The Grok scandal involving "silent" code uploads, followed by open-sourcing as an attempt to regain trust.
Grok CLI and Tracking
https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/
https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547
Several users reported that upon session startup, the Grok Build CLI deterministically (not as an autonomous agent decision) archives the current directory or Git repository and uploads it to Google Cloud Storage (grok-code-session-traces). One user ran grok from their home directory and observed that SSH keys, password managers, documents, photos, and all other personal files were being uploaded.
Investigations revealed that this is NOT the model's behavior. The "Improve the model" / /privacy settings only control whether the data is used for training, not whether files are copied from the machine in the first place. This behavior is executed by the harness code. Analysis (by cereblab, on grok version 0.2.93) revealed two data transmission channels:
- Model turn (
/v1/responses) — content actually read by the agent (including.envfiles). - Entire directory snapshot — a separate upload of the entire repository, including Git history, even containing files that the agent was explicitly instructed not to read.
For a 12 GB repository, approximately 5.1 GiB was uploaded to Google Cloud Storage, compared to only ≈192 KB sent to the model. A local workaround was identified using a kill-switch: setting [harness] disable_codebase_upload = true in ≈/.grok/config.toml (along with environment variables to disable telemetry). However, following the public backlash, xAI servers disabled these uploads on their end around July 12. Elon Musk promised to completely delete all previously uploaded data.
https://news.ycombinator.com/item?id=48892468
The tone on Hacker News (HN) is highly critical, with users arguing that authorizing an agent to "trust this directory" should not grant permission to "upload everything to the vendor." Consequently, there is strong advocacy for running AI agents within VMs, containers, or dedicated user accounts to restrict access to local systems.
Comparisons were drawn to Cursor's indexing behavior (which also uploaded all files on startup), but in Cursor's case, this was clearly documented as a requirement for faster embedding generation.
Grok CLI Open-Sourced
https://x.ai/open-source
https://github.com/xai-org/grok-build
https://simonwillison.net/2026/Jul/15/grok-build/
Following the controversy, xAI/SpaceXAI open-sourced the Grok Build codebase on GitHub under the Apache 2.0 license. It consists of a Rust TUI and an agent runtime (≈845k SLOC, with ≈3% vendored). The repository acts as a periodic snapshot of their internal monorepo (SOURCE_REV), and external pull requests or issues are not accepted. Users can build from source and run it local-first using their own inference backend. However, in practice, the CDN-distributed binaries and the open-source tree may differ, as reproducible builds are not yet supported.
Traces of the upload mechanism remain in the code (upload/gcs.rs), but the session upload now returns session_state_upload_unavailable. The codebase also includes ported tools from Codex/OpenCode (with appropriate THIRD-PARTY notices), a terminal Mermaid renderer, and system/subagent prompts.
Discussion
https://news.ycombinator.com/item?id=48926590
Reactions on Hacker News are mixed: some view this as a strategy of a lagging player or as an "open-sourced because they got caught" move. Others praise the TUI for its mouse support and smoothness. The community has already started creating privacy-focused forks:
- gork-build: https://github.com/thedavidweng/gork-build (strips telemetry, blocks auto-updates),
- digi-grok / open-grok (multi-provider support),
- desktop Tauri wrappers,
- scripts to disable telemetry.
However, many believe these forks lack utility for other models, as alternatives like Pi or OpenCode are better suited for those workloads.
#grokbuild #grok #agenticcoding