SpaceXAI disables Grok coding tool feature after reports of unauthorized codebase uploads to cloud storage
SpaceXAI has disabled its Grok coding tool's upload feature following reports that the software was capturing and storing unauthorized user codebases and sensitive data in the cloud.

1. Unauthorized Data Uploads
SpaceXAI’s Grok Build AI coding tool was recently found to be uploading entire user codebases to Google Cloud. Research published by Cereblab on July 14, 2026, revealed that the tool was capturing extensive data, including files explicitly excluded by users and secrets that had been deleted from repository history. Security experts, including Dr. Lukasz Olejnik of King’s College London, characterized this level of data retention as excessive, noting that it potentially exposed proprietary source code, security vulnerabilities, infrastructure details, and sensitive credentials.
2. Company Response and Remediation
Following the report, SpaceXAI disabled the codebase upload feature. Tests conducted by researchers confirmed that the tool’s servers now return a flag indicating that uploads are disabled. Elon Musk addressed the incident on X, stating that all previously uploaded data would be "completely and utterly deleted." While Musk maintained that privacy settings are generally respected, he encouraged users to allow data retention, arguing that the information is useful for debugging technical issues.
3. Clarification on Privacy Controls
There has been some confusion regarding how users can manage their data within the tool. SpaceXAI initially directed users to a "/privacy" command in the command-line interface to disable retention and delete synced data. However, researchers at Cereblab clarified that this command functions only as a per-session toggle rather than a global setting, and therefore did not serve as the primary fix for the unauthorized uploads.
