HyperAIHyperAI

Command Palette

Search for a command to run...

xAI’s Grok Build Uploaded User Codebases to Cloud

SpaceXAI has discontinued a feature in its Grok Build coding assistant that was inadvertently uploading complete user code repositories to Google Cloud storage. The issue was brought to light by security researchers at Cereblab, who discovered that the command-line interface tool was transmitting entire project directories, including restricted files and cryptographic secrets removed from commit history. This data retention practice far exceeded industry standards observed in comparable AI coding assistants. Upon verification of the findings on Monday, SpaceXAI infrastructure began returning a disabled codebase upload flag, effectively halting the unauthorized data transfers. In response to the incident, company chief executive Elon Musk posted on X that all previously synced data would be permanently eradicated. While Musk acknowledged that privacy configurations must be honored, he simultaneously encouraged users to permit data retention to assist with system debugging. Security experts have strongly criticized the scope of the data collection. Dr. Lukasz Olejnik, a researcher at King's College London, characterized the retention policy as excessive, warning that the exposed information encompassed proprietary source code, infrastructure architecture, security vulnerabilities, and valid authentication credentials. SpaceXAI initially attempted to address the concern by directing users to a slash command privacy toggle within the CLI, asserting that the setting disabled retention and removed previously synced files. Cereblab researchers quickly clarified that the privacy command only managed per-session data preferences and was not responsible for terminating the background upload mechanism. The correction underscores the necessity of verifying automated system controls against official documentation. As the company enforces the server-side disable flag and confirms the deletion of stored repositories, developers are reassessing their integration of third-party AI coding utilities amid heightened scrutiny over data sovereignty and secure development practices.

Related Links