A coding tool built around Grok, the AI model from Elon Musk's xAI, was quietly uploading users' entire code repositories to remote cloud storage, a security researcher has found, raising alarm among developers about the exposure of proprietary code and secrets.
The issue centered on "Grok Build", a command-line assistant for programmers. According to reporting by The Hacker News, a researcher discovered that the tool was sending complete Git repositories, not just the files the AI actually needed, to cloud storage, and that this happened without clear disclosure to users.
What the researcher found
By intercepting the tool's network traffic and planting marker files in test projects, the researcher reported that Grok Build uploaded files the AI had never accessed, along with the full history of changes in a repository. In one test, several gigabytes of data were transmitted when only a tiny fraction was needed for the task at hand.
More concerning to developers, the uploads were said to include sensitive material such as configuration files containing API keys and database passwords. The researcher also reported that a privacy command the company pointed users to affected only how long data was kept, not whether repositories were uploaded in the first place. Security experts advised anyone who had used the tool to rotate any credentials that might have been exposed, including secrets buried in past commits.
The company's response
The company moved to shut off the behavior once it became public. The Register reported that uploads were disabled on the server side, stopping the tool from sending repositories even though the underlying code remained in the software.
Musk, whose xAI was folded into SpaceX earlier this year, pledged a sweeping cleanup. "All user data that was uploaded to SpaceXAI before now will be completely and utterly deleted," he said, according to The Register. But no timeline was given, no way for users to confirm their data had been removed, and no figure for how many people or projects were affected; the outlet said it could not verify that any deletion had taken place.
A wider worry
The episode feeds a broader unease about the fast-growing category of AI coding assistants, which by their nature need access to developers' code and can send it to remote servers for processing. As companies race to ship these tools, the incident is a reminder that what such assistants collect, and where it ends up, is not always clear to the people using them, and that the burden of noticing often falls on outside researchers rather than the companies themselves.


