xAI’s Grok Build has faced scrutiny after it was discovered that the coding CLI tool was uploading entire Git repositories, including full commit histories, to an xAI-managed Google Cloud Storage bucket. This behavior was identified by a researcher known as cereblab, who was testing version 0.2.93 of the software.
Investigative Findings
The investigation uncovered that Grok Build uploaded these repositories via a distinct channel, separate from the model’s primary operations. This resulted in a significant data transfer discrepancy; a repository containing 12 GB of files, never accessed by the model, generated 5.10 GiB of traffic to the storage channel, compared to just 192 KB to the model’s response channel.
Data transfers occurred in 73 chunks of approximately 75 MB each, all of which were successfully uploaded, as confirmed by HTTP status 200 responses. The files were stored in a bucket named ‘grok-code-session-traces’, as indicated by metadata within the binary.
Security and Privacy Concerns
Among the files uploaded was a deliberately placed ‘never_read_canary.txt’, which was recovered along with the repository’s full commit history, demonstrating the extent of data collection. Although there is no evidence that xAI used the code for training purposes, the presence of sensitive data, such as unredacted environment variables like API keys, raised security concerns.
The tool’s setting intended to prevent data from improving the model did not stop the uploads, highlighting a gap between user control and data handling. This practice contrasts with other cloud coding tools, which do not upload entire repositories.
xAI’s Response and User Recommendations
On July 13, the same Grok Build version ceased making storage requests, and server settings indicated that the uploads were disabled. However, xAI has not provided a detailed explanation or confirmed whether these changes are permanent.
In response, Elon Musk assured users that previously uploaded data would be deleted. xAI suggested using a ‘/privacy’ command to manage data retention settings. Users are advised to rotate any credentials potentially exposed by the tool’s activities to mitigate risk.
While the immediate issue has been addressed through server-side changes, the underlying upload code remains in the software, allowing potential reactivation without a client update. The lack of transparency about the initial data collection scope and duration remains a concern for users who rely on privacy and security.
