In scenarios without tool invocation, xAI Grok Build version 0.2.93 uploads users' complete Git repositories along with commit history and unsanitized .env keys to a Google Cloud Storage bucket named grok-code-session-traces, independent of user commands.
Fact Restoration
In July 2026, security researcher cereblab intercepted HTTPS traffic on macOS using MITMProxy and discovered that Grok Build has two independent transmission paths. The first is the model interaction channel, which only sends file contents that the agent explicitly reads. The second is the background storage channel, which uploads the entire workspace snapshot to a storage bucket operated by xAI via POST /v1/storage. The researcher planted a file named never_read_canary.txt in the repository and instructed Grok not to read it; this file was still uploaded in its entirety, proving that the upload scope exceeds the model's actual usage needs. In a 12GB test repository, the model channel transmitted only 192KB of data, while the storage channel moved 5.10GiB of data — a ratio of approximately 27,800 times. In the same test, API_KEY and DB_PASSWORD from the .env file appeared in plaintext in both the request body and session archive.
Mechanism Breakdown
Neither the Grok Build CLI installation script nor the quick start documentation mentions this storage channel. After the user disables the "Improve the model" toggle, the server response still shows trace_upload_enabled: true, and background uploads continue. Following the incident, xAI made server-side changes to set disable_codebase_upload to true and added a /privacy command for users to view and disable sharing, but this option is enabled by default. Enterprise users who enable Zero Data Retention configuration will not have their code and trace data stored.
Industry Impact
For developers, this incident directly exposes the possibility of local codebases being taken outside the local environment without explicit consent. Independent developers and small teams continuing to use Grok Build must immediately execute the /privacy opt-out command to cease transmission; otherwise, some control over intellectual property is transferred to the cloud. For enterprise users, the Zero Data Retention option provides an isolated path, but lacks an independent audit mechanism to verify whether historical data has been completely deleted. In terms of competitive landscape, OpenAI CEO Sam Altman responded "concerning," indicating that differences in data handling transparency among similar AI coding tools could become a trigger for user migration. For xAI itself, the rapid server-side fix prevented further uploads, but the retention period and deletion scope of previously uploaded data were not publicly disclosed.
Strategic Judgment
Based on the available facts, the most likely development is that more developers will shift to coding tools that prioritize local-first or explicit data minimization principles. Verification signals include whether xAI publishes an independent third-party audit report and whether future versions disable all non-essential storage channels by default.
© 2026 Winzheng.com 赢政天下 | 转载请注明来源并附原文链接