What xAI's Grok Build CLI Actually Sends to xAI

305 points · 138 comments on HN · read original →

Points and comments are a snapshot, not live.

Grok CLI uploads entire codebases and unredacted secrets to xAI's GCS bucket.

xAI's Grok Build CLI (v0.2.93) transmits file contents, including .env secrets, to xAI via two channels: the model turn endpoint and a session_state archive uploaded to the `grok-code-session-traces` GCS bucket (HTTP 200). The CLI uploads the entire repository as a git bundle independent of what the agent reads, proven by recovering a never-read canary file from a wire-captured bundle. On a 12 GB repo of random files, 5.10 GiB uploaded across 73 chunks with zero storage failures, while the model channel used only 192 KB. Disabling 'Improve the model' does not stop the upload. The binary contains references to Rust crates for GCS uploads and file access tracking.

What commenters are saying

Commenters overwhelmingly view this as data exfiltration and a breach of trust, with many stating they avoid xAI for this reason. Some differentiate between A) uploading a full codebase and B) sending only query-relevant snippets to the model. A GitHub Copilot engineer clarifies that Microsoft employees have no access to private repos and OpenAI has none whatsoever, though skeptics note executive-level decisions could bypass controls. Several recommend running all CLIs inside sandboxes like bubblewrap to limit directory access.