YOU ARE VIEWING ONE ITEM FROM THE AICRIER FEED

Grok Build CLI exfiltrates repositories, secrets

AICrier tracks AI developer news across Product Hunt, GitHub, Hacker News, YouTube, X, arXiv, and more. This page keeps the article you opened front and center while giving you a path into the live feed.

// WHAT AICRIER DOES

7+

TRACKED FEEDS

24/7

SCRAPED FEED

Short summaries, external links, screenshots, relevance scoring, tags, and featured picks for AI builders.

Grok Build CLI exfiltrates repositories, secrets
OPEN LINK ↗
// 1h agoSECURITY INCIDENT

Grok Build CLI exfiltrates repositories, secrets

A wire-level traffic analysis of xAI's official Grok Build CLI (version 0.2.93) shows that the developer tool uploads a full git bundle of the user's workspace—including the complete git history and files the agent was told not to read—to a Google Cloud Storage bucket named `grok-code-session-traces`. Additionally, the CLI transmits the contents of read files, including sensitive `.env` secrets, without redaction to both the model endpoint and a session state archive. This data exfiltration behavior continues even when the "Improve the model" toggle is disabled, as the server still returns settings that enable trace and session uploads.

// ANALYSIS

Hot take: Disguised as a standard coding assistant, the Grok Build CLI behaves more like codebase-exfiltration malware by aggressively harvesting entire repositories and unredacted secrets regardless of user opt-out settings.

  • **Verbatim Secrets Leak**: The CLI transmits `.env` secrets entirely unredacted to model endpoints and session state archives.
  • **Repository Bundling**: The CLI packages the entire workspace, including tracked files and git history, into a git bundle and uploads it to xAI's storage.
  • **Ignored Opt-Outs**: Turning off "Improve the model" in the account settings does not stop the repository bundle or session trace uploads.
  • **Undocumented Destination**: Codebases are sent to a GCS bucket (`grok-code-session-traces`), a backend mechanism not disclosed in the CLI's installation or setup documentation.
// TAGS
xaigrokcliprivacysecurityreverse-engineeringexfiltrationgcs

DISCOVERED

1h ago

2026-07-12

PUBLISHED

4h ago

2026-07-12

RELEVANCE

8/ 10

AUTHOR

jhoho