Theregister
Grok Build CLI Exposes User Repositories to Cloud Storage
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Grok Build, a command-line interface from SpaceXAI, was found to automatically upload entire Git repositories to a Google Cloud Storage bucket. This included all tracked files, commit histories, and sensitive information from .env files, even when minimal data was needed for processing. The issue was identified by security researcher Cereblab, who confirmed that the tool sent gigabytes of data without user consent. Following public outcry, SpaceXAI implemented a server-side fix to stop the uploads and promised to delete previously collected data. Users can now disable data retention through a command in the CLI. The incident highlights significant privacy concerns regarding the handling of user data by AI tools.
Key Points: • Grok Build CLI uploaded entire Git repositories, including sensitive data, to the cloud. • A server-side change has halted the unauthorized uploads, and data deletion was promised by SpaceXAI. • Users can manage data retention settings through the CLI to prevent future uploads.