cd /news/ai-tools/spacexais-grok-programming-tool-was-… · home topics ai-tools article
[ARTICLE · art-59456] src=theverge.com ↗ pub= topic=ai-tools verified=true sentiment=↓ negative

SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage

SpaceXAI's Grok Build AI coding tool was found uploading users' entire codebases to Google Cloud, including files it was instructed not to open and deleted secrets, before the company disabled the feature after researchers reported it. Elon Musk claimed all previously uploaded data will be deleted, but security experts called the data retention excessive, warning it could expose proprietary code, vulnerabilities, and credentials.

read1 min views1 publishedJul 14, 2026
SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage
Image: The Verge

SpaceXAI’s Grok Build AI coding tool was spotted up users’ entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and up entire code repositories, “including files it was told not to open and secrets deleted from history,” significantly more data retention than similar tools like Claude Code.

The researchers say that as of Monday, their tests show SpaceXAI’s servers returning a “disable_codebase_upload: true” flag, and the codebase upload “no longer fires.”

Elon Musk responded to the incident in a post on X claiming that all data Grok Build previously uploaded will be “completely and utterly deleted.” Musk also said in a separate post that “privacy settings are always respected,” but asked users to allow SpaceXAI to retain their data, saying it’s “helpful for debugging issues.”

Dr. Lukasz Olejnik, an independent security researcher at King’s College London, confirmed to The Verge that this amount of data retention is “excessive,” adding that the data potentially at risk could include “proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials.”

SpaceXAI initially responded to the issue with a post saying that, “If [zero data retention] is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data.” However, Cereblab points out that “/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn’t be pointed to as the control.”

── more in #ai-tools 4 stories · sorted by recency
── more on @spacexai 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/spacexais-grok-progr…] indexed:0 read:1min 2026-07-14 ·