Top stories
What xAI's Grok Build CLI sends to xAI
- Category: Security
- Status: developing
- Sources: wire-capture writeup, HN discussion
- Summary: A researcher (cereblab) published a wire-level analysis dated 2026-07-10 of xAI's Grok Build CLI v0.2.93 using mitmproxy interception and planted canary files. The writeup claims the CLI transmits the contents of files it reads, including a
.envsecrets file, to xAI verbatim, and separately uploads the entire workspace as git bundles to a Google Cloud Storage bucket namedgrok-code-session-traces(POST /v1/storage) independent of what the agent reads. It reports a 12 GB repository produced about 5.10 GiB of storage uploads while model-channel traffic was only 192 KB, and that recovered bundles contained never-read files. It also cites telemetry to Mixpanel and an xAI events endpoint, and states the behavior runs by default regardless of privacy settings. - Comments: HN commenters quote the writeup's claim that upload covers every tracked file plus git history regardless of reads. A commenter identifying as a GitHub Copilot engineer rejected a side-thread claim that Microsoft can read all GitHub repositories. Others note the file-exfiltration risk is not specific to AI (any program run as the user can read your files) and recommend running coding CLIs inside a sandbox with limited directory access, while one suggests a plausible server-side reason (inspecting the codebase during model "thinking" without round-trip tool calls).
- Why it matters: If accurate, a widely used coding CLI ships full repository contents and plaintext secrets to a vendor bucket by default, which is a credential-rotation and data-governance event for any team that ran it.
- Follow-up: Watch for an xAI response or a Grok Build CLI change, independent reproduction of the wire captures, and whether an opt-out or redaction lands.