Grok Build AI Coding Assistant Secretly Uploaded Entire User Repositories Including Git History and Secrets to Google Cloud
Grok Build, the command-line AI coding assistant created by xAI, was discovered sending complete user repositories — including full Git history and long-deleted secrets — to Google Cloud storage, often without any legitimate need to access the files.
Security researcher Cereblab identified the issue after analyzing network traffic between the Grok Build CLI and xAI servers. The tool was observed packaging entire repositories into Git archives and uploading them wholesale, even when the user explicitly instructed it to answer “OK” and forbade any file access.
Scope of the Data Exposure
Unlike competing tools such as Claude Code, Gemini, and Codex, which typically open only the specific files required for a task, Grok Build transmitted significantly larger volumes of data. In multiple tests, the assistant uploaded full project histories containing passwords, access keys, and other credentials that developers had removed from the current working tree months earlier but remained in Git history.
One user reported that Grok Build also exfiltrated the entire home directory, exposing SSH keys, password-manager databases, and additional sensitive material.
Company Response and Technical Fix
Following the public report, xAI engineers activated the server-side parameter disable_codebase_upload and set it to true for all users, immediately halting the mass uploads. The company also claimed to operate in a zero-data-retention (ZDR) mode for accounts with the setting enabled and offered the /privacy command to disable retention and delete previously synced data.
Cereblab disputed the effectiveness of these measures, stating that the /privacy command only affected session-level storage and did not stop the underlying repository uploads. The researcher emphasized that secure defaults should prohibit transmission of codebases rather than require users to opt out manually.
Further Actions and Remaining Concerns
Elon Musk publicly stated that xAI would completely delete all user data collected before the fix. On July 12, the company open-sourced Grok Build, removed usage restrictions, disabled data storage by default, and began deleting previously stored code while allowing local execution of the tool.
Although these steps address future behavior, independent verification that all previously uploaded repositories, commit histories, and secrets have been erased remains impossible. The episode highlights fundamental risks in AI coding assistants that process source code in the cloud without transparent, user-controlled data-handling policies.