Grok Build reportedly uploaded full Git repositories; xAI clarifies retention controls
A researcher reports that Grok Build CLI 0.2.93 uploaded full Git repositories. xAI says /privacy opt-out stops retention and deletes synced data.
What happened
Event details
On July 10, 2026, Pacific Time, independent researcher cereblab published a network analysis and reproduction project for Grok Build CLI 0.2.93 on macOS ARM64 using a standard consumer account. Even when instructed only to reply and not read files, the agent sent a Git bundle to an xAI storage endpoint; restoring it revealed tracked probe files the agent had not read and the repository's full commit history. The analysis distinguished file content the agent actively reads, which may enter model requests and session archives, from a repository-state channel that packages and uploads the Git repository. The researcher also reported that simulated .env content entered a request and archive without redaction after the agent read it. The work did not show that xAI used uploaded material for training or that employees accessed it, and it did not fully establish whether ignored, never-committed files were included. Reproduction attempts stopped succeeding around July 12, possibly because of server-delivered configuration. On July 13, xAI's @SpaceXAI account said teams with zero data retention enabled keep neither traces nor code data and that API-key use follows the same policy. For other users, xAI said /privacy opt-out disables retention and deletes previously synced data when the setting changes. The response did not explain consumer defaults, which versions or accounts used full-repository upload, whether deletion covers backups and logs, how users can verify backend deletion, or whether the setting stops transmission rather than retention alone. The deletion promise is therefore an official claim, not independently audited proof. Preliminary reverse engineering indicates that Grok Build 0.2.101 removed the relevant logic.
Assessment
Why it matters
Full local source code and Git history leaving a developer's device can expose private repositories, historical secrets, trade secrets and regulated data. xAI's response underscores the need for cloud coding agents to disclose upload scope, defaults and deletion behavior clearly.
Availability
Access notes
Grok Build remains publicly available. xAI says zero-data-retention teams and API-key use retain neither traces nor code, while /privacy opt-out disables retention and deletes synced data for other users. No independently verifiable deletion record is public, and xAI has not said whether the setting also prevents transmission.