
An AI coding agent installed on a developer's machine touches a company's source code directly: that is the sensitive point the Grok Build incident just underlined, xAI's command-line coding tool. In mid-July 2026, researchers showed the agent was sending entire repositories, including secrets, to the vendor's cloud, far beyond what the requested task needed. For an SME leader considering equipping developers with an AI coding agent, the episode offers a concrete checklist.
Key takeaways
- In mid-July 2026, researchers found that Grok Build, xAI's command-line coding agent, was sending entire Git repositories, including history and files never read by the model, to the vendor's cloud storage (source: The Hacker News, Simon Willison's Weblog).
- In a test on a 12 GB repository, the storage channel transmitted 5.10 GiB, versus 192 KB actually needed by the model, nearly 28,000 times more data than the task required (source: The Hacker News).
- xAI responded in three steps between July 12 and 15, 2026: retention disabled by default, the upload function cut off server-side, then the tool's source code released under an Apache 2.0 license.
- Elon Musk pledged the complete deletion of data already uploaded by users before the fix.
- For an SME, the lesson goes beyond xAI: before installing any AI coding agent (Grok Build, but also market alternatives), check what it sends, where, and under which default setting.
What happened at xAI
Grok Build is xAI's command-line coding agent, designed to read a project, edit files, and run commands at a developer's request. Like most AI coding agents, it needs to send part of the code to the model so it can reason about it.
The problem identified in mid-July 2026 by an independent researcher, publishing as cereblab, was different: beyond what the model actually read, the tool packaged the entire Git repository, including files never opened during the session and a full commit history, and sent it to a cloud storage space named grok-code-session-traces, managed by xAI. One user reported seeing "my SSH keys, my password manager database, my documents, photos, videos, everything" uploaded after running the tool in their home directory.
July 12, 2026
Retention disabled by default
July 13, 2026
Upload cut off server-side
July 15, 2026
Source code released
Worth noting
xAI states that teams on a zero-data-retention account never had code or trace data stored. The flaw concerned the default setting, not a hidden option impossible to avoid: it mainly affected users who had never had a reason to think about it.
Why this episode goes beyond Grok Build
The core problem is not specific to xAI. An AI coding agent installed locally has, by design, broad access to the workstation: configuration files, Git history, sometimes credentials left in the code. The question an SME should ask is not "is this tool trustworthy in theory," but "what does it actually do with my files, by default, from the first use."
Three factors make this type of incident worse for a company:
- Source code is often a technical SME's most sensitive asset: business logic, API keys, sometimes customer data left in test files.
- The default setting affects every user who has not read the documentation in detail, which is most teams.
- Detection came from an independent researcher, not an internal audit: few SMEs have the resources to run this kind of technical check themselves.
How to audit an AI coding agent before adopting it
Test on a repository without secrets
Read the retention policy
Check the default setting
Ask for a local-first mode
Track the vendor's responsiveness
A checklist to send an AI coding agent vendor
| Question to ask | Why it matters |
|---|---|
| What data leaves the workstation, and how often? | Distinguishes a targeted send to the model from a massive background upload. |
| Where are code traces stored, and for how long? | Determines exposure if the vendor suffers a breach. |
| Is there a zero-retention option for business accounts? | Reduces risk even in the event of a technical incident. |
| Is the default setting protective or permissive? | Most users never change default settings. |
| Does the vendor have a track record of quickly documented and fixed incidents? | A fast, transparent fix beats prolonged silence. |
Measured optimism
xAI's response, a fix within days followed by releasing the source code to allow an independent audit, illustrates a positive trend: pressure from the technical community is now pushing AI agent vendors to fix issues fast and document their data practices. That is a point to build into any SME AI strategy, not a reason to give up on these tools.
FAQ
What is an AI coding agent?
An AI coding agent is software that uses an artificial intelligence model to read a software project, propose or apply code changes, and run commands at a developer's request. Grok Build (xAI), Claude Code (Anthropic), and Copilot CLI (GitHub) are examples.
Is Grok Build unsafe to use today?
According to xAI, the mass-upload function has been disabled by default since mid-July 2026, and the tool's code is now public, allowing an independent audit. An SME considering it should still apply the same checklist as for any other AI coding agent before a production rollout.
How do I know if an AI tool is sending more data than needed?
The simplest test is to observe the network traffic generated by the tool, using a proxy or an application firewall, during a simple task on a test repository with no sensitive data, then compare the volume sent to the actual size of the file involved.
Should an SME avoid AI coding agents after this incident?
No. The episode mainly shows the value of checking default settings and data policy before adoption, not a general flaw in this category of tools. Many agents already offer zero-retention accounts for business use.
Conclusion
The Grok Build incident is a reminder of a simple rule: an AI coding agent should be evaluated like any vendor with access to a company's source code, with a contract, a clear data policy, and a protective default setting. Before equipping a development team, an hour spent on this kind of check is worth more than finding out about a problem afterward. To go further on securing AI tools connected to your business, see our guide on securing AI connectors and more case studies on our Resources page.


