A security researcher has exposed a critical flaw in xAI's Grok Build CLI. The tool was silently uploading users' entire local Git repositories-including full commit histories and secrets from .env files-to a Google Cloud Storage bucket managed by xAI.
The researcher, using network traffic analysis, discovered the uploads occurred regardless of user settings designed to opt out of data sharing. One documented case showed 5.1 GiB of data transferred when only 192 KB was needed.
xAI has since disabled the upload feature server-side and introduced a new configuration option in the CLI. However, the company has not issued a formal public statement. Critical questions remain unanswered: the scope of affected users, data retention policies for material already uploaded, and confirmation that previously collected data has been deleted.
Experts urge all developers using Grok Build or similar tools to immediately audit their network traffic and rotate any potentially exposed secrets, including API keys and authentication tokens.