🟠 High | Source: The Register — Security
Grok Build, xAI’s AI coding tool, was found to be silently uploading entire source code repositories to the cloud without clear user consent. A researcher confirmed the uploads have since stopped, but disputes that xAI’s own privacy directive was the cause of the fix. This raises serious concerns about data exfiltration risks posed by AI-assisted development tools embedded in developer workflows.
Security Architect’s Take: Audit any AI coding assistants in use across your engineering teams — review network egress logs for unexpected outbound traffic to xAI or third-party AI endpoints, and enforce DLP policies that flag or block bulk code uploads. Consider restricting Grok Build or similar tools via endpoint controls until xAI provides transparent disclosure of what data is collected and how.
Original advisory: Musk promises purge after Grok Build caught sending entire repos to the cloud