July 13, 2026
Ctrl+C, Ctrl-Cloud
xAI's Grok Build CLI Uploads Git Repositories to a Google Cloud Bucket
After a backlash, xAI quietly stopped copying whole code projects to the cloud
TLDR: A security researcher says xAI quietly flipped a switch so Grok Build stopped uploading whole code projects, but the company still hasn’t explained why it happened or what happens to code already collected. Online, readers are split between outrage, grim jokes, and “we need receipts” sleuthing.
The real fireworks here are not just that xAI’s Grok Build tool appeared to scoop up entire private coding projects and send them to company-controlled cloud storage — it’s that the fix seems to have arrived quietly, invisibly, and without a word. That detail lit up the community mood fast: less “whoops, bug fixed” and more “wait, what already left people’s computers?” For many readers, the biggest outrage was not only the upload itself, but the idea that turning off the friendly-sounding “Improve the model” setting didn’t actually stop code from being sent.
The comments had a strong receipt culture energy. One person immediately linked the earlier Hacker News thread like a detective pinning evidence to a corkboard, a reminder that this drama had already exploded once and people were keeping score. Others zeroed in on the jaw-dropping mismatch: only a tiny amount of data was needed to answer a coding request, but a massive chunk of the whole project got uploaded instead. That fed the hottest take of the day: this wasn’t “helping with a task,” it looked like vacuuming up the house because you asked where the keys were.
There was also pushback from the more technical crowd, with some arguing that many coding tools normally read only small pieces of a project, which made this behavior feel even more extreme, not less. And while the jokes wrote themselves — “local-first” became the punchline of the day — the underlying vibe was nervous laughter. People were not just dunking on xAI; they were asking the uncomfortable question: if the silent fix is real, what happens to the code that was already copied?
Key Points
- •A security researcher reported that xAI’s Grok Build CLI version 0.2.93 uploaded entire tracked Git repositories, including history, to a Google Cloud Storage bucket named grok-code-session-traces.
- •In the reported test, about 192 KB of task-related model traffic was accompanied by roughly 5.1 GB of repository upload from a 12 GB codebase.
- •The article says a canary credential placed in a .env file appeared unredacted in captured traffic, indicating secrets in repositories could be transmitted.
- •Disabling Grok Build’s 'Improve the model' setting did not stop the uploads; the article says that toggle controlled training consent rather than data transmission.
- •Follow-up testing found no repository uploads after server responses changed to disable_codebase_upload: true and trace_upload_enabled: false, but the article says this was verified only on one machine and one account.