Grok Build CLI exfiltrates repositories, secrets
A wire-level traffic analysis of xAI's official Grok Build CLI (version 0.2.93) shows that the developer tool uploads a full git bundle of the user's workspace—including the complete git history and files the agent was told not to read—to a Google Cloud Storage bucket named `grok-code-session-traces`. Additionally, the CLI transmits the contents of read files, including sensitive `.env` secrets, without redaction to both the model endpoint and a session state archive. This data exfiltration behavior continues even when the "Improve the model" toggle is disabled, as the server still returns settings that enable trace and session uploads.
Hot take: Disguised as a standard coding assistant, the Grok Build CLI behaves more like codebase-exfiltration malware by aggressively harvesting entire repositories and unredacted secrets regardless of user opt-out settings.
- –**Verbatim Secrets Leak**: The CLI transmits `.env` secrets entirely unredacted to model endpoints and session state archives.
- –**Repository Bundling**: The CLI packages the entire workspace, including tracked files and git history, into a git bundle and uploads it to xAI's storage.
- –**Ignored Opt-Outs**: Turning off "Improve the model" in the account settings does not stop the repository bundle or session trace uploads.
- –**Undocumented Destination**: Codebases are sent to a GCS bucket (`grok-code-session-traces`), a backend mechanism not disclosed in the CLI's installation or setup documentation.
DISCOVERED
1h ago
2026-07-12
PUBLISHED
4h ago
2026-07-12
RELEVANCE
AUTHOR
jhoho