Multiple reports describe findings by a security researcher who analyzed network traffic from xAI’s “Grok Build” coding CLI. The researcher, identified as “cereblab,” tested version 0.2.93 and published a wire-level analysis based on an intercepted request. According to the reports, the CLI does not limit uploads to only the files required for a given coding task. Instead, it reportedly packages and sends entire Git repositories, including full Git history (commit data) and other repository contents.

The reports further state that the captured upload could include committed sensitive information such as secrets and API keys that were already present in the repository. The data is described as being uploaded to a Google Cloud Storage bucket associated with xAI. The described upload size is characterized as dramatically larger than the amount of data expected from a targeted file read, suggesting the tool may be transmitting more information than necessary.

The coverage focuses on the researcher’s technical demonstration and captured network evidence; the reports do not present additional, independently verified conclusions from xAI in the provided excerpts.