Grok AI Coding Tool Uploaded User Codebases to Cloud

AI | The Verge· July 14, 2026 View original

Summary

SpaceXAI's Grok Build AI coding tool was found uploading entire user code repositories, including sensitive data, to Google Cloud. After researchers reported the issue, the company disabled the codebase upload feature.

A significant security vulnerability was discovered in SpaceXAI's Grok Build AI coding tool. Researchers from Cereblab found that the tool's command-line interface was automatically packaging and transmitting complete user codebases to Google Cloud storage. This included files explicitly marked for exclusion and even sensitive information that had been removed from version control history. The data retention practices were notably more extensive than those of comparable AI coding assistants. Upon public disclosure of these findings, SpaceXAI promptly addressed the issue. Subsequent tests confirmed that the company had implemented a fix, with its servers now indicating that the codebase upload functionality has been disabled. This swift action mitigated the immediate data leakage risk.

Why it matters

This incident highlights critical data security and privacy concerns associated with AI development tools, emphasizing the need for rigorous vetting of third-party services that handle proprietary code.

How to implement this in your domain

  1. 1Conduct thorough security audits on all third-party AI development tools before integration.
  2. 2Implement strict data governance policies for code repositories, especially when using external AI services.
  3. 3Utilize network monitoring to detect unauthorized data egress from development environments.
  4. 4Educate development teams on the potential risks of AI tools accessing sensitive code and data.
  5. 5Maintain isolated development environments for projects involving highly sensitive intellectual property.

Who benefits

Software DevelopmentCybersecurityFinTechLegalDefense

Key takeaways

  • AI coding tools can pose significant data security risks if not properly vetted.
  • Grok Build was found uploading entire codebases, including sensitive data, to the cloud.
  • The company disabled the problematic feature after the issue was reported.
  • Organizations must exercise extreme caution when integrating AI tools that access proprietary code.

Original post by AI | The Verge

"SpaceXAI's Grok Build AI coding tool was spotted uploading users' entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and uploading ent…"

View on X

Originally posted by AI | The Verge on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses