The Grok Build CLI, a tool from xAI, has been found to upload entire code repositories, including full Git history and sensitive .env files, to xAI's cloud. This data exfiltration occurs even when users explicitly opt out or instruct the tool not to read files. The tool's "Improve the model" setting, which governs training data, does not prevent these uploads. Evidence suggests that sensitive information like API keys and database passwords are sent verbatim. AI
IMPACT Raises significant concerns about data privacy and security for developers using AI-powered development tools.
RANK_REASON A security vulnerability in a specific tool that leads to unintended data exfiltration.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →