SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage


SpaceXAI’s Grok Build AI coding tool was spotted uploading users’ entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and uploading entire code repositories, “including files it was told not to open and secrets deleted from history,” significantly more data retention than similar tools like Claude Code.

The researchers say that as of Monday, their tests show SpaceXAI’s servers returning a “disable_codebase_upload: true” flag, and the codebase upload “no longer fires.”

Elon Musk responded to the incident in a post on X claiming that all data Grok Build previously uploaded will be “completely and utterly deleted.” Musk also said in a separate post that “privacy settings are always respected,” but asked users to allow SpaceXAI to retain their data, saying it’s “helpful for debugging issues.”

Dr. Lukasz Olejnik, an independent security researcher at King’s College London, confirmed to The Verge that this amount of data retention is “excessive,” adding that the data potentially at risk could include “proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials.”

SpaceXAI initially responded to the issue with a post saying that, “If [zero data retention] is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data.” However, Cereblab points out that “/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn’t be pointed to as the control.”



Source link

  • Related Posts

    Don’t Repeat NY’s 3D Printing Blunder

    This year the state of New York had the dubious honor of being the first to pass a controversial provision to mandate all 3D printers come with surveillance and censorship.…

    Microsoft Patches a Record 570 Security Flaws – Krebs on Security

    Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    My GOAT book now has updated software/AI

    My GOAT book now has updated software/AI

    Don’t Repeat NY’s 3D Printing Blunder

    Don’t Repeat NY’s 3D Printing Blunder

    Trump Drops Plan to Charge Ships Fees in the Strait but Will Restore Blockade: Iran War Live Updates

    Trump Drops Plan to Charge Ships Fees in the Strait but Will Restore Blockade: Iran War Live Updates

    ‘I broke the law,’ former Manitoba MP Inky Mark says after police seize over 400 firearms

    ‘I broke the law,’ former Manitoba MP Inky Mark says after police seize over 400 firearms

    Emirates Completes 100th Aircraft Retrofit In $5B Fleet Makeover Project

    Emirates Completes 100th Aircraft Retrofit In $5B Fleet Makeover Project

    A Developer Chat on Turmoil’s New DLC and the Game’s Past, Present and Future

    A Developer Chat on Turmoil’s New DLC and the Game’s Past, Present and Future