Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
xAI’s Grok Build Uploads Full Repositories to Cloud

xAI’s Grok Build Uploads Full Repositories to Cloud

Posted on July 14, 2026 By CWS

xAI’s Grok Build has faced scrutiny after it was discovered that the coding CLI tool was uploading entire Git repositories, including full commit histories, to an xAI-managed Google Cloud Storage bucket. This behavior was identified by a researcher known as cereblab, who was testing version 0.2.93 of the software.

Investigative Findings

The investigation uncovered that Grok Build uploaded these repositories via a distinct channel, separate from the model’s primary operations. This resulted in a significant data transfer discrepancy; a repository containing 12 GB of files, never accessed by the model, generated 5.10 GiB of traffic to the storage channel, compared to just 192 KB to the model’s response channel.

Data transfers occurred in 73 chunks of approximately 75 MB each, all of which were successfully uploaded, as confirmed by HTTP status 200 responses. The files were stored in a bucket named ‘grok-code-session-traces’, as indicated by metadata within the binary.

Security and Privacy Concerns

Among the files uploaded was a deliberately placed ‘never_read_canary.txt’, which was recovered along with the repository’s full commit history, demonstrating the extent of data collection. Although there is no evidence that xAI used the code for training purposes, the presence of sensitive data, such as unredacted environment variables like API keys, raised security concerns.

The tool’s setting intended to prevent data from improving the model did not stop the uploads, highlighting a gap between user control and data handling. This practice contrasts with other cloud coding tools, which do not upload entire repositories.

xAI’s Response and User Recommendations

On July 13, the same Grok Build version ceased making storage requests, and server settings indicated that the uploads were disabled. However, xAI has not provided a detailed explanation or confirmed whether these changes are permanent.

In response, Elon Musk assured users that previously uploaded data would be deleted. xAI suggested using a ‘/privacy’ command to manage data retention settings. Users are advised to rotate any credentials potentially exposed by the tool’s activities to mitigate risk.

While the immediate issue has been addressed through server-side changes, the underlying upload code remains in the software, allowing potential reactivation without a client update. The lack of transparency about the initial data collection scope and duration remains a concern for users who rely on privacy and security.

The Hacker News Tags:cloud computing, cloud storage, coding tools, data privacy, data retention, data security, Elon Musk, Git repositories, Grok Build, privacy controls, repository management, server settings, software development, technology news, xAI

Post navigation

Previous Post: ModHeader Chrome Extension Pulled for Data Exfiltration Risk
Next Post: Jscrambler Packages Compromised in Supply Chain Breach

Related Posts

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets The Hacker News
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks The Hacker News
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps The Hacker News
Joomla JCE Vulnerability Exploited for PHP Code Execution Joomla JCE Vulnerability Exploited for PHP Code Execution The Hacker News
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months The Hacker News
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver
  • Valarian Secures $50M for Innovative Infrastructure Layer
  • npm Packages Exploited to Form DDoS Botnet
  • Jscrambler Packages Compromised in Supply Chain Breach
  • xAI’s Grok Build Uploads Full Repositories to Cloud

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver
  • Valarian Secures $50M for Innovative Infrastructure Layer
  • npm Packages Exploited to Form DDoS Botnet
  • Jscrambler Packages Compromised in Supply Chain Breach
  • xAI’s Grok Build Uploads Full Repositories to Cloud

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark