ctipilot.ch

xAI Grok Build CLI whole-repository/secrets exfiltration (July 2026)

incident · incident:xai-grok-build-cli-repo-exfiltration-2026-07

Researcher Cereblab's wire-level analysis found xAI's Grok Build CLI silently bundled and uploaded developers' entire Git repositories (full history plus secrets) to a SpaceXAI-controlled Google Cloud Storage bucket regardless of the prompt; xAI applied a silent server-side fix (disable_codebase_upload) on 2026-07-13 with no advisory and Musk pledged deletion of previously uploaded data (The Register, 2026-07-14).

Aliases: Grok Build data leak, Grok Build CLI upload incident

Coverage timeline
0
first 2026-07-15 → last –
no data
Peak priority
no matching entries
Sources cited
0
0 hosts
Sections touched
0
Co-occurring entities
0
no co-occurrence
ATT&CK techniques
0
no mapped behavior yet

Story timeline

No published entries reference this entity yet.

explore in graph

Entries about xAI Grok Build CLI whole-repository/secrets exfiltration (July 2026)

No published entry references this entity yet · entries match by registry key, by the entity's name or a public alias appearing in the entry title or body, or (for CVE entities) by exact CVE id.