Grok Build uploading full repos and .envs to GCP Grok Build, an AI coding tool from xAI, has been found uploading entire local repositories, including .env files with API keys and credentials, to Google Cloud Platform without user consent. Security researchers warn that the tool's background sync feature treats local development environments as training data, potentially exposing sensitive secrets and compromising private stacks. Users are advised to rotate all credentials and treat their systems as compromised. the absolute state of ai dev tools. grok build is silently dumping 12gb of untouched repo data and full git commit histories to gcp just to autocomplete a script. they don't want to help you build, they are just treating local dev environments like an open buffet for training data. if you run this on a sensitive stack, your entire repo is already compromised regardless if it's public or not. literal spyware. shipping source code to the cloud is bad enough. blindly inhaling .env.local and .dev.vars in a background sync is absolute negligence. they are vacuuming up your raw api keys, database credentials, and private nodes directly to gcp just to power an autocomplete model. a massive credential breach disguised as a dev tool. if you ran this locally, your private keys are now sitting on a remote server. consider every secret burned, treat your bare metal as completely compromised, and rotate your entire stack immediately. @elonmusk https://x.com/elonmusk , your users deserve a serious explanation 🚨🚨🚨 SpaceXAI 的人工智能编码工具