of the user's setting. The upload behavior was never documented in Grok Build's setup documentation, contradicting xAI's marketing of the tool as "local-first." Additionally, test credentials the researcher planted in a .env file were captured and transmitted verbatim and unredacted in the traffic.
One day after the disclosure went public, xAI deployed a server-side fix without any security advisory, statement, or explanation. The researcher retested and observed the server returning disable_codebase_upload: true, preventing further uploads. However, xAI has provided no clarity on what happens to the repositories already stored in the cloud bucket, nor has it explained the upload's original purpose, scope, or data retention policy. The official changelog for version 0.2.98 (released July 12, 2026) makes no mention of the upload behavior or the fix.
- xAI applied a server-side fix after public exposure but provided no advisory, explanation, or guidance on already-collected code
- The tool lacked documentation about its upload behavior despite being marketed as 'local-first'
Editorial Opinion
This incident exposes a critical gap in transparency and user agency for AI developer tools. xAI's undisclosed collection of sensitive source code, credentials, and secrets—combined with a misleading opt-out mechanism and complete silence after discovery—fails to meet the accountability standards the industry must establish. The silent server-side patch without advisory, explanation, or disclosure about data retention raises serious questions about xAI's commitment to responsible AI deployment. Developers and enterprises evaluating AI-assisted coding tools must now demand explicit documentation of data practices and genuine consent mechanisms.



