Musk's Coding Agent Uploaded 27,800x More Data Than the Task Needed — Your Whole Repo, Secrets… A security researcher found that xAI's Grok Build coding agent uploaded 5.10 GiB of data to a Google Cloud Storage bucket for a task requiring only 192 KB, a 27,800x excess that included users' entire home directories, SSH keys, and password manager databases. Elon Musk personally promised to delete all previously uploaded user data. The incident highlights the need for users to wire-audit coding agents like Claude Code, Codex, Cursor, or Grok using tools like mitmproxy. Member-only story Musk's Coding Agent Uploaded 27,800x More Data Than the Task Needed — Your Whole Repo, Secrets Included The model turn needed 192 KB. The storage channel moved 5.10 GiB. That is a 27,800x gap between what xAI’s Grok Build coding agent needed to answer a prompt and what actually left the researcher’s machine — and the destination was a Google Cloud Storage bucket named grok-code-session-traces that no setup doc ever mentioned. On July 12, a security researcher publishing as cereblab dropped a wire-level analysis of Grok Build CLI 0.2.93. By July 14 it was on the front page of Hacker News, other users were reporting that their entire home directories — SSH keys and password-manager databases included — had been swept up, and Elon Musk was personally promising that “all user data that was uploaded to xAI before now will be completely and utterly deleted. Zero anything whatsoever will remain.” I spent yesterday reading the full capture log and reproducing the audit methodology against my own tools. This article covers what was actually proven which is narrower and scarier than the headlines , and then the part that matters for you: how to wire-audit any coding agent you run — Claude Code, Codex, Cursor, or Grok — in about 15 minutes with mitmproxy. Because the uncomfortable lesson of this story is that the only person who checked was one anonymous…