Grok Build CLI Exposes User Repositories to Cloud Storage

Grok Build CLI Exposes User Repositories to Cloud Storage

First seen 14 Jul 2026, 14:06 UTC Feeds.4SysopsTheregisterCybersecuritynews 78% similarity 69.0

Article Content

Browse articles
ThreatCluster

Grok Build, a command-line interface from SpaceXAI, was found to automatically upload entire Git repositories to a Google Cloud Storage bucket. This included all tracked files, commit histories, and sensitive information from .env files, even when minimal data was needed for processing. The issue was identified by security researcher Cereblab, who confirmed that the tool sent gigabytes of data without user consent. Following public outcry, SpaceXAI implemented a server-side fix to stop the uploads and promised to delete previously collected data. Users can now disable data retention through a command in the CLI. The incident highlights significant privacy concerns regarding the handling of user data by AI tools.

Key Points: • Grok Build CLI uploaded entire Git repositories, including sensitive data, to the cloud. • A server-side change has halted the unauthorized uploads, and data deletion was promised by SpaceXAI. • Users can manage data retention settings through the CLI to prevent future uploads.

ThreatCluster AI

Timeline

2026-07-10
Cereblab publishes report on Grok Build
Researcher Cereblab reveals Grok Build's automatic uploading of entire repos to cloud storage, raising privacy concerns.
Theregister
2026-07-14
SpaceXAI confirms uploads have stopped
After implementing a server-side change, SpaceXAI confirms that Grok Build is no longer transmitting entire repositories.
Theregister
2026-07-14
Musk promises data deletion
Elon Musk publicly commits to deleting all previously uploaded user data following the incident.
Theregister
2026-07-14
SpaceXAI issues public statement
SpaceXAI reassures users about data retention options and the safety of Grok Build for enterprise use.
Theregister

Community

Browse all →