The Grok Leak: Why xAI’s Coding Assistant Just Became a Security Nightmare

Grok: A quiet background script bypassed user privacy choices, packing up entire corporate codebases and raw passwords to ship them off to a public cloud bucket.

If you have used Elon Musk’s xAI “Grok Build” command-line tool to help write or debug your software recently, you need to stop what you are doing. A severe security disclosure has revealed that the tool wasn’t just reading code to offer suggestions—it was quietly zipping up entire local development folders and sending them back to xAI’s servers, along with your most sensitive corporate secrets.

The Catch: 5 Gigabytes of Stolen Data

The breach of trust was brought to light by an independent security researcher who goes by the name cereblab. Suspicious of how much background activity the Grok CLI was generating, the researcher used a network monitoring tool to intercept the traffic passing between their computer and the internet.

What they found was alarming. The tool (specifically version 0.2.93) was using a hidden backdoor endpoint to upload massive amounts of data to a Google Cloud storage bucket named grok-code-session-traces.

This wasn’t just a snippet of text here and there. The tool was scraping entire Git repositories. It took the full history of every change ever made to the code, files that hadn’t even been saved yet, and—worst of all—unredacted environment configuration files. These files are where developers temporarily store raw API keys, main database passwords, and internal encryption tokens.

The sheer greediness of the script was stunning. In one verified instance, a developer asked Grok a simple programming question that should have required a tiny 192-kilobyte text snippet of context. Instead, the CLI secretly exfiltrated 5.1 gigabytes of data from the user’s hard drive.

The Illusion of Control

What makes this situation deeply unsettling isn’t just a technical bug; it is the deliberate bypassing of user settings.

Modern development tools usually feature a privacy switch that says something like, “Allow us to use your data to train our models.” Most security-conscious companies require their employees to turn this setting off immediately to protect company secrets.

The researcher discovered that Grok completely ignored this button. Even when developers flipped the switch to opt out, and even when they typed explicit text instructions telling the AI not to look at their local files, the background script ran anyway. The repository was packed up and shipped to the cloud regardless of what the user chose.

Privacy SafeguardWhat Developers ExpectedThe Reality
“Improve the Model” Opt-Out SwitchYour code stays local and secure on your hard drive.Ignored. The background upload script triggered anyway.
Direct Chat InstructionsThe AI respects your boundaries and ignores surrounding files.Ignored. Hidden scripts packaged the folders regardless.
Data EfficiencySend only the code relevant to the question.Massive Exfiltration. Transferred gigabytes of data including hidden keys.

The Silent Patch and the Missing Apology

Once the flaw became public, xAI acted quickly, but very quietly. They disabled the rogue upload feature on their servers and pushed out a new update that includes a manual switch called disable_codebase_upload.

Yet, the company has chosen total silence over transparency. There has been no public announcement, no formal apology, and no warning sent to affected software engineers. Because xAI is staying quiet, the developer community is left dealing with massive lingering risks:

  • Who is affected? We still do not know how many thousands of software teams had their private code exposed.
  • Is the data gone? xAI has given no confirmation that the stolen files have been securely erased from their cloud buckets.
  • Can we trust the fix? The new patch lacks any kind of visible log or verification screen. Developers simply have to blindly trust that the new button works, despite the last one failing completely.

The Emergency Checklist for Engineering Teams

If you or anyone on your team has run the Grok Build tool, you cannot afford to wait for xAI to send an email. You must treat your entire development environment as compromised.

First, change every password and key. Any token, AWS key, or database password that was sitting in your environment configuration files must be rotated immediately.

Second, start watching your network. Do not blindly trust any AI assistant, whether it comes from xAI, GitHub, or any other startup. Use network proxies to see exactly what data these tools are sending out into the world.

The promise of AI is speed, but if that speed comes at the cost of corporate espionage and leaked credentials, the price is simply too high to pay.