According to The Verge, SpaceXAI's Grok Build CLI uploaded users' entire codebases to Google Cloud before the company disabled the feature.
What exactly happened with Grok Build's upload mechanism?
According to The Verge, SpaceXAI's Grok Build CLI "was spotted uploading users' entire codebases to Google Cloud before it was reported, and the company turned it off" (E1). A protocol-level analysis by researcher cereblab, examining Grok Build CLI version 0.2.93, found that the tool sent file contents "verbatim and unmasked" to SpaceXAI through two channels: the real-time conversation API (POST /v1/response) and a workspace-state API (POST /v1/storage) (E8). To quantify the scale, researchers ran a test on a 12GB project. The conversation itself generated only 192KB of visible data, yet 5.10GiB was uploaded in the background — a ratio of roughly 27,000 times more data transferred than what appeared in the chat interface (E9). According to iThome, the destination for these uploads was not SpaceXAI's own data centers or AWS S3, but a Google Cloud Storage (GCS) bucket, and researchers said this mechanism appeared nowhere in the CLI's documentation, running by default and unaffected by disabling the "improve the model" option (E10).
What sensitive data was swept up in the uploads?
Cereblab's report, published Monday, July 14, 2026, described the CLI as "packaging and uploading entire code repositories, including files it was told not to open and secrets deleted from history" (E2). Independent security researcher Dr. Lukasz Olejnik of King's College London told The Verge that this level of data retention was "excessive," and that the data potentially at risk included "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials" (E6).
How effective were SpaceXAI's privacy controls, like /privacy?
Elon Musk stated in a separate post that "privacy settings are always respected," while asking users to allow SpaceXAI to retain their data because it is "helpful for debugging issues" (E5). Cereblab disputed the framing of the /privacy command as a fix, stating that "/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control" (E7). Separately, according to iThome, SpaceXAI said it offers a zero data retention (ZDR) option: projects that enable it will no longer have their code or runtime stored, while projects that have not enabled ZDR can type /privacy in the CLI to turn off data retention (E11).
What did independent researchers and security experts conclude?
The underlying finding from cereblab's report — that the CLI uploaded repositories "including files it was told not to open and secrets deleted from history" (E2) — was corroborated by Olejnik's independent assessment that the retention was "excessive" and could expose "proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials" (E6). Both assessments point to the same category of risk: data the user believed was excluded or already removed was nonetheless transmitted.
What remediation did SpaceXAI carry out after disclosure?
After the Cereblab findings became public, SpaceXAI turned off the upload feature, according to The Verge (E1). Researchers verified the change directly: as of Monday, July 13, 2026, their tests showed SpaceXAI's servers returning a "disable_codebase_upload: true" flag, and the codebase upload "no longer fires" (E3). SpaceXAI also told iThome it would provide the ZDR option for companies that want no code or runtime stored going forward, alongside the /privacy command for projects not using ZDR (E11).
Was Musk's response consistent?
Elon Musk posted on X that all data Grok Build had previously uploaded would be "completely and utterly deleted" (E4). According to iThome's account of his subsequent remarks, Musk then said this previously uploaded data would be deleted entirely — meaning even data users had intentionally kept would be removed — but he also said the data was helpful for SpaceXAI's debugging and that he would be grateful if users chose to retain it, while still saying he would respect whatever users decided (E12).
What this means
The sequence of evidence shows a gap between the technical mechanism and the public framing of the fix. The upload path itself moved data at a scale far exceeding what appeared in the visible chat log — 5.10GiB against 192KB of conversation data, a 27,000-times difference (E9) — and operated by default outside any documented "improve the model" toggle (E10). SpaceXAI's own remediation, verified via the server-side "disable_codebase_upload: true" flag (E3), addressed that specific pathway. Yet the company's public messaging pointed to /privacy as a safeguard, which Cereblab explicitly said was a per-session toggle rather than "the switch that fixed this" (E7). Musk's own statements moved between promising complete deletion (E4) and asking users to keep their data for debugging purposes (E12), leaving the record on data retention less consistent than the server-side flag confirming the upload has stopped.