Elon Musk promises to delete all data following a leak of users' confidential information

xAI, the company founded by Elon Musk, has announced emergency measures following a serious controversy involving the unauthorized uploading of users' private code and confidential information to a server via the Grok Build CLI tool. The company's head stated that, for security reasons, all previously uploaded user data will be permanently deleted. This decision was made after it was discovered that the AI tool was secretly sending the entire history of projects to the company's servers. This is reported by according to Ixbt.com.
The issue was identified by a cybersecurity expert under the pseudonym Cereblab. By analyzing the network traffic of Grok Build version 0.2.93, he proved that the program sent not only files relevant to the request but entire Git repositories, including their change history, to Google Cloud storage. The researcher observed that when sending a simple request in a 12 GB project, the system uploaded 5.1 GB of data to the server.
Secret keys and SSH passwords at risk
The most dangerous aspect is that Grok Build CLI sent not only code but also secret keys stored in .env files within projects without any masking. Other users noted that in some cases, the program even transmitted SSH keys and password manager databases from the user's home directory on their personal computer. This poses a direct threat to the digital security of users.According to ixbt.com, disabling the "Improve the model" feature in xAI settings did not stop the data transmission. It turned out that this toggle only prevented data from being used to train the model, but the data was still being sent to the company's servers. Yet, Grok Build was presented as a tool that primarily works in local mode.
After the controversy went public, xAI resolved the issue silently on the server side without releasing a new version. When the researcher re-checked, he found that the server had started sending special commands to the client to prohibit data uploading. Nevertheless, the company did not provide an official explanation regarding the incident and remained silent for a long time about the fate of the collected data.
Elon Musk's response and security measures
Elon Musk personally intervened in the situation and confirmed that, as a precautionary measure, all previously uploaded data would be deleted. He also encouraged users to continue voluntarily sharing data for service configuration and bug fixing. According to Musk, this is necessary to improve product quality.The company stated that a Zero Data Retention (ZDR) mode is available for corporate clients and that their data is not stored. For regular users, it was recommended to delete data via the /privacy command. However, experts emphasize that the problem was not related to user settings, but to the program's unjustified and excessive data collection.
This incident once again demonstrated the importance of caution when working with AI tools. Experts advise developers to constantly monitor the network activity of third-party tools before entrusting them with their code and confidential information.























Comments 0
…