Loading...
SpaceXAI's Grok coding tool leaking user data to cloud
The issue was first detected by Cereblab

SpaceXAI's Grok coding tool leaking user data to cloud

Jul 15, 2026
01:10 pm

What's the story

In a major privacy breach, SpaceXAI's Grok Build AI coding tool was found uploading users' complete codebases to Google Cloud. The issue was first detected by Cereblab, who reported that the Grok Build CLI was packaging and transferring entire code repositories, even files it was instructed not to open. This data retention far exceeded that of similar tools like Claude Code.

Response

Elon Musk promises complete deletion of user data

In light of this incident, Elon Musk took to X and promised that all data uploaded by Grok Build would be "completely and utterly deleted."

He also claimed that "privacy settings are always respected," but urged users to let SpaceXAI keep their data for debugging purposes.

This comes as an attempt to reassure users amid concerns over their sensitive information being exposed.

Expert opinion

Privacy breach raises red flags

Dr. Lukasz Olejnik, an independent security researcher at King's College London, flagged the data retention by Grok Build as "excessive."

He warned that the potentially exposed information could include proprietary source code, information about security vulnerabilities, personal data, infrastructure details, and credentials.

This highlights the serious implications of this privacy breach for users who trusted SpaceXAI's coding tool with their sensitive information.

ADVERTISEMENT

Company statement

SpaceXAI issues statement on data retention issue

In response to the data retention issue, SpaceXAI issued a statement saying that if zero data retention is disabled, users can use the /privacy command in the CLI to disable data retention and delete previously synced data.

However, Cereblab clarified that "/privacy is a per-session retention toggle," not the switch that fixed this problem.

This highlights some confusion over how users can manage their data with Grok Build.

ADVERTISEMENT

Data breach

Detailed analysis reveals extent of privacy breach

A detailed analysis by a security researcher revealed that version 0.2.93 of xAI's Grok Build CLI uploaded unredacted file contents, including secrets in.env files, as well as entire Git repositories and their commit history to cloud storage.

The researcher found fake API keys and database passwords in an.env-style file within the request data.

A separate background upload mechanism was also discovered, which could package and upload an entire Git repository instead of just the necessary files for a coding task.

User control

User control over data questioned

The "Improve the model" toggle on Grok Build, which many developers would think is a data collection control, didn't stop the uploads even when disabled.

Server responses still returned `trace_upload_enabled: true`, and repository uploads continued as normal.

This raises questions about user control over their data with this coding tool from SpaceXAI.

Company silence

xAI silent on why repositories were uploaded, not secured

xAI has not issued a security advisory or explained why repositories were uploaded. The company has also not clarified how the data was handled or how long it was retained. However, Musk stated that all user data uploaded before the fix would be deleted.

ADVERTISEMENT