Grok Build Uploaded Entire Repositories When It Only Needed Parts of the Code, Researchers Say Security researchers at CereLab found that xAI's Grok Build CLI uploaded entire Git repositories, including sensitive files like credentials and .env configurations, instead of only the code needed for tasks. xAI later disabled full repository uploads via a server-side change and pointed users to privacy controls, but questions remain about data already transmitted. Grok Build Uploaded Entire Repositories When It Only Needed Parts of the Code, Researchers Say Researchers found broad repository transfers, while xAI pointed users to privacy controls and settings. xAI's Grok Build CLI coding tool https://www.ibtimes.co.uk/xai-grok-explicit-ai-content-controversy-1802293 uploaded entire Git repositories instead of only the files needed for coding tasks, according to security researchers who analysed the tool's data transfers. The findings raised questions over how AI coding assistants handle private developer data as companies increasingly allow these tools to access internal software projects, source code and other sensitive material. Researchers said the tool transmitted more repository data than the model required, while a later server‑side change disabled full repository uploads. Questions remain over what information may have already been transferred and how much visibility users have into AI tools' data handling. Researchers Found Grok Build Uploading Full Code Repositories The findings were first reported by Bluepoint, which cited security researchers at CereLab who examined Grok Build CLI's network activity. The analysis found that the tool uploaded repository contents to a Google Cloud storage bucket linked to xAI, including files that were not required for the coding request. In one test cited by the researchers, a 12GB repository resulted in around 5.1GB of uploaded data, while the coding task itself required only about 192KB. The researchers said Grok Build uploaded the repository it was run inside rather than limiting transfers to files directly involved in the task. The analysis also identified potential exposure of files such as .env configurations, credentials and Git history. Why Full Repository Uploads Raised Red Flags A Git repository can contain source code, configuration files, documentation, credentials and previous changes recorded in commit history. Researchers said sending an entire repository could expose information beyond what an AI coding assistant requires to complete a specific task. The concern centred on the amount of data transmitted, rather than only how the tool processed code after receiving it. Grok Build Uploads Disabled Via Server‑Side Change After the analysis was published, CereLab reported that Grok Build's servers returned the setting: disable codebase upload: true The flag indicated that repository uploads had been disabled remotely. The change was identified through network analysis rather than a public software update. Because Grok Build is a closed‑source tool, outside researchers cannot inspect the underlying code to determine how repository uploads are triggered. While repository uploads appeared to stop after the server‑side change, researchers raised concerns about data that may have already been transmitted. xAI Highlights Grok Build Privacy Controls xAI later responded by highlighting privacy settings available for Grok Build. The company said teams using Zero Data Retention ZDR would not have code data retained and pointed users to the /privacy command in the CLI to manage data retention settings. 'We care deeply about your privacy and respect customer choice,' xAI said. ZDR is only available to enterprise accounts, according to xAI's documentation. The response did not address questions raised by researchers over data that may have been transmitted before retention settings applied. Grok Confirms Repository Upload Behaviour The issue gained further attention after an X user asked Grok to explain the behaviour. In response, the AI assistant said Grok Build CLI had been uploading 'your full Git repo', including files 'the AI never read or needed'. It also said the tool could send information such as secrets contained in .env files and that the 'improve the model' setting did not prevent the uploads. 'We disabled full repo uploads server-side after researchers flagged it,' Grok said. The explanation matched several details raised in the researchers' analysis, including full repository uploads and the later server‑side change. © Copyright IBTimes 2025. All rights reserved.