Grok Build CLI Silently Uploaded Your Entire Git History to xAI Cloud Storage
What Happened
Researcher cereblab, testing xAI's Grok Build coding CLI at version 0.2.93, captured network traffic and found the tool was uploading entire Git repositories — full commit history included — to a Google Cloud Storage bucket operated by xAI. This wasn't limited to the specific files a coding task actually touched. The tool ingested and transmitted the complete repository, then cloned the captured upload to confirm it was intact and accessible.
This behavior was not disclosed in the tool's documentation or onboarding. Users had no reason to believe anything beyond the files under active edit was leaving their machines.
Why It Matters
Git history is not just source code. It is a chronicle of everything that has ever been committed, including material that developers often assume is "gone":
- Rotated secrets: API keys, database passwords, and tokens that were accidentally committed and later removed from the working tree remain in the commit graph. A full history upload recovers them.
- Internal architecture and business logic: Deleted experiments, commented-out endpoints, legacy configs, and internal tooling often live only in old commits.
- Personally identifiable information: Author metadata, email addresses, internal hostnames, and staging environment details accumulate over a repo's lifetime.
Anyone who ran Grok Build against a production repository — especially one with any history of secrets in commits, even cleaned-up secrets — should treat that history as potentially in xAI's possession. The destination was a GCS bucket controlled by xAI, not a sandboxed local process. The exposure window and retention policy are currently unknown.
The broader concern is precedent: AI coding assistants are increasingly trusted with repository access, and this incident demonstrates that "reads files to answer questions" can quietly mean "transmits everything, always."
What to Do
Immediately:
- Stop using Grok Build until xAI publishes a clear statement on what data was collected, how long it is retained, and whether this behavior has been patched.
- Audit your git history for any repository you ran Grok Build against:
git log -p | grep -iE 'password|secret|token|key|api'. Tools like truffleHog orgit-secretscan accelerate this scan. - Rotate every secret that appears in git history — not just the current value, but any value that ever appeared in a commit, regardless of when it was removed.
- Check GCS access logs if you are an xAI enterprise customer with any visibility into the bucket in question.
Longer term:
- Treat any AI coding assistant with repository-level access as a potential data egress path. Review network traffic from these tools before trusting them with sensitive codebases.
- Consider running AI coding tools in network-restricted environments or against sanitized repository copies when proprietary code or credentials are involved.
xAI has not issued a public advisory or patch notice at time of writing. Monitor their official channels for a response.
Synthesized by Claude · sanity-checked before publish.