Home / Latest

Photo of cryptocurrency, autonomous vehicle, VR headset
Image: Wikipedia
Latest

xAI Grok CLI Sends User Data

WireByte Staff · July 12, 2026

xAI's Grok Build CLI sends user files and repository data to xAI, including secrets and git history, sparking concerns over data privacy.

Key points

  • xAI's Grok Build CLI transmits file contents, including .env secrets, to xAI without redaction.
  • The CLI uploads the entire repository, including tracked files and git history, via POST /v1/storage.
  • This data is sent to xAI regardless of what files the agent is instructed to read.
  • The findings are based on a wire-level analysis of the Grok Build CLI, version 0.2.93.
  • The analysis used a throwaway repository with fake secrets to capture and verify the data transmission.

Introduction

xAI's Grok Build CLI has been found to send user data, including sensitive information, to xAI. This discovery has raised concerns over data privacy and security.

Key Findings

The Grok Build CLI, version 0.2.93, transmits the contents of files it reads to xAI, including .env secrets files, without any redaction. Additionally, the CLI uploads the entire repository, including all tracked files and git history, to xAI via the POST /v1/storage endpoint.

Implications

The implications of this discovery are significant, as it suggests that xAI may have access to sensitive user data, potentially without the user's knowledge or consent. This raises questions about the company's data handling practices and the potential risks to users.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.