SpaceXAI’s Grok Build coding assistant was discovered uploading users’ entire codebases to Google Cloud storage before the feature was disabled. Security researchers at Cereblab documented that the tool packaged full repositories, including files it was instructed not to open and secrets removed from history. This data retention level exceeded that of similar tools like Claude Code. SpaceXAI servers subsequently returned a flag disabling the upload function, confirming the issue was resolved as of Monday.
The incident raises questions about how much private code developers might have exposed while using the service. Users relying on the tool for local development now need to verify if their historical sessions were fully processed. SpaceXAI has not issued a detailed public statement regarding the scope of data access.
- Cereblab researchers confirmed the upload flag was active before being turned off.
- Files marked as secret were included in the uploaded data.
- Google Cloud was the destination for the transferred repositories.




