SpaceXAI's Grok Build Caught Exfiltrating Entire Code Repositories

AI-generated image · US National Wire
Security researcher reveals that SpaceXAI's CLI tool uploaded full Git histories and sensitive user directories regardless of user prompts.
A report from AI safety researcher Cereblab has exposed that Grok Build, the command-line interface (CLI) from SpaceXAI, was transmitting entire user repositories to a Google Cloud Storage bucket without redaction. According to reporting from The Register, Cereblab found that the tool packaged full repos as Git bundles rather than uploading only the specific files needed to answer a prompt.
Cereblab's investigation revealed that Grok Build uploaded full repositories and Git histories—including secrets deleted months prior—even when the researcher used a benign prompt and explicitly ordered the CLI not to open any files. Other users reported the tool uploaded entire user directories containing password manager databases and SSH keys. Cereblab noted that this behavior exceeded the data retention practices of competitors such as Codex, Gemini, and Claude Code, which open individual files rather than entire repositories.
In response, SpaceXAI executives Andrew Milich and Jason Ginsberg issued assurances regarding user privacy, and Elon Musk promised that all user data uploaded prior to the fix would be "completely and utterly deleted." SpaceXAI stated via X that the tool respects zero data retention (ZDR) for enterprise customers and that non-enterprise users can use a `/privacy` command to disable data retention and delete previously synced data.
However, Cereblab clarified that the `/privacy` command did not stop the exfiltration. The transfers only ceased after developers implemented a server-side change, setting a global flag `disable_codebase_upload` to "true." Cereblab criticized the company for pointing to the `/privacy` toggle as the control, noting that the command is a per-session retention toggle and not the mechanism that actually fixed the unauthorized uploads.

