The security analysis by Cereblab revealed that the Grok Build CLI was harvesting more data than industry peers like Claude Code. According to the findings, the tool ingested files specifically marked to be ignored, potentially exposing proprietary source code, infrastructure details, and sensitive credentials. Dr. Lukasz Olejnik of King’s College London characterized the retention levels as excessive, noting the significant risk to intellectual property and system security.
SpaceXAI Disables Automatic Codebase Uploads in Grok Build Tool
Users of the Grok Build AI coding tool discovered their entire software repositories were being uploaded to Google Cloud without explicit authorization. The practice, which ignored file exclusions and deleted history, surfaced after independent researchers flagged the software for excessive data retention that bypassed standard privacy controls.
Following the public disclosure, SpaceXAI updated its servers to disable the automatic upload feature. Elon Musk stated on X that all previously uploaded data will be deleted, though he also encouraged users to keep data retention enabled for debugging purposes. Despite company claims that a specific CLI command could clear synced data, researchers clarified that the suggested privacy toggle was merely a per-session setting rather than a structural fix for the unauthorized uploads.




Comments (0)
No comments yet. Be the first!