← All stories
● Covered by 1 source Β· 1 reportHigh impact

xAI's Grok Build CLI Sends Sensitive Data to xAI Servers

Aggregated by BrevFeed dev Β· updated 1h ago
πŸ”– Save

xAI's Grok Build CLI transmits sensitive file contents, including secret variables, to its servers. It uploads entire repositories independently of the files actually accessed, raising significant privacy concerns regarding user data handling.

Key points

Transmission of Sensitive Data

The xAI Grok Build CLI has been found to transmit the contents of files, including sensitive data from .env secrets files, to xAI servers. This occurs during normal consumer logins, where data is sent through both the live model interaction and during session state uploads.

Complete Repository Uploads

In addition to sending file contents, Grok uploads the entire repository, including all tracked files and git history. This behavior was evidenced when prompts instructing the agent to refrain from reading files still resulted in the complete repository being uploaded.

Storage Mechanism Identified

The uploaded data is stored in a Google Cloud Storage bucket specifically named grok-code-session-traces. This storage method was not disclosed in the CLI's documentation, and the feature is active by default even if users disable related settings.

Implications for User Privacy

While the findings do not confirm that xAI trains on the transmitted data, they highlight a significant lack of transparency in data handling practices within the Grok Build CLI. The persistent upload of sensitive data without user consent raises privacy concerns that may affect user trust in xAI.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub cmc_internal/api GitHub github/collect GitHub cereblab/dc9a40bc26120f4540e4e09b75ffb547 GitHub _private/browser GitHub get-started/accessibility GitHub auth/github

Reporting from

xAI's Grok Build CLI transmits sensitive file contents, including secret variables, to its servers. It uploads entire repositories independently of the files actually accessed, raising significant privacy concerns regarding user data handling.