xAI's Grok CLI Caught Secretly Uploading Entire Codebases and Unredacted Secrets to xAI Servers, Opt-Out Toggle Ineffective
Summary
xAI's Grok Build CLI is secretly uploading entire codebases — including unredacted secrets files — to xAI servers, with wire captures confirming gigabytes transferred from files the tool never even accessed, and the opt-out toggle proven completely ineffective at stopping the uploads.
Key Points
- xAI's Grok Build CLI (version 0.2.93) transmits the full contents of files it reads — including .env secrets files — unredacted to xAI via two channels: the live model API endpoint and a persistent Google Cloud Storage bucket called grok-code-session-traces.
- Beyond files the agent actively reads, Grok uploads the entire repository as a git bundle to xAI's storage infrastructure regardless of what the model accesses, with wire captures confirming 5.10 GiB transferred from a 12 GB repo of never-read files, and a never-read canary file recovered verbatim from the uploaded bundle.
- The 'Improve the model' opt-out toggle does not stop the codebase upload — server settings continued returning trace_upload_enabled: true after opting out — meaning the only confirmed way to block the whole-repo upload is the local config flag disable_codebase_upload: true, which xAI has since enabled server-side following public disclosure.