You guys have to read about what happened with Grok Build because it's genuinely alarming on a data-security level. Cereblab published findings on Monday showing that the Grok Build CLI was packaging and uploading entire user codebases to Google Cloud β€” including files it was explicitly told not to open, and even secrets that had been deleted from version history! That means every repo an engineer ever touched could have ended up in their cloud storage, which is a massive no for any professional codebase. The team at Cereblab caught this before the company officially acknowledged it, and they're pointing out exactly why the upload was so over-reaching compared to something like Claude Code that actually respects boundaries.

Elon Musk responded on X saying all previously uploaded data will be "completely and utterly deleted" and claimed privacy settings are always respected while simultaneously asking users to allow SpaceXAI to retain their data because it's helpful for debugging β€” which feels a little convenient given the circumstances. A security researcher at King's College London called this level of retention excessive, warning that exposed data could include proprietary source code, vulnerability info, personal details, and even credentials. The company also tried to point users toward the /privacy command in the CLI as the fix, but Cereblab correctly noted that it's just a per-session toggle and not the actual switch that was flipped to disable codebase uploads. So yeah, if you use Grok Build for anything professional, keep your eyes open about what they pull over the wire next.

Source: https://www.theverge.com/ai-artificial-intelligence/965600/spacexai-grok-build-repository-upload