The Hacker NewsWednesday · July 15, 2026FREE

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

grokxaiprivacysecurityai-coding

A security researcher discovered that Grok Build, an AI-powered coding assistant developed by xAI, uploads entire Git repositories to xAI's cloud storage, rather than only the specific files it accesses or reads. This means that when a developer uses Grok Build on a project, the complete repository—including all commit history, branches, and potentially sensitive data such as API keys, passwords, or proprietary code—is transmitted to xAI's servers. The researcher demonstrated this behavior by monitoring network traffic during a Grok Build session, showing that the tool sends the entire .git directory contents. This practice significantly expands the data exposure beyond what users might expect, as typical AI coding tools only send the files being edited or queried. The finding highlights a potential privacy and security risk for developers who use Grok Build, especially those working on proprietary or sensitive projects. xAI has not yet publicly commented on the issue or announced any changes to the tool's behavior.

// why it matters

Developers using Grok Build may unknowingly expose entire repository histories, including secrets, to xAI's servers.

Sources

Primary · The Hacker News
▸ Read original at thehackernews.com

Like this? Get the next digest.