Here's a fun way to ruin a Monday morning: discover that your AI coding assistant has been hoovering up your entire code repository—secrets, ignored files, and all—and shipping it off to Google Cloud storage without making a particularly big deal about it. That's exactly what happened with xAI's Grok Build CLI tool, and honestly, it's the kind of story that should make every developer pause before piping an AI tool straight into their project root.

What Actually Happened

Researchers at Cereblab published findings this week showing that Grok Build—xAI's command-line AI coding tool—was packaging and uploading entire code repositories to Google Cloud infrastructure. And not just the files you'd expect an AI assistant to need. We're talking files the tool had been explicitly told not to touch, and credentials that had been deleted from version history. Deleted. From history. Still uploaded.

That last part deserves a moment of silence. If you've ever had to do the panicked git-filter-branch dance to scrub an accidentally committed API key, you know how deeply uncomfortable it is to learn that "deleted from history" apparently didn't mean "gone" in Grok Build's worldview.

Once Cereblab's findings went public, xAI switched the behavior off. Which raises the obvious follow-up question: was anyone watching before that?

How This Compares to Other AI Coding Tools

The researchers specifically noted that Grok Build's data collection was substantially more aggressive than comparable tools—citing Anthropic's Claude Code as a point of comparison. That's a meaningful benchmark. Claude Code has its own set of privacy considerations that developers should understand, but apparently "upload everything including the stuff we were told to ignore" wasn't among them.

This matters because the AI coding tool space has quietly normalized a lot of data transmission that developers may not have explicitly consented to in any meaningful sense. Most people click through CLI tool permissions the same way they click through cookie banners. The assumption—reasonable, until it isn't—is that the tool needs context to do its job, not that it's vacuuming your entire repo into someone else's cloud bucket.

The Deeper Problem with "Context" as a Justification

AI coding assistants genuinely do benefit from broader context. More of your codebase means better suggestions, fewer hallucinated function signatures, and less back-and-forth clarification. That's a real tradeoff, not a made-up one. The issue is when that context collection happens without clear disclosure, encompasses data explicitly excluded by the user, and includes sensitive credentials that were supposed to be gone.

There's a spectrum here. On one end: "we send your current file to our servers for inference." On the other end: "we package your entire repository, including deleted secrets and files on your ignore list, and upload it to a third-party cloud provider." Those are not the same thing, and users deserve to know exactly where on that spectrum any given tool sits—preferably before they run it on a production codebase.

What Developers Should Actually Do

First, treat any AI CLI tool with the same suspicion you'd apply to a random npm package with network access—because that's essentially what it is. Before running these tools on sensitive codebases, it's worth checking what data they transmit, where it goes, and what the retention policy looks like. That information should be in the documentation. If it isn't, that's itself a red flag.

Second, consider running AI coding tools in isolated environments for sensitive projects. Sandboxed directories, throwaway credentials, stripped-down repos. It's more friction, but it's the kind of friction that prevents the "we accidentally uploaded the database connection strings" incident report.

Third—and this applies to xAI and every other company shipping AI developer tools—default behavior should be the least invasive option, not the most. Uploading everything shouldn't be the out-of-the-box setting. That's a choice, and it's a choice that reflects priorities.

The fact that xAI turned this off quickly after it was reported is fine. The fact that it apparently needed to be reported publicly before that happened is the part worth sitting with.

AI coding tools are genuinely useful. The category isn't going away, and neither is the legitimate need for context to make them work well. But "useful" and "trustworthy" aren't the same thing, and right now the burden is on developers to verify which one they're actually getting.