xAI's Grok Build CLI Uploads Entire Git repositories to a Google Cloud Bucket
Home
Newsletter
Sponsor
About
Contact
AI Security
13 July 2026 at 15:28
xAI's Grok Build CLI Uploads Entire Git repositories to a Google Cloud Bucket
xAI appears to have shut off the mechanism that let its Grok Build CLI upload complete developer repositories to company-controlled cloud storage, according to follow-up testing by the security researcher who exposed the behavior. The fix arrived as a hidden server-side flag, with no advisory, no statement, and no answer on what happens to code already collected.<br>What the packet captures showed<br>The findings come from a researcher publishing under the handle cereblab, who routed Grok Build CLI version 0.2.93 through the interception proxy mitmproxy on macOS and released the captures as a public gist. The analysis showed the client bundling the entire tracked repository, full Git history included, and uploading it to a Google Cloud Storage bucket named grok-code-session-traces.<br>The upload ran independently of the files the agent actually opened for its coding task. The numbers make that distinction concrete. On a 12 GB test repository, the model request channel moved about 192 KB of task-relevant traffic. The storage upload moved roughly 5.1 gigabytes. The tool was not sending what it needed to answer the developer. It was sending the codebase.<br>A canary credential the researcher planted in a .env file appeared verbatim and unredacted in the captured traffic. And because the CLI uploaded whatever repository it ran in, any team that pointed it at a private or proprietary codebase handed xAI an undisclosed copy of its source history, credentials, and secrets along with it.<br>The opt-out that did not opt out<br>Grok Build ships with an "Improve the model" toggle that most developers would read as a data-collection control. Disabling it did not stop the uploads. Server responses still returned trace_upload_enabled: true, and the repository transfer proceeded as normal. The setting governs training consent, not whether code leaves the machine.<br>Neither the storage bucket nor the upload behavior appears in Grok Build's setup documentation, according to coverage of the analysis, which also notes xAI had marketed the tool as local-first.<br>A fix shipped in silence<br>A day after the report went public, the researcher retested the same 0.2.93 client and found the server now returning disable_codebase_upload: true alongside trace_upload_enabled: false. Across six retests, no repository uploads were observed. That points to a deliberate server-side mitigation rolled out after the exposure, flipped remotely and invisibly.<br>The caveats cut both ways. The mitigation has been verified on one machine and one account, so there is no confirmation it is global, staged, or permanent. At the same time, the researcher is explicit that the captures do not prove xAI trained on the uploaded code, that employees viewed it, or that every account received the same configuration. This is a finding about undisclosed collection, not confirmed misuse.<br>What is entirely missing is xAI's side of the story. No security advisory. No explanation of the upload's purpose, scope, or retention. No word on whether repositories already sitting in grok-code-session-traces will be deleted. The official changelog listed version 0.2.98 as the latest release on July 12, 2026 without mentioning repository-upload behavior at all.
International Cyber Digest
Get the ICD Newsletter
Subscribe for source-forward cyber news, OSINT notes, breach updates, and analysis. Have evidence or a lead? Send it to ICD.
Subscribe<br>Send a tip
Subscribe
Get the ICD Newsletter: cyber news, OSINT notes, sources, and analysis.
Success
Great! Check your inbox and click the link
Error
Please enter a valid email address!
Latest posts
SpaceX and Starlink X Accounts Appear Compromised in Scam Coin Rug Pull
12 July 2026 at 22:11
EU Moves to Stop Addictive Design in Games and Apps Aimed at Children
12 July 2026 at 18:10
China and Russia Planning to Defeat Starlink and Jointly Counter US Hypersonics
12 July 2026 at 00:27
International Cyber Digest
Cybersecurity news, OSINT-backed investigations, and analysis on breaches, cybercrime, AI security, privacy, and digital threats.
Bluesky
Mastodon
You might also like