{"data":{"id":"7676c958-8e3d-4a89-8b8d-474b1c6275a9","title":"Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read","summary":"Grok Build, xAI's coding assistant, was uploading entire Git repositories (a version control system that tracks code changes) to cloud storage, not just the files it needed to read. A researcher discovered that a 12 GB repository generated only 192 KB of traffic to the model but 5.10 GB to storage, and even files the AI was instructed not to open were included, along with unredacted credentials like API keys and passwords. Unlike competing tools from Claude and Google, Grok Build was the only one collecting the entire workspace.","solution":"On July 13, xAI disabled the storage uploads server-side by switching a flag (disable_codebase_upload: true and trace_upload_enabled: false), which multiple users confirmed they received. However, xAI has not confirmed whether this change applies to all accounts or is permanent, and no update to the software itself was released—the change was made on the server side while users remained on version 0.2.93.","labels":["security","privacy"],"sourceUrl":"https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html","publishedAt":"2026-07-14T09:02:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["xAI"],"affectedVendorsRaw":["xAI","Grok Build","Claude","Codex","Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-14T09:02:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}