Article URL: https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/ Comments URL: https://news.ycombinator.com/item?…

xAI appears to have shut off the mechanism that let its Grok Build CLI upload complete developer repositories to company-controlled cloud storage, according to follow-up testing by the security researcher who exposed the behavior. The fix arrived as a hidden server-side flag, with no advisory, no statement, and no answer on what happens to code already collected. The findings come from a researcher publishing under the handle cereblab, who routed Grok Build CLI version 0.2.93 through the interception proxy mitmproxy on macOS and released the captures as a public gist. The analysis showed the client bundling the entire tracked repository, full Git history included, and uploading it to a Google Cloud Storage bucket named grok-code-session-traces. The upload ran independently of the files the agent actually opened for its coding task. The numbers make that distinction concrete. On a 12 GB test repository, the model request channel moved about 192 KB of task-relevant traffic. The storage upload moved roughly 5.1 gigabytes. The tool was not sending what it needed to answer the developer. It was sending the codebase. A canary credential the researcher planted in a .env file appeared verbatim and unredacted in the captured traffic. And because the CLI uploaded whatever repository it ran in, any team that pointed it at a private or proprietary codebase handed xAI an undisclosed copy of its source history, credentials, and secrets along with it. Grok Build ships with an "Improve the model" toggle that most developers would read as a data-collection control. Disabling it did not stop the uploads. Server responses still returned trace_upload_enabled: true, and the repository transfer proceeded as normal. The setting governs training consent, not whether code leaves the machine. Neither the storage bucket nor the upload behavior appears in Grok Build's setup documentation, according to coverage of the analysis, which also notes xAI had marketed the tool as local-first. A day after the report went public, the researcher retested the same 0.2.93 client and found the server now returning disable_codebase_upload: true alongside trace_upload_enabled: false. Across six retests, no repository uploads were observed. That points to a deliberate server-side mitigation rolled out after the exposure, flipped remotely and invisibly. The caveats cut both ways. The mitigation has been verified on one machine and one account, so there is no confirmation it is global, staged, or permanent. At the same time, the researcher is explicit that the captures do not prove xAI trained on the uploaded code, that employees viewed it, or that every account received the same configuration. This is a finding about undisclosed collection, not confirmed misuse.