SpaceXAI's Grok Build Caught Uploading Entire Code Repositories, Raising Privacy Concerns
July 14, 2026
The privacy toggle intended to prevent transmission did not work in reports, adding to Grok’s privacy issues and allegations of training on user data without consent, flagged as a potential EU breach.
Cereblab’s report reveals that full file contents and Git histories, including secrets deleted months earlier, were transmitted, and in some cases an entire user directory with SSH keys and password managers was uploaded.
An independent security analysis of CLI version 0.2.93 shows the tool uploaded the entire tracked codebase and secrets to a storage bucket, far exceeding the coding task’s needs.
Musk’s broader AI vision emphasizes progress, transparency, and safety, with data deletion as a focal point amid debates on how future platforms should manage user information.
The incident underscores risks to developers’ sensitive information when using AI-assisted coding tools and the need for robust data-retention safeguards.
Grok Build, SpaceXAI's coding assistant, was found to upload users’ entire repositories and Git histories to Google Cloud Storage during task processing, not just the requested data.
xAI later released a /privacy command to opt out of data retention, but independent testing found this did not stop uploads; the effective fix was a server-side flag disable_codebase_upload: true.
Looking ahead, future AI platforms may offer clearer data permissions, automatic deletion options, and enhanced transparency tools to satisfy user demands for control over personal information.
Ongoing questions remain about why full repositories were uploaded by default, how long data was kept, and how many users were affected; a training opt-out does not guarantee data stays local.
While Musk did not provide detailed technical specifics about deletion, the move signals a stronger emphasis on user data control amid privacy, security, and data-management scrutiny.
Overall, Grok Build has stopped full-repo uploads, but concerns persist about default data-retention practices and the need for a clearly documented privacy posture.
The teardown notes there is no claim that the data was used for training or read by staff, but tracked files and history were transmitted and stored.
Summary based on 8 sources
Get a daily email with more Tech stories
Sources

The Next Web • Jul 14, 2026
Grok Build was uploading entire Git repositories to xAI’s cloud, including committed secrets
The Hacker News • Jul 14, 2026
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
Cybernews • Jul 14, 2026
Grok slurping secrets from private repos, xAI scrambles to fix it
The Verge • Jul 14, 2026
SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage