SecurityJul 15, 2026, 11:59 PM

xai-org/grok-build, now open source

30-second summary

xAI released the source code for its Grok CLI tool after users discovered it uploaded entire directories, including sensitive files like SSH keys, to its servers.

TickrWire
Key takeaways
  • xAI open sourced the grok-build CLI tool on GitHub.
  • The tool previously faced criticism for uploading entire local directories to the cloud.
  • Sensitive user data, including SSH keys and passwords, was potentially exposed.
  • The code release enables the community to audit the tool for security issues.
Full story

xAI has made the Grok CLI tool, grok-build, open source on GitHub. This decision follows immediate backlash from the developer community regarding a critical security flaw in the tool's initial implementation.

Users reported that executing the command in a directory caused the tool to upload the entire folder contents to xAI's Google Cloud buckets. This led to unintended exfiltration of private data, including SSH keys, password manager databases, and personal media files.

By open sourcing the repository, xAI allows external developers to audit the codebase and verify the data handling mechanisms. The incident serves as a cautionary tale regarding the security practices of rapidly released AI development utilities.

Why this matters
Developers

Critical warning to vet CLI tools for data exfiltration risks before running them in sensitive directories.

Businesses

Highlights the supply chain security risks involved in adopting new AI tooling from major vendors.

Everyone

Demonstrates how AI tools can mishandle private data despite coming from reputable companies.

Sources · 1
Read next
More stories
TickrWireAI News Intelligence

We aggregate, verify, summarise and explain the latest artificial intelligence news from open, legal sources.

Daily AI digest

Top AI stories, summarised, in your inbox each morning.

© 2026 TickrWire. Summaries and analysis are AI-generated and may contain errors.