
TL;DR
Days after getting caught uploading entire codebases to xAI servers, Grok Build is now open source on GitHub. The HN community isn't convinced it's enough.
| Resource | Link |
|---|---|
| Grok Build GitHub Repo | github.com/xai-org/grok-build |
| Hacker News Discussion | news.ycombinator.com/item?id=48926590 |
| Original Data Exfil Analysis | Cereblab Wire-Level Analysis |
| xAI Grok Build Docs | docs.x.ai/build/overview |
Last updated: July 15, 2026
Less than 48 hours after a security researcher documented Grok Build CLI uploading entire repositories - including .env files with secrets - to xAI's Google Cloud infrastructure, the company has released the full source code on GitHub. The timing is not lost on the developer community.
The grok-build repository contains the Rust source for xAI's terminal-based AI coding agent. According to the README:
The codebase is Apache 2.0 licensed with third-party notices acknowledging code ports from OpenAI's Codex and SST's opencode.
From the README:
This repository contains the Rust source for the
grokCLI/TUI and its agent runtime. It is synced periodically from the SpaceXAI monorepo.
You can build it with cargo run -p xai-grok-pager-bin or install the release binary via the official installer.
On July 13, a security researcher named cereblab ran Grok Build through mitmproxy and captured what it actually sends home. The findings were damning:
grok-code-session-traces GCS bucketWhen a test .env file containing simulated credentials was placed in the working directory, it appeared verbatim in both live model requests and archived session uploads. The upload behavior persisted even when users explicitly instructed the CLI not to access certain files.
For full technical details, see our wire-level analysis coverage.
Newsletter
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools, delivered free every week.
From the archive
Jul 15, 2026 • 9 min read
Jul 15, 2026 • 7 min read
Jul 15, 2026 • 8 min read
Jul 15, 2026 • 8 min read
The GitHub release drew 90+ points and 100+ comments on Hacker News. The discussion is deeply skeptical.
The cynical read:
The most common take is that this is pure damage control. One top comment: "I wonder if releasing this may have been on the roadmap, but been prioritized as a bit of whiplash following the 'you forfeit the entirety of your working directory as a condition of working with this tool' upset."
Another commenter was more direct: "xai is now in pure damage control mode, after they caught exfiltrating data from users."
Several commenters noted this feels like a tactical move rather than a principled open-source commitment: "If you have an LLM with less than 1% of the share to begin with, you suffer from bad rep and you got caught uploading user data, one of the very few remaining tactical moves to try to climb out of it is this."
The trust problem:
Even developers who praised the TUI quality are cautious. One wrote: "Really good TUI harness, it's a shame with the other news, but some other TUI agents should take some inspiration from pieces of this."
Others are staying away entirely: "Grok has had far too many instances where it's clear that the team building it cannot be trusted and does not care to build trustworthy products. I highly caution anyone from using any tools from xAi."
The technical interest:
Some commenters see value in the source for reverse-engineering purposes: "Trying to reverse engineer some specifics of how it does stuff has been a pain in the ass, and this will make it easier."
One developer asked whether the repo even compiles without the rest of the monorepo: "The commit message says 'initial sync from the monorepo.' Is this even compilable without the rest of the source code?"
The trace.rs file:
Multiple commenters zeroed in on the upload code at crates/codegen/xai-grok-shell/src/upload/trace.rs, asking whether this is the "infamous cloud upload routine." One noted: "I'm not sure it is indeed insidious, though it is of course possible that the code has been filtered out."
According to reports, xAI has:
disable_codebase_upload config option in the CLIWhether any of this is verifiable from the open source is unclear. The trust model for a coding agent requires you to believe the binary you're running matches the source, and that the source actually represents all behavior.
Several commenters noted that Grok 4.5 is actually a good model. One wrote: "It's a shame that they exfiled private data. The model is actually good (better than opus 4.8 imo) and the harness itself is butter smooth with the potential of being the best out there."
This creates an awkward situation where the product quality is high but the trust is destroyed. As one commenter put it: "if you like grok-4.5 model, I suggest use the model directly via API, or use Grok's OAuth tokens if you are using supergrok+ subscriptions and connect it to your own agent."
If you're considering Grok Build after the open-source release:
The case for: The TUI is genuinely well-designed. The Rust codebase is now auditable. If you build from source and run through a proxy, you can verify what it sends.
The case against: Trust is hard to rebuild. The company shipped code that uploaded user data without meaningful consent, and the privacy toggle was non-functional. The open-source release happened under pressure, not as a principled choice.
The middle ground: Use the model (Grok 4.5) directly through API if you need it, but route it through your own agent harness. Several open-source harnesses like Claude Code, Codex CLI, or opencode can connect to third-party models.
Every coding agent has access to your filesystem. The implicit contract is that they process files locally or transmit only what's needed for model inference. Grok Build broke that contract by uploading entire repositories including files never touched during the session.
The open-source release sets a precedent that coding agents can be audited. But it also raises the bar: if your agent isn't open source, users have to trust your claims about data handling. After Grok Build, that trust is harder to earn.
For teams evaluating coding agents, this is a reminder to:
The open-source release of Grok Build is a step toward accountability. Whether it's enough to rebuild trust depends on whether xAI's behavior changes, not just their codebase visibility.
Read next
A security researcher intercepted Grok Build's network traffic and found it uploads entire repositories - including .env files with secrets - to xAI servers. Here's what the data shows.
6 min readGrok Build is xAI's agentic CLI with 8 parallel subagents, a plan-first workflow, and Arena Mode for competing outputs. Installation, pricing, real commands, and how it compares to Claude Code and Codex.
9 min readOpen-source tool gives Claude Code, Codex, and other agents their own isolated Linux VM on your machine - network firewall included, no cloud account required.
6 min readTechnical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Full-stack AI dev environment in the browser. Describe an app, get a deployed project with database, auth, and hosting....
View ToolAI app builder - describe what you want, get a deployed full-stack app with React, Supabase, and auth. No coding requi...
View ToolStackBlitz's in-browser AI app builder. Full-stack apps from a prompt - runs Node.js, installs packages, and deploys....
View ToolxAI's model with real-time X/Twitter data access. Grok 3 rivals top models on reasoning. Built-in web search and current...
View ToolSet up Codex Chronicle on macOS, manage permissions, and understand privacy, security, and troubleshooting.
Getting StartedWhat MCP servers are, how they work, and how to build your own in 5 minutes.
AI AgentsA complete, citation-backed Claude Code course with setup, prompting systems, MCP, CI, security, cost controls, and capstone workflows.
ai-development
In this video, I introduce Unstract, an AI-powered no-code platform for automating the processing of large unstructured documents like PDFs, images, and scanned files. I discuss the challenges...

#AIChatApps #GPT4 #LLMOps #PersonalizedChat #ConversationalAI #Langchain #HuggingFace #Claude2 #Anthropic Description: Leverage the advanced capabilities of GPT-4, HuggingFace Claude 2, and...

A security researcher intercepted Grok Build's network traffic and found it uploads entire repositories - including .env...

Grok Build is xAI's agentic CLI with 8 parallel subagents, a plan-first workflow, and Arena Mode for competing outputs....

Open-source tool gives Claude Code, Codex, and other agents their own isolated Linux VM on your machine - network firewa...

Security researchers disclosed a Cursor vulnerability that auto-executes malicious git.exe files from repos - after wait...

Flipper Devices announces their firmware hit 1.0 stability and outlines a new community contribution model - while HN de...

The Godot Foundation has established a policy banning autonomous AI agent code and substantial AI-generated contribution...

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.