Data privacy
Grok Build was uploading entire codebases to the cloud. Musk says the data is safe now.
SpaceXAI's Grok Build CLI was uploading entire codebases to cloud storage. Elon Musk says all previously uploaded data will be deleted, but the incident exposes just how much AI coding tools can quietly collect.
Emmanuel Fabrice Omgbwa Yasse AI-assisted
2026-07-17 · 2 min read

SpaceXAI's Grok Build CLI tool was packaging and uploading users' entire code repositories to Google Cloud, including files it was told to ignore and secrets deleted from git history, according to cybersecurity firm Cereblab. The company has now disabled the upload feature after the findings were made public. It is a stark reminder that AI coding tools with CLI-level access can collect far more than developers realize, as Cursor 2.0's agent-first environment demonstrates.
The researchers reported on Monday that SpaceXAI's servers now return a disable_codebase_upload: true flag, and the codebase upload "no longer fires." The amount of data retained was significantly more than similar tools like Claude Code typically handle, a disparity made more pointed when you consider the difference between upload-all and selective retention approaches, like those documented in Gartner's first coding agent evaluation.
Elon Musk responded on X, claiming all previously uploaded data will be "completely and utterly deleted." He also asked users to allow SpaceXAI to retain their data, saying it's "helpful for debugging issues," and insisted that "privacy settings are always respected." The contradictory messaging does little to reassure developers who now wonder what other default behaviors might be collecting sensitive material, an issue that mirrors concerns raised in Anthropic's teacher co-pilot privacy rules.
Dr. Lukasz Olejnik, an independent security researcher at King's College London, confirmed to The Verge that this level of data retention is "excessive." He warned that the data potentially at risk could include "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials." The scope of what was exposed puts the incident alongside the scrutiny applied to other large-scale AI data handling practices, as seen in MiniMax's reward-hacking safety breakdown.
SpaceXAI initially responded by pointing users to the /privacy command, which it said could disable data retention and delete previously synced data. However, Cereblab countered that /privacy is a "per-session retention toggle", not the switch that fixed the upload issue, and that it should not have been pointed to as the control. This sort of misdirection is harder to pull off when a developer's workflow is already configured for agent orchestration, as tinker-atropos's RL integration shows by keeping experiments transparent and controllable.
The incident raises serious questions about what data AI coding tools are collecting and storing by default, especially when they operate with CLI-level access to a user's entire development environment. For developers who used Grok Build, the prudent step now is to rotate credentials and audit any secrets that may have been exposed, a lesson reinforced by the group chat's role as a proving ground for agent safety.
Get the tech essentials in 3 minutes every morning
One email, every weekday, with what actually matters in AI and tech.