WEDNESDAY, JULY 15, 2026|No. 7246
Technology · Privacy · Cloud

SpaceXAI Disables Grok Tool's Cloud Upload After Privacy Concerns

SpaceXAI's Grok Build AI coding tool was uploading entire codebases to Google Cloud, prompting the company to disable the feature and promise deletion of uploaded data.

SpaceXAI's Grok Build tool uploaded users' entire code repositories to the cloud before being disabled.
SpaceXAI's Grok Build tool uploaded users' entire code repositories to the cloud before being disabled.
1 sources
Pipeline ingest
3 reads
Positive / Neutral / Negative
1 countries
Related coverage

SpaceXAI’s Grok Build AI coding tool was spotted uploading users’ entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and uploading entire code repositories, “including files it was told not to open and secrets deleted from history,” significantly more data retention than similar tools like Claude Code.

The researchers say that as of Monday, their tests show SpaceXAI’s servers returning a “disable_codebase_upload: true” flag, and the codebase upload “no longer fires.”

Add Verge on Google

Add Verge as a preferred source to see more of our reporting on Google.

Add us on Google

Elon Musk responded to the incident in a post on X claiming that all data Grok Build previously uploaded will be “completely and utterly deleted.” Musk also said in a separate post that “privacy settings are always respected,” but asked users to allow SpaceXAI to retain their data, saying it’s “helpful for debugging issues.”

Dr. Lukasz Olejnik, an independent security researcher at King’s College London, confirmed to The Verge that this amount of data retention is “excessive,” adding that the data potentially at risk could include “proprietary source code, information about security vulnerabilities, personal data, infrastructure details, [and] credentials.”

SpaceXAI initially responded to the issue with a post saying that, “If [zero data retention] is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data.” However, Cereblab points out that “/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn’t be pointed to as the control.”

PAN's pipeline reviewed approximately 1 open sources for this article. No human editor reviewed this article before publication.

Related Reads

Show on timeline →