{"slug": "grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code", "title": "Grok Build Uploaded Entire Repositories When It Only Needed Parts of the Code, Researchers Say", "summary": "Security researchers at CereLab found that xAI's Grok Build CLI uploaded entire Git repositories, including sensitive files like credentials and .env configurations, instead of only the code needed for tasks. xAI later disabled full repository uploads via a server-side change and pointed users to privacy controls, but questions remain about data already transmitted.", "body_md": "# Grok Build Uploaded Entire Repositories When It Only Needed Parts of the Code, Researchers Say\n\n## Researchers found broad repository transfers, while xAI pointed users to privacy controls and settings.\n\n[xAI's Grok Build CLI coding tool](https://www.ibtimes.co.uk/xai-grok-explicit-ai-content-controversy-1802293) uploaded entire Git repositories instead of only the files needed for coding tasks, according to security researchers who analysed the tool's data transfers.\n\nThe findings raised questions over how AI coding assistants handle private developer data as companies increasingly allow these tools to access internal software projects, source code and other sensitive material.\n\nResearchers said the tool transmitted more repository data than the model required, while a later server‑side change disabled full repository uploads. Questions remain over what information may have already been transferred and how much visibility users have into AI tools' data handling.\n\n## Researchers Found Grok Build Uploading Full Code Repositories\n\nThe findings were first reported by Bluepoint, which cited security researchers at CereLab who examined Grok Build CLI's network activity.\n\nThe analysis found that the tool uploaded repository contents to a Google Cloud storage bucket linked to xAI, including files that were not required for the coding request.\n\nIn one test cited by the researchers, a 12GB repository resulted in around 5.1GB of uploaded data, while the coding task itself required only about 192KB.\n\nThe researchers said Grok Build uploaded the repository it was run inside rather than limiting transfers to files directly involved in the task.\n\nThe analysis also identified potential exposure of files such as .env configurations, credentials and Git history.\n\n## Why Full Repository Uploads Raised Red Flags\n\nA Git repository can contain source code, configuration files, documentation, credentials and previous changes recorded in commit history.\n\nResearchers said sending an entire repository could expose information beyond what an AI coding assistant requires to complete a specific task.\n\nThe concern centred on the amount of data transmitted, rather than only how the tool processed code after receiving it.\n\n## Grok Build Uploads Disabled Via Server‑Side Change\n\nAfter the analysis was published, CereLab reported that Grok Build's servers returned the setting:\n\ndisable_codebase_upload: true\n\nThe flag indicated that repository uploads had been disabled remotely. The change was identified through network analysis rather than a public software update.\n\nBecause Grok Build is a closed‑source tool, outside researchers cannot inspect the underlying code to determine how repository uploads are triggered.\n\nWhile repository uploads appeared to stop after the server‑side change, researchers raised concerns about data that may have already been transmitted.\n\n## xAI Highlights Grok Build Privacy Controls\n\nxAI later responded by highlighting privacy settings available for Grok Build.\n\nThe company said teams using Zero Data Retention (ZDR) would not have code data retained and pointed users to the /privacy command in the CLI to manage data retention settings.\n\n'We care deeply about your privacy and respect customer choice,' xAI said.\n\nZDR is only available to enterprise accounts, according to xAI's documentation. The response did not address questions raised by researchers over data that may have been transmitted before retention settings applied.\n\n## Grok Confirms Repository Upload Behaviour\n\nThe issue gained further attention after an X user asked Grok to explain the behaviour.\n\nIn response, the AI assistant said Grok Build CLI had been uploading 'your full Git repo', including files 'the AI never read or needed'. It also said the tool could send information such as secrets contained in .env files and that the 'improve the model' setting did not prevent the uploads.\n\n'We disabled full repo uploads server-side after researchers flagged it,' Grok said. The explanation matched several details raised in the researchers' analysis, including full repository uploads and the later server‑side change.\n\n© Copyright IBTimes 2025. All rights reserved.", "url": "https://wpnews.pro/news/grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code", "canonical_source": "https://www.ibtimes.co.uk/security-concerns-xai-grok-build-cli-uploading-git-repositories-1808445", "published_at": "2026-07-13 22:00:53+00:00", "updated_at": "2026-07-13 22:09:28.826848+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety", "ai-ethics"], "entities": ["xAI", "Grok Build", "CereLab", "Bluepoint", "Google Cloud"], "alternates": {"html": "https://wpnews.pro/news/grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code", "markdown": "https://wpnews.pro/news/grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code.md", "text": "https://wpnews.pro/news/grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code.txt", "jsonld": "https://wpnews.pro/news/grok-build-uploaded-entire-repositories-when-it-only-needed-parts-of-the-code.jsonld"}}