Groks AI coding CLI, Grok Build, was uploading entire Git repositories with full commit history to xAI cloud storage rather than only the files needed for coding tasks, a security researcher has disclosed, raising significant data privacy concerns.
Testing version 0.2.93, the researcher found that when a model was instructed not to open a specific file, the upload channel still transmitted 5.10 GiB of data from a 12 GB repository while actual model interaction consumed only 192 KB. The storage channel moved approximately 27,800 times more data than needed, transmitted in 73 separate chunks to a Google Cloud Storage bucket named grok-code-session-traces. Every upload returned HTTP 200, and across multiple tests the volume consistently tracked total repository size rather than file access.
The finding raises questions about data handling practices in AI coding assistants. Developers using Grok Build may have inadvertently uploaded proprietary source code containing credentials, API keys, and intellectual property to xAI infrastructure without explicit consent or knowledge. The researcher who disclosed the issue has recommended that users audit their Git repositories for any sensitive material that may have been transmitted through the tool.
HTMLEOF
