Grok Build Open-Sourced After Covert Upload: Code to Exfiltrate Repos Stays In
techtimes.com Jul 16, 2026

Grok Build Open-Sourced After Covert Upload: Code to Exfiltrate Repos Stays In

AI-summarised brief · reviewed before publication

xAI open-sourced its Grok Build terminal coding agent on July 13, 2026, after a security researcher revealed the tool covertly uploaded entire code repositories to xAI's Google Cloud Storage. The release included 844,530 lines of Rust code under the Apache 2.0 license, but researchers confirmed the code responsible for exfiltrating data remains in the binary, controlled by a server-side flag. Developers who used Grok Build before July 13 in a Git repository should consider all credentials and commit history potentially exposed.

💡 Why It Matters

  • · The incident exposes a critical gap between developer expectations and the behavior of AI-powered coding tools.
  • · The promise of privacy in such tools is central to their adoption, and the failure to honor that trust can have lasting consequences for code security and corporate data integrity.