PulseAugur
EN
LIVE 19:01:56

xAI's Grok Build CLI uploads sensitive user data, including Git history and secrets

The Grok Build CLI, a tool from xAI, has been found to upload entire code repositories, including full Git history and sensitive .env files, to xAI's cloud. This data exfiltration occurs even when users explicitly opt out or instruct the tool not to read files. The tool's "Improve the model" setting, which governs training data, does not prevent these uploads. Evidence suggests that sensitive information like API keys and database passwords are sent verbatim. AI

IMPACT Raises significant concerns about data privacy and security for developers using AI-powered development tools.

RANK_REASON A security vulnerability in a specific tool that leads to unintended data exfiltration.

Read on r/LocalLLaMA →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

xAI's Grok Build CLI uploads sensitive user data, including Git history and secrets

COVERAGE [1]

  1. r/LocalLLaMA TIER_1 English(EN) · /u/TastyLeadership2757 ·

    Grok Build CLI uploads your whole repo — full git history + .env secrets — to xAI's cloud, and the opt-out doesn't stop it (wire-captured)

    <!-- SC_OFF --><div class="md"><p>I ran Grok Build CLI (v0.2.93) through mitmproxy. It uploads your <strong>entire repo as a git bundle (full history)</strong> to xAI's Google Cloud — independent of what you open. With the prompt literally <em>&quot;do not read or open any files,…