AI coding assistants have exploded in popularity, promising developers enhanced productivity and faster development cycles. However, a recent discovery involving xAI's Grok Build coding CLI raises serious concerns about data privacy and security practices in these emerging tools.

Security researcher cereblab recently uncovered troubling behavior in xAI's Grok Build coding CLI, version 0.2.93. The tool, designed to assist with coding tasks, was found to be uploading entire Git repositories—including complete commit histories—to xAI's Google Cloud Storage buckets. This behavior goes far beyond what users would reasonably expect, as the tool was not just uploading the specific files needed for a given task but rather exfiltrating entire codebases without user knowledge or consent. In one alarming demonstration, the researcher successfully intercepted an upload, cloned the git bundle, and retrieved a file that the AI assistant had been explicitly instructed not to access.

This discovery affects any developer or organization using the Grok Build