SpaceXAI's coding agent, Grok Build CLI, has been quietly exfiltrating users’ entire private git repositories to internal Google Cloud storage by default.

An independent security researcher using the GitHub handle "cereblab" published analysis on Saturday suggesting the Grok Build CLI captured user's entire git repositories and history and shipped it back to xAI.

Two Grok Build CLI users told The Stack that after reviewing their logs, they observed what they believe were private repos being exfiltrated without their knowledge.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in