Grok Build Repository Upload Scandal: Researcher Confirms Privacy Mode Cannot Stop It

Grok Build Repository Upload Scandal: Researcher Confirms Privacy Mode Cannot Stop It
Grok Build was found to silently upload entire local repositories to Google GCP storage buckets, raising concerns about leaked credentials, API keys, and possible use of the data for future model training. SpaceXAI claimed privacy mode could stop the behavior, but @Cereblab showed that repository uploads were controlled separately by a cloud-issued HTTP request header, not the /privacy command. #GrokBuild #SpaceXAI #Cereblab #GoogleGCP

Keypoints

  • Grok Build was observed sending full local repositories to cloud storage without explicit permission.
  • Repository uploads could expose credentials, API keys, and other sensitive project data.
  • SpaceXAI said developers could use /privacy, but that setting only affects telemetry sharing.
  • @Cereblab found that a cloud HTTP request header controlled full repository uploads.
  • SpaceXAI later disabled repository uploads server-side, but the client-side control issue remains unresolved.

Read More: https://securityonline.info/grok-build-repository-upload-privacy/