If you’ve been using xAI’s Grok Build CLI to help you write code, there’s a decent chance your private repository, its full commit history, and any secrets tucked into your .env files took an unplanned vacation to a Google Cloud Storage bucket you never agreed to.

A security researcher known as cereblab recently disclosed that Grok Build CLI version 0.2.93 was silently uploading complete local Git repositories to a GCS bucket called grok-code-session-traces, managed by xAI. The uploads included untracked files, full commit histories, and unredacted secrets. In one documented case, the tool transferred 5.1 GiB of data when roughly 192 KB would have been sufficient for the model to generate a response.

How the leak was discovered

Cereblab captured the rogue uploads using mitmproxy, a tool that intercepts and inspects network traffic between a client and server. The data was being sent through a /v1/storage endpoint, and the uploads happened even during sessions where users had explicitly told the model not to read their files.

A toggle within the CLI designed to let users opt out of their data being used to “improve the model” had zero effect on the upload behavior. The repos were being transferred regardless of that setting.