Grok Build CLI Exposes User Data by Uploading Entire Git Repositories

Grok Build CLI Exposes User Data by Uploading Entire Git Repositories

First seen 14 Jul 2026, 14:06 UTC Feeds.4SysopsTheregisterCybersecuritynews 80% similarity 69.0

Article Content

Browse articles
ThreatCluster

The Grok Build CLI from xAI was found to be automatically uploading entire Git repositories to Google Cloud, including sensitive data and unredacted secrets. This behavior persisted even when users instructed the CLI not to access local files. Security researchers confirmed that the data transmitted was significantly larger than necessary for the tasks requested, with some uploads being nearly 28,000 times larger. Affected users reported the exposure of sensitive information such as SSH keys and password manager databases. Following the revelations, Elon Musk promised a data purge and assured users that previously uploaded data would be deleted. The issue was addressed with a server-side fix that disabled the problematic uploads. The incident has raised significant privacy concerns regarding the handling of user data by AI tools.

Key Points: • Grok Build CLI uploaded entire Git repositories, including sensitive data, to the cloud. • Elon Musk promised to delete all previously uploaded user data following the incident. • A server-side change has stopped the unauthorized uploads after the issue was publicly reported.

ThreatCluster AI

Timeline

2026-07-10
Cereblab publishes report on Grok Build
The report revealed that Grok Build was uploading entire repositories, including sensitive data, to Google Cloud.
Theregister
2026-07-10
Grok Build uploads confirmed by users
Multiple users reported that their entire user directories were uploaded without consent, including sensitive files.
Theregister
2026-07-14
Musk promises data purge
Elon Musk stated that all previously uploaded user data would be deleted to address privacy concerns.
Theregister
2026-07-14
Server-side fix implemented
A server-side change was made to disable the problematic uploads, stopping the data exfiltration.
Theregister

Community

Browse all →