Grok Build was uploading entire Git repositories to xAI’s cloud, including committed secrets
A security researcher published a wire-level analysis on July 12 proving that xAI’s Grok Build coding CLI was packaging developers’ entire tracked repositories, including full Git history, committed secrets, and API keys, and sending them to a Google Cloud Storage bucket. The upload volume was roughly 27,800 times greater than the data the coding task actually required, according to the analysis.
The researcher, publishing as cereblab, tested version 0.2.93 of Grok Build, intercepted the upload, cloned the git bundle from the captured request, and recovered a file the AI agent had been explicitly told not to open. xAI had marketed the tool with claims that “nothing from your codebase transmitted to xAI servers during a session.” The wire data directly contradicts this.
The privacy toggle that was supposed to prevent data transmission did nothing, according to multiple reports. Grok has a history of privacy issues, including training...
Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE