Grok Build, the command-line coding tool from Elon Musk's SpaceXAI, was quietly uploading developers' entire code repositories to the cloud without clear consent, according to a security researcher whose analysis reached the front page of Hacker News and drew a response from Musk himself. What could have been a niche developer-tooling complaint has turned into one of the more pointed AI privacy stories of the week, because of both what the tool did and how far it went beyond what the job required.
The wire-level analysis, published July 12, found that Grok Build was not simply reading the files it needed to complete a task. It was packaging up whole tracked Git repositories, including full commit history and any secrets that had been committed along the way, and sending them to a Google Cloud Storage bucket. The researcher measured the volume of data leaving a machine at roughly 27,800 times more than the coding work actually called for, with one upload reported at several gigabytes. The most uncomfortable finding was that the privacy toggle a user might have relied on to prevent exactly this did nothing to stop the uploads.
That detail is what turns a data-handling story into an active security problem. Committed secrets are not hypothetical, they routinely include real API keys, database passwords, and cloud access tokens that developers accidentally checked into a repository at some point. The practical guidance from the researchers is blunt, anyone who ran Grok Build on a codebase containing credentials should treat those credentials as potentially exposed and rotate them, regardless of what the privacy settings appeared to promise at the time.
The reaction was fast once the analysis hit Hacker News. Musk posted that, as a precautionary measure, all user data that had been uploaded to SpaceXAI before now would be completely and utterly deleted. Company staff added that Grok Build had supported zero data retention since launch, and that users could run a privacy command to opt out and trigger deletion of previously synced data. The researcher pushed back on that account, arguing that the privacy command was only a per-session retention toggle rather than the thing that actually closed the hole. The real fix, according to that account, was a silent server-side flag, disable codebase upload set to true, applied globally rather than something users had to find and switch themselves.
Why it matters reaches past one tool and one company. AI coding assistants work by ingesting your code, which makes the question of what happens to that code afterward central rather than a footnote. This case is a stark example of the gap between what a tool's privacy controls appear to promise and what the software is actually doing on the wire, and of how quickly secrets committed to a repository can end up somewhere you never intended to send them. As more developers wire agentic coding tools into their daily work, knowing where your source code goes, and whether you can genuinely turn that off, is fast becoming one of the first things worth checking before you run one.
