Musk promises purge after Grok Build caught sending entire repos to the cloud
Jump to main content
Search
REG AD
AI and ml
Musk promises purge after Grok Build caught sending entire repos to the cloud
Researcher confirms the uploads have stopped, but says xAI's privacy command was not what fixed them
Connor Jones
Connor<br>Jones
Cybersecurity reporter
Published<br>tue 14 Jul 2026 // 13:39 UTC
The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.<br>AI safety researcher Cereblab published a report on Sunday about their investigation into Grok Build, SpaceXAI's command-line interface (CLI), and the data exchanged between the CLI and SpaceXAI's servers.<br>Cereblab found that when Grok Build reads or processes a file, the contents of that file are transmitted without redaction to a Google Cloud Storage bucket used by SpaceXAI. Further, they claimed that Grok Build packages entire repos and uploads them as Git bundles, instead of just uploading the files required to answer a user's prompt.
REG AD
According to Cereblab's report, SpaceXAI's data retention went far beyond that of other CLIs, such as Claude Code, Gemini, and Codex, which open individual files rather than entire repos before uploading them along with their Git histories.
REG AD
The researcher tested the behavior using a benign prompt. They instructed the CLI to simply reply with "OK," and specifically ordered it not to open any files.<br>Grok Build uploaded the entire repo regardless, along with its full Git history containing secrets that were deleted months prior – a finding Cereblab reproduced using a separate repo.<br>Other Grok Build users reported similar results after Cereblab published their report, including one whose entire user directory, containing SSH keys, password manager databases, and more, was opened and uploaded.<br>The findings attracted enough attention for SpaceXAI execs and Musk to comment on them publicly, as well as prompting the company to quickly implement a remedy.<br>Cereblab confirmed that after the CLI's devs set disable_codebase_upload to "true," Grok Build stopped transmitting entire repos to its servers.<br>The confirmation came hours after SpaceXAI weighed in, trying to reassure onlookers that Grok Build remained safe for use, especially in enterprise environments.<br>A public statement issued via X said that Grok Build respects customers who enable zero data retention (ZDR), and for those who haven't enabled it, such as non-enterprise customers, running a quick command deletes all data previously collected on a given user.<br>"We care deeply about your privacy and respect customer choice," SpaceXAI said. "For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR.
REG AD
"If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data.<br>"Run the /privacy command to view or change your settings at any time."<br>Technical staff members Andrew Milich and Jason Ginsberg both repeated the company's assurances, responding to outraged techies before Musk himself chimed in with a trademark "true."<br>Musk promised that the business would delete all user data uploaded to it prior to the code change preventing whole-repo uploads.<br>"As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted," he said, responding to Milich's community outreach. "Zero anything whatsoever will remain."<br>In a separate post, Musk asked users to keep sharing data anyway, despite the disclosure that his company had been caught hoovering up entire user repos, on the basis that retaining "some" data helps with debugging.<br>The Register cannot independently verify whether SpaceXAI has deleted the data as promised.<br>However, Grok Build no longer rips user repos and stores them in the cloud, although Cereblab is still unhappy about the company's recommendation to use the /privacy command to adjust how exposed user code is to data retention measures.
REG AD
"What actually stopped the upload was a silent global flag – disable_codebase_upload: true – that applies whether you opt in or out," they wrote.<br>"/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control. And no developer should have to run an opt-out after every session to keep their own code off someone else's servers. The right default is off." ®
spacexai<br>security<br>privacy<br>grok build<br>ai and ml
REG AD
ai and ml
DeepMind bigbrain calls for America to set AI standards before it's too late
Industry, regulate thyself
Security
Welsh Doxbin admin jailed for egging on swatters from behind a screen
Callum Dare encouraged others to carry out dangerous hoaxes, made mini-movies from...