xAI's Grok Build CLI Was Secretly Uploading Full Repositories — and the Opt-Out Didn't Stop It Independent security researchers confirmed xAI's Grok Build CLI was silently uploading full repository contents, including source code, git history, and .env files with API keys, to xAI servers. The tool's privacy opt-out governed data retention, not transmission, so developers who opted out still had their code sent. xAI disabled the upload server-side after disclosure, and Elon Musk committed to deleting all data, though no confirmation has followed. xAI's Grok Build CLI Was Secretly Uploading Full Repositories — and the Opt-Out Didn't Stop It Independent security researchers confirmed xAI's Grok Build CLI was silently uploading full repository contents — source code, git history, and .env files with API keys — to xAI servers. The tool's privacy opt-out governed data retention, not transmission. Developers who opted out still had their code sent. xAI disabled the upload server-side after disclosure. Musk committed to deleting all data, though no confirmation has followed. Independent security researchers confirmed this week that xAI's Grok /compare/mistral-large-vs-grok-2 Build CLI - a coding assistant for developers - was silently uploading full repository contents to xAI servers. Source code, git history, and secrets files including .env files with API keys and database credentials. All of it. The kicker: the tool's privacy opt-out didn't block transmission. It only governed how long xAI kept the data. Developers who thought they'd opted out of data sharing had their code sent anyway. xAI disabled the upload server-side after public disclosure. Elon Musk committed to deleting all previously uploaded data. As of July 14, that deletion had not been confirmed. What Actually Happened The Grok Build CLI version 0.2.93 was a command-line tool that let developers use Grok models for coding inside their terminal. During operation, it established outbound connections to xAI infrastructure. Wire-level analysis confirmed the tool transmitted entire repository contents - not just code snippets, but complete directory trees including hidden files. Security researcher Cereblab published a detailed analysis showing the behavior was systematic, not a bug. The --no-telemetry flag and privacy settings governed retention policy on xAI's servers. They did not prevent transmission. Data left the developer's machine regardless of configuration. After the findings went public, xAI took the upload endpoint offline. Musk posted that all previously uploaded data would be deleted. No third-party audit or deletion confirmation has followed. Who's Affected Every developer who ran Grok Build CLI against a production or staging codebase. If your repository contained API keys, database credentials, or proprietary source code, those assets were transmitted to xAI infrastructure. The blast radius is difficult to measure. The tool was available through standard package managers. It required no special enterprise procurement. Individual developers could install and run it without IT or security team awareness. AI governance firm aigovernance.com published an action brief recommending enterprises audit all developer workstations for Grok Build CLI installations, rotate all credentials that may have been in exposed repositories, and assess whether the unauthorized transmission triggers breach notification obligations under GDPR Article 33 or state privacy laws. The Governance Gap This incident isn't about xAI specifically. It exposes a structural problem with AI developer tools. Coding assistants operate with filesystem access. They establish outbound network connections. They transmit data to vendor infrastructure. Most organizations have no visibility into any of this. The Cloud Security Alliance has now compiled ten agent security incidents across seven weeks. The Grok Build CLI exfiltration joins data poisoning /glossary/data-poisoning attacks on financial agents, fabricated court citations from legal AI, and other documented harms. The common thread: organizations are deploying AI agents and developer tools into environments where oversight infrastructure was never built to follow them. Procurement teams don't review coding CLI tools. Security teams don't monitor developer tool network traffic. The attack surface expands faster than the defenses. aigovernance.com is now recommending enterprises add AI developer tools as a distinct category in vendor security reviews - requiring wire-level data transmission analysis for any tool that operates on local codebases. What Developers Should Do Now If you installed the Grok Build CLI, assume exposure. Not possible exposure. Confirmed exposure. Wire-level analysis proved data transmission occurred regardless of settings. Rotate every credential that existed in any repository where the CLI ran. API keys, database passwords, cloud provider secrets, SSH keys. All of it. Check whether your organization's breach notification obligations apply. If source code contained personal data - customer names in config files, PII in test fixtures - GDPR and state privacy law notification requirements may trigger. Push procurement teams to add network transparency requirements to AI tool vendor assessments. If a coding tool makes outbound connections, you need to know what it sends and to whom, before developers install it. Q: Was this a bug or intentional design? A: Wire-level analysis showed systematic upload behavior, not accidental transmission. The opt-out governing retention but not transmission was a design choice, not an implementation error. Q: Has xAI confirmed the data was deleted? A: Not publicly as of July 14. Musk committed to deletion. No third-party audit or formal confirmation has followed. Q: Does this affect the web-based Grok or the API? A: No. This was specific to the Grok Build CLI - the command-line coding assistant. Web-based Grok and the API were not involved. Q: How do I check if I had the Grok Build CLI installed? A: Check your terminal history for grok build or grok-build commands. Check package manager logs. The tool was available through npm and other standard registries. Q: What stops other AI coding tools from doing this? A: Currently, nothing except vendor trust. There are no mandatory standards requiring AI developer tools to disclose what data they transmit. Procurement review of coding tools is rare. This is the structural problem. Get AI news in your inbox Daily digest of what matters in AI.