xai-org/grok-build, now open source
Summary
xAI's grok CLI tool (a command-line coding assistant) had a critical privacy flaw where running it in a directory would automatically upload that entire directory to xAI's cloud servers, exposing users' SSH keys, passwords, and personal files without clear consent. After public backlash, xAI disabled the upload feature, deleted all previously uploaded user data, changed the default to keep data local, and released the tool's entire source code (844,530 lines of Rust) under an open Apache 2.0 license to rebuild trust and let users run it privately on their own computers.
Solution / Mitigation
xAI took the following steps explicitly mentioned in the source: (1) disabled the data upload feature, (2) deleted all user data that was previously uploaded to their servers, (3) disabled data retention by default for all users starting July 12th, and (4) released the entire Grok Build codebase as open-source under Apache 2.0 license so users can run it 'fully open-sourced and local-first with your own inference' without uploading to their servers.
Classification
Affected Vendors
Related Issues
Original source: https://simonwillison.net/2026/Jul/15/grok-build/#atom-everything
First tracked: July 16, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 85%