- xAI’s Grok Build CLI was uploading entire Git repositories with full commit history to a Google Cloud Storage bucket, not just files needed for coding tasks
- A researcher captured one upload and cloned the bundle, recovering a planted canary file the agent was told not to open
- The “Improve the model” toggle did not block uploads — it only controlled training, not whether code left the machine
- xAI disabled storage uploads server-side on July 13, but the upload code remains in the binary and can be re-enabled without an update
- Elon Musk stated all previously uploaded user data would be deleted, though individual subscribers must run the /privacy command to disable retention
xAI‘s Grok Build coding CLI was uploading entire Git repositories, full commit history included, to a Google Cloud Storage bucket run by xAI — not just the files a coding task required. A researcher publishing as cereblab, testing version 0.2.93, captured one such upload and cloned the git bundle from the intercepted request.
The upload traveled a separate channel from the model itself, and the byte split was stark. On a 12 GB repository the model never read, model-turn traffic to /v1/responses totaled roughly 192 KB while the storage channel to /v1/storage moved 5.10 GiB — a 27,800x gap between what the model needed and what left the machine. The destination bucket, grok-code-session-traces, accepted the data across 73 chunks, each returning HTTP 200.
The researcher planted a canary file called src/_probe/never_read_canary.txt with a unique marker the agent was told in plain terms not to open. Cloning the captured bundle recovered it verbatim along with the repo’s full commit history. A second, unrelated repo replicated the same result. Meanwhile, a tracked .env file containing fake API_KEY and DB_PASSWORD values went out unredacted through both the model turn and a session_state archive bound for storage.
The setting most developers would reach for did nothing here. With “Improve the model” turned off, Grok still uploaded the repository, and the server’s own /v1/settings response kept returning trace_upload_enabled: true. That toggle governs whether your data trains the model — it does not govern whether your code leaves the machine.
In cereblab’s cross-tool comparison, Claude Code and Codex sent no repository bundle; Gemini sent none in an idle test. Grok Build was the outlier.
On July 13, the same 0.2.93 binary stopped making storage requests. Developer Peter Dedene reported the same flag returned for his account, confirming the shutoff was server-side. The @SpaceXAI account said enterprise teams on zero data retention never have code stored, and that consumers can run /privacy in the CLI to disable retention. Elon Musk added all user data uploaded before now would be “completely and utterly deleted.”
A separate analysis of build 0.2.99 found the upload code still in the binary, held off by the server flag — meaning xAI can turn it back on without an update.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- BRICS expands to 10 members, challenges US dollar dominance by 2050
- Cathie Wood Boosts Nuclear Stakes: Buys OKLO, XE Shares
- White House crypto pointman Patrick Witt takes leave for JAG training
- BSC Volume Bot Review: What Chain-Specific Quality Looks Like
- Oracle Shares Tumble 6.5% as Iran Conflict Sparks Market Sell-Off
