Jul 14, 2026 · 11:14 PM
Subscribe
Home Ai

Grok Build Quietly Uploaded Developers Entire Codebases to xAI Cloud

A developer's reverse-engineering of xAI's Grok Build tool found it silently uploading entire codebases, including deleted secrets, to xAI's cloud storage, directly contradicting the company's zero data retention claims. Elon Musk has promised to delete the data, but xAI has offered no timeline or proof.

Ron Patel
· 4 min read · 543 views
Grok Build Quietly Uploaded Developers Entire Codebases to xAI Cloud

A security researcher tore open xAI's coding tool and found it quietly mailing entire codebases, secrets included, to the company's own cloud storage.

A developer who goes by Hari on X, handle @hrkrshnn, pulled apart the official binary for Grok Build, xAI's coding assistant, and found something the company had never disclosed. In a controlled session where he never asked the tool to do anything beyond open a project, it uploaded his entire codebase to xAI's cloud storage anyway. He called it a malware-like background code collector, and he published the wire traffic to prove it.

The numbers are what made the finding impossible to wave away. On a 12-gigabyte repository full of files the model never touched, Hari's analysis found the model itself exchanged only about 192 kilobytes of data during the session. The storage channel, separately, moved 5.10 gibibytes. That's a gap of roughly 27,800 times. This wasn't incidental telemetry. It was the whole repository, leaving the machine.

What went out the door was specific: every tracked file at the current Git HEAD, every Git object reachable from that HEAD, and files a developer had deleted but that still lived on in Git history, exactly where engineers tend to leave old API keys and passwords they thought they'd scrubbed. Anyone who committed a secret and later removed it, believing it gone, may have shipped it to xAI regardless.

The findings landed hard partly because they contradicted what xAI had told developers directly. The company's @SpaceXAI account had assured users that enterprise usage carried zero data retention, that code and trace data were never stored. Hari's wire-level analysis said otherwise. The data was going somewhere specific: xAI's own Google Cloud Storage bucket.

How the Leak Was Found

Grok Build shipped with an Improve the Model switch, the kind of control most developers assume governs whether their data leaves the laptop at all. It doesn't. That toggle governs training consent: whether xAI can use your code to improve future versions of the model. Data transmission is a separate question entirely. It has nothing to do with whether the code leaves your machine in the first place. Grok Build exposed only the first control to users. It ran the second regardless of what they chose.

The first crack came from developer Peter Dedene. He noticed his account was returning an undocumented server flag, disable_codebase_upload: true, when he fetched his settings. He also found indirect evidence that eight private repositories had been fully uploaded through Grok. That anomaly sent Hari digging with Codex. The wire capture he published on July 12 turned suspicion into proof, according to Hacker News threads tracking the disclosure.

A Fix Without Proof

The fix arrived fast, about a day later. On July 13, the same 0.2.93 binary stopped making storage requests entirely, and Hari's retesting found zero further uploads. Elon Musk addressed it directly on X. As a precautionary measure, he wrote, all user data uploaded to xAI before now would be completely and utterly deleted.

Saying it and proving it are different things. As of July 14, according to reporting from The Register and TheHackerNews, xAI had published no timeline for that deletion, no way for a developer to confirm their own repository was actually gone, and no accounting of how many users were affected or which repositories got swept up. Musk's promise landed on X. It hasn't landed in a policy document, an audit, or anything a customer could actually check.

The story climbed to the front page of Hacker News on July 14. That's usually where enterprise security teams start paying attention. It's not where a company selling coding tools to enterprise developers wants to be. Every rival assistant, from GitHub Copilot to Anthropic's Claude Code, competes partly on the promise that proprietary code stays where a developer puts it. A single verified leak of committed secrets is the kind of story that follows a product for years.

xAI hasn't said how it will prove the deletion happened. Until it does, any developer who ran Grok Build against a real codebase should treat their API keys, database passwords and cloud tokens as compromised. Rotate them, regardless of what the privacy settings claimed to be doing at the time.

Also read: TYLsemi Raises $43 Million to Give AI Companies an Escape From NvidiaPrime Intellect Raises $130 Million to Let Companies Own Their AI ModelsOllama Just Raised $65 Million to Become AI's Quiet Infrastructure Layer

TOPICS
Ron Patel covers cryptocurrency markets, blockchain developments, and digital asset news for Startup Fortune. With a background in financial journalism and over eight years tracking crypto markets through multiple cycles, Ron brings analytical perspective to Bitcoin, Ethereum, and emerging token ecosystems.
Related Articles
More posts →
Loading next article…
You're all caught up