SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage
Summary
SpaceXAI's Grok Build AI coding tool was uploading users' entire codebases (the complete collection of source code files for a project) to Google Cloud storage without proper controls, including files users wanted to exclude and sensitive credentials (secret authentication data). The company disabled this upload feature after security researchers discovered and reported the issue.
Solution / Mitigation
SpaceXAI's servers now return a "disable_codebase_upload: true" flag, and the codebase upload feature "no longer fires" (does not activate).
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://www.theverge.com/ai-artificial-intelligence/965600/spacexai-grok-build-repository-upload
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 90%