xAI's Grok Build coding tool was automatically uploading entire code repositories to external cloud storage — without user awareness or explicit consent. On July 14, 2026, researchers at Cereblab published findings showing the Grok Build command-line interface (CLI?CLI: Command-line interface — a text-based tool operated from a terminal, without a graphical user interface.) was packaging and sending complete project directories to Google Cloud, including files explicitly marked for exclusion by the user and sensitive data deleted from repository history.
Key takeaways
- Grok Build CLI was automatically uploading entire repositories to Google Cloud without notifying users
- The scope included excluded files and secrets deleted from git history
- Cereblab researchers confirmed the upload was stopped server-side by xAI on July 14, 2026
- Elon Musk promised on X that all previously uploaded data will be "completely and utterly deleted"
An independent security researcher at King's College London described the level of data retention as "excessive"
The scope of the issue
Grok Build is xAI's coding agent tool, positioned as a competitor to Anthropic's Claude Code and GitHub Copilot. Like similar tools, it runs as a terminal-based coding agent that communicates with Grok models via API. The standard in this class of tools is limited context transfer — typically only the fragments of the file currently being edited — not entire project trees.
Cereblab's report showed Grok Build's behavior far exceeded that standard. The CLI was sending the full contents of the working directory to xAI's servers, including binary files, configuration files containing API keys, .git folders with full commit history, and files placed by the user in exclusion lists (the equivalent of .gitignore). In other words: data the user had deliberately removed from repository history could still end up in xAI's infrastructure.
Dr. Lukasz Olejnik, an independent security researcher at King's College London, confirmed to The Verge that this level of data retention was "excessive." He noted that the data potentially at risk included "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, and credentials."
xAI and Musk's response
After Cereblab's report was published, xAI disabled the upload mechanism server-side — researchers verified this on July 14, 2026, observing the API returning a disable_codebase_upload: true flag.
Elon Musk responded to the incident in an X post, promising that all previously uploaded data would be "completely and utterly deleted." At the same time, xAI published a statement pointing to the /privacy CLI command as an opt-out mechanism. Cereblab disputed this characterization, noting that /privacy is a per-session retention toggle and had no connection to the actual fix. In other words, the company pointed to a tool that was not the one that stopped the uploads.
Musk simultaneously asked users to consent to continued data retention by xAI, arguing it is "helpful for debugging issues." This request appeared directly after publicly promising deletion — creating an incoherent message for users whose trust had already been compromised.
Context: coding tools and data privacy
The Grok Build incident fits a broader pattern of tensions between the growing capabilities of AI coding tools and the protection of proprietary source code. Anthropic was previously criticized for a hidden user-tracking mechanism in Claude Code (a steganographic marker in the system prompt, described as an "experiment"). GitHub Copilot has long been a concern for enterprises worried about intellectual property exfiltration.
In the case of Grok Build, the problem is particularly acute for several reasons: the tool is relatively new and has not had time to build developer trust, the scope of data being transmitted was unusually wide, and the mechanism operated by default — without explicit user consent. For companies employing developers who use AI coding tools, this incident is a warning signal: the default behavior of such tools can be far broader than documentation suggests.
Why this matters
The Grok Build incident exposes a systemic problem in the AI coding tools segment: a lack of transparency about what data is actually transmitted to provider servers. Users of these tools typically operate in environments where code constitutes protected intellectual property — containing infrastructure secrets, API keys, unpublished algorithms. Silent extraction of entire repositories without consent is not a configuration bug; it is a design decision with potentially serious legal consequences for xAI, particularly in GDPR or CCPA?CCPA: California Consumer Privacy Act — California state law regulating how businesses collect and use personal data of residents, in effect since 2020. jurisdictions. The fact that Musk simultaneously promised data deletion and requested consent for continued storage signals internal contradictions in the company's crisis communication. The AI coding tools industry urgently needs standardized data retention policies with clear, enforceable mechanisms — not options buried behind CLI flags accessible only to advanced users.
What's next
- xAI has not published a technical audit or timeline for verifying data deletion — the absence of this information maintains pressure on the company, particularly in the context of GDPR in Europe
- Cereblab announced it will continue monitoring Grok Build CLI behavior in future versions
- The incident may accelerate industry-level discussions on data retention standards for AI coding tools — a similar conversation followed the Claude Code controversies in July 2026





