xAI's Grok Build coding tool — the company's AI-powered CLI for software development — was silently uploading users' entire codebases to Google Cloud Storage without making the scope of that data collection clear. The behavior was uncovered and published by researchers at Cereblab on Monday, triggering a rapid response from xAI.
What Cereblab Found
The Cereblab team discovered that the Grok Build CLI was packaging and transmitting full code repositories to xAI's servers — not just the files relevant to a given task. Critically, the upload included:
- Files explicitly marked as ignored (e.g., via
.gitignore) - Secrets and credentials that had been deleted from git history
- Essentially the entire project tree, regardless of relevance
This goes significantly beyond what comparable AI coding tools collect. Anthropic's Claude Code, for example, sends only the context directly needed for a given task — not a wholesale snapshot of the repository.
xAI's Response
By the time Cereblab published their findings, xAI appears to have already moved to shut the behavior down. Researchers noted that as of Monday, xAI's servers were returning a disable_codebase_upload: true flag, and confirmed the upload "no longer fires" in their tests.
Elon Musk responded publicly to coverage of the incident, though the nature of his response was not elaborated in detail by early reports.
The speed of the rollback suggests xAI was either aware of the issue internally or moved extremely quickly once it became public — neither scenario reflects particularly well on the initial design decision.
Why This Is a Serious Issue
For developers, the implications here are significant and worth unpacking carefully.
Secrets deleted from git history are not truly gone in most workflows — they often persist in local files, environment configs, or backup branches. The fact that Grok Build was reportedly capturing this data means developers who used the tool may have inadvertently exposed:
- API keys and tokens
- Database credentials
- Private environment variables
- Proprietary source code and business logic
The issue isn't just privacy — it's supply chain security. A codebase upload that includes credentials is functionally equivalent to handing an attacker (or any third party with cloud storage access) the keys to your infrastructure.
What Developers Should Do Now
If you used Grok Build prior to this week, treat your credentials as potentially compromised:
- Rotate all API keys and secrets associated with any project where you ran the CLI
- Audit your
.envfiles and config directories for anything sensitive - Check your git history for credentials that may have been committed and later removed
- Monitor xAI's official communications for any disclosure of what data was retained and for how long
The Broader Pattern
This incident joins a growing list of AI developer tooling controversies around data handling transparency. As AI coding assistants move from experimental to production-grade infrastructure, the implicit trust developers place in these tools — running them with full filesystem access inside live projects — demands a much higher standard of disclosure.
Tools like GitHub Copilot, Cursor, and Claude Code have all faced scrutiny over telemetry and code transmission practices. What sets this case apart is the apparent inclusion of secrets and ignored files, which crosses from aggressive data collection into territory that could directly enable security incidents.
For startup founders and engineering teams evaluating AI coding tools: read the privacy documentation before granting filesystem access, and treat any tool that requires broad local permissions as a potential data exfiltration vector until proven otherwise.



