Security researchers discover privacy risks in Grok build, with entire Git repositories uploaded.

iconAiCoin
Share
AI summary iconSummary
Security researchers have identified a potential security vulnerability in xAI's Grok Build CLI 0.2.93, which uploads entire Git repositories—including tracked files, commit history, and sensitive keys—to the cloud. Testing revealed that Grok uploaded decoy files even when instructed not to read them. In a test with a 12GB repository, 5.5GB was uploaded before the process was interrupted. If .env files are accessed, API keys and passwords may be included in model requests. Disabling the "Improve the model" option had no effect. The incident raises concerns about data exposure and the handling of training data in AI systems.

Security researchers found that xAI's Grok Build CLI 0.2.93 uploads the entire Git repository to the cloud, including all tracked files, commit history, and sensitive keys. Tests showed that even when instructed not to read files, Grok still uploads decoy files. During a test with a 12GB repository, 5.5GB of data had already been uploaded before interruption. If Grok accesses the .env file, API keys and database passwords are transmitted in model requests and session archives. Even after disabling "Improve the model," the full repository upload continues.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.