Skip to main content
CybersecurityPrivacy & Surveillance

Musk Vows Data Purge After Grok Exposes User Repos

Dimly lit server room with exposed cables and a hint of data deletion.

"As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted," Elon Musk wrote, adding that "Zero anything whatsoever will remain."

Grok Build's CLI behavior — entire repos, full Git history, raw files

The AI command-line interface Grok Build — developed by SpaceXAI — was found by researcher Cereblab to upload whole repositories, including full Git history and raw file contents, to a Google Cloud Storage bucket used by SpaceXAI. Cereblab reported that when Grok Build reads or processes a file, the contents of that file are transmitted without redaction, and that the CLI packages entire repos as Git bundles rather than opening only the files required to answer a prompt.

In tests described by Cereblab, a benign prompt instructing the CLI to reply with "OK" and explicitly directing it not to open any files nonetheless resulted in a complete repo upload — including a Git history containing secrets that had been deleted months earlier. The researcher reproduced the finding with a separate repository, and other users reported similar experiences after the report published, including an account in which an entire user directory containing SSH keys and password manager databases was opened and uploaded.

Cereblab's investigation and the technical stopgap

The report, published Sunday by AI safety researcher Cereblab, contrasted Grok Build's behavior with other CLIs such as Claude Code, Gemini, and Codex, which the report said open individual files rather than bundling whole repositories with their histories. Cereblab confirmed that a server-side setting — disable_codebase_upload set to "true" — stopped whole-repo transmissions.

Cereblab criticized SpaceXAI’s guidance that points users toward the CLI's /privacy command, writing: "/privacy is a per-session retention toggle, not the switch that fixed this, so it shouldn't be pointed to as the control. And no developer should have to run an opt-out after every session to keep their own code off someone else's servers. The right default is off." The researcher said the silent global flag was what actually stopped uploads, applying whether a user opted in or out.

SpaceXAI's public response, the /privacy control, and Musk's pledge

SpaceXAI issued a public statement via X attempting to reassure customers and enterprise users. The company wrote: "We care deeply about your privacy and respect customer choice," and added, "For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR." The post also stated: "If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. Run the /privacy command to view or change your settings at any time."

Technical staff Andrew Milich and Jason Ginsberg echoed the company's assurances in community responses. Musk responded to Milich with a brief "true" and later promised the company would delete all user data uploaded prior to the code change: "As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted," he wrote, adding "Zero anything whatsoever will remain." In a separate post he asked users to keep sharing data, saying retaining "some" data helps with debugging.

The Register noted it could not independently verify whether SpaceXAI had completed the promised deletions. The company’s server-side change, however, coincided with Cereblab’s confirmation that Grok Build stopped transmitting entire repositories to SpaceXAI’s servers.

What this means for technologists, enterprises, and developers

  • Technologists and security teams: Expect scrutiny over default retention behaviors and server-side flags. Cereblab’s confirmation that disable_codebase_upload: true halted uploads highlights the importance of auditing global controls rather than relying solely on per-session toggles.
  • Enterprises and procurement leaders: Zero data retention (ZDR) was emphasized by SpaceXAI as a protections setting; organizations that have not enabled ZDR were advised to run the /privacy command to delete previously synced data, per the company’s guidance.
  • Individual developers and end users: The discovery that deleted secrets persisted in Git history and were transmitted alongside full repos underscores the need to check local histories and consider repository hygiene and access when using external tooling that interacts with source code.

Conclusion — a fix, a promise, and an outstanding verification

SpaceXAI's server-side change appears to have stopped Grok Build from packaging and uploading entire repositories; Cereblab verified that disable_codebase_upload set to "true" halted the behavior. SpaceXAI and its technical staff have pointed users to ZDR settings and a /privacy CLI command, and Elon Musk has promised that previously uploaded user data will be completely deleted. What remains is independent verification of that deletion and a reckoning over defaults: Cereblab’s statement that "The right default is off" leaves a clear question for SpaceXAI and other tooling vendors — which defaults will they choose going forward, and how will users be able to trust the outcome?

Original story