Home/News/SpaceXAI's Grok Uploaded User Codebases to Google Cloud
The Verge2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

SpaceXAI's Grok Uploaded User Codebases to Google Cloud

SpaceXAI's Grok Build AI coding tool was discovered uploading users' entire codebases to Google Cloud storage, a vulnerability that has since been disabled. Cereblab published findings on Monday detailing how the Grok Build command-line interface (CLI) was packaging and uploading complete code repositories. This occurred even when the tool was instructed not to access certain files, indicating a broad data exfiltration mechanism.

The issue was identified and reported, prompting SpaceXAI to deactivate the feature. The company has not yet released a public statement regarding the incident or the specific reasons behind the tool's behavior. The implications of user code being uploaded to a third-party cloud service without explicit consent are significant, particularly for proprietary software and sensitive intellectual property.

While the exact scope and duration of the uploads are not fully detailed, the report suggests that the tool was designed to package code for potential analysis or backup purposes, but its implementation allowed for the unintended transfer of entire projects. This incident raises concerns about the security practices and data handling protocols of AI development tools, especially those integrated with cloud services like Google Cloud.

Further investigation into the technical details of the Grok Build CLI's functionality is expected to clarify the extent of the data exposure. Users of the Grok Build tool are advised to review their cloud storage and security settings and remain vigilant for any official communications from SpaceXAI regarding this matter.

Original source — read the full reporting at the publisher:

Read on The Verge

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next