律动BlockBeats
律动BlockBeats|7月 13, 2026 01:46
[Grok Build Exposed for Uploading Entire Codebase, Keys and Git History Potentially Stolen] According to monitoring by Beating, security researchers conducted packet capture on Grok Build CLI 0.2.93. The results revealed that this xAI programming agent uploads the entire current Git repository to the cloud. The content includes all Git-tracked files and the complete commit history, not limited to the code actually read by the agent. Researchers instructed Grok to 'not read any files,' yet they were still able to recover unopened decoy files from the uploaded package. The same result was reproduced in a second repository. When testing a 12GB repository, 5.5GB of data had already been successfully uploaded before the process was halted. If Grok reads the .env file, API keys and database passwords within it would also be included in model requests and session archives. Even after disabling the 'Improve the model' option, the full repository upload continues. The official xAI documentation only states that prompts and file content are sent to the cloud for inference, without mentioning the additional upload of the entire repository. [Original Link]
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads