A security researcher has shown that xAI's Grok Build CLI was uploading entire git repositories, including unredacted secrets, to a Google Cloud Storage bucket, and that the tool's own opt-out toggle did not stop it. The uploads quietly ceased on July 13 through a hidden server-side flag, with no advisory from xAI.

What to Do Now

If you have run Grok Build CLI on any private repository, treat its contents as potentially exposed. Update to the latest client, then rotate every credential, API key, and token that has ever lived in a repo you opened with the tool, including values buried in git history rather than the current working tree. The researcher's reproduction repository planted a canary secret and captured it leaving the machine verbatim, so a committed .env or config file counts even if you never asked the agent to read it. Audit your history with a secret scanner before assuming any key is safe.

Why It Matters for Creators

Coding agents now sit at the center of many build pipelines, and builders hand them their most sensitive material by default. This case shows that "deny" controls in an AI CLI can govern only what the model reads, not what the surrounding tooling ships off-device. As GIGAZINE reported, the upload channel ran independently of the model turn, so trusting the visible permission prompt was not enough.

Key Details

Destination: A bucket named grok-code-session-traces, with repo data staged under versioned paths.

Scale: On a 12 GB test repository, the model channel moved about 192 KB while the parallel upload transferred roughly 5.1 GiB across dozens of chunks, per the wire-level capture.

Secrets: A planted API_KEY canary and a 48 KB file of database credentials appeared in the captured traffic in the clear.

Mitigation: As of July 13 the same 0.2.93 client showed zero storage uploads, with the server now returning disable_codebase_upload: true, as International Cyber Digest documented.

What to Watch

xAI has not published a security advisory explaining whether the fix is global, permanent, or retroactive, and has said nothing about retention or deletion of data already collected. Watch for an official statement clarifying scope, and reproduce the behavior yourself with the public mitmproxy harness if you need to confirm your own client is no longer uploading.