{"data":{"id":"57dce722-ca5e-4321-a868-486b3c88cf49","title":"SpaceXAI&#8217;s Grok programming tool was uploading its users&#8217; entire codebase to cloud storage","summary":"SpaceXAI's Grok Build AI coding tool was uploading users' entire codebases (the complete collection of source code files for a project) to Google Cloud storage without proper controls, including files users wanted to exclude and sensitive credentials (secret authentication data). The company disabled this upload feature after security researchers discovered and reported the issue.","solution":"SpaceXAI's servers now return a \"disable_codebase_upload: true\" flag, and the codebase upload feature \"no longer fires\" (does not activate).","labels":["security","privacy"],"sourceUrl":"https://www.theverge.com/ai-artificial-intelligence/965600/spacexai-grok-build-repository-upload","publishedAt":"2026-07-14T19:25:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["xAI"],"affectedVendorsRaw":["SpaceXAI","Grok Build","Google Cloud"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-14T19:25:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.9,"researchCategory":null,"atlasIds":null}}