The Information Machine

Grok CLI Privacy Scandal and Apache 2.0 Open Source Release

open · v1 · 2026-07-16 · 12 items

What

xAI's Grok Build CLI tool was found to be uploading entire user directories to xAI's Google Cloud storage by default, including SSH keys and password manager databases [1]. Following community backlash, xAI deleted all previously retained user data and disabled the upload feature [1]. xAI then released the full Grok Build codebase under Apache 2.0 — approximately 844,530 lines of Rust — giving the public the first detailed look at the tool's internals [1][5].

Why it matters

The incident shows how coding agents with broad filesystem access can silently exfiltrate sensitive files when upload behavior is opt-out rather than opt-in. The open-source release lets researchers and competitors examine the tool's construction, including apparent code borrowed from rival agents and an unexplained asymmetry in how the model is instructed about prompt transparency.

Open questions

  • The privacy toggle reportedly failed to prevent uploads [2] — was the default upload behavior intentional, a misconfiguration, or a bug?

  • The codebase contains tool implementations ported from OpenAI Codex and OpenCode [1] — do those ports comply with the upstream licenses?

  • The subagent prompt instructs the model not to reveal its contents while the main agent prompt includes no such restriction [1] — is that asymmetry intentional, and what does it mean for user transparency?

  • Will xAI introduce governance changes to prevent similar default-upload behavior in future CLI releases?

Narrative

Grok Build, xAI's terminal coding agent, came under scrutiny after users discovered it was uploading entire home directories to xAI's Google Cloud buckets by default. At least one user reported the tool transmitted SSH keys, password manager databases, photos, and videos when run from their home directory [1]. Reports also indicated that a privacy toggle in the tool failed to block uploads [2], suggesting the behavior was not a simple user misconfiguration. xAI responded by deleting all previously retained user data and disabling the upload feature, describing the deletion as a precautionary measure [1].

The company then released the full Grok Build codebase under the Apache 2.0 open-source license. The repository comprises approximately 844,530 lines of Rust with roughly 3% vendored code [1]. For context, OpenAI's Codex CLI runs to about 950,933 lines of Rust, suggesting these terminal coding agents carry substantially more architectural complexity than their surface interfaces imply [1]. The open-source release also reset usage limits for users [3].

A technical review of the codebase found tool implementations ported from competing coding agents, including OpenAI Codex and OpenCode [1]. One architectural detail: the subagent system prompt instructs the model not to reveal its contents, but the main agent prompt does not include this instruction — an asymmetry noted without attributed intent [1]. The codebase also includes a self-contained Rust renderer for Mermaid diagrams using Unicode box-drawing characters, which at least one developer subsequently compiled to WebAssembly for use in a browser [4].

Timeline

  • 2026-07-14: User reports surface of Grok Build uploading entire home directories — including SSH keys and password manager databases — to xAI's Google Cloud storage by default. [1][2]
  • 2026-07-14: Reports indicate the in-app privacy toggle failed to prevent uploads. [2]
  • 2026-07-14: xAI announces deletion of all previously retained user data and disables the upload feature. [1][6]
  • 2026-07-15: xAI releases the full Grok Build codebase on GitHub under Apache 2.0 (~844,530 lines of Rust); usage limits are reset. [1][5][3]
  • 2026-07-15: Simon Willison publishes a technical walkthrough of the codebase, noting ported competitor code and the subagent prompt secrecy asymmetry. [1]
  • 2026-07-16: Willison compiles the Grok CLI's built-in Mermaid diagram renderer from Rust to WebAssembly, demonstrating it in a browser. [4]

Perspectives

xAI

Acknowledged the privacy issue, deleted all retained user data as a precautionary measure, and open-sourced the codebase under Apache 2.0 with usage limits reset.

Evolution: No prior public stance documented; response was reactive to community backlash.

Simon Willison

Analytical: reported the privacy incident factually and conducted a detailed technical walkthrough of the released codebase, noting ported competitor code and the subagent prompt secrecy asymmetry without taking an advocacy position.

Evolution: Consistent analytical posture across both pieces covering the controversy and the Mermaid renderer.

Affected users / community

Surfaced the upload behavior through public reports and expressed alarm at the scope of data collected; generally positive about the open-source release.

Evolution: Initial alarm shifted toward interest and approval once the open-source release was announced.

Tensions

  • xAI framed the data deletion as a voluntary precautionary measure, but user reports indicate the privacy toggle did not work as advertised — a gap between the company's stated controls and their actual behavior. [1][2]
  • The codebase includes tool implementations ported from OpenAI Codex and OpenCode, but neither OpenAI nor the OpenCode maintainers have publicly commented on whether those ports fall within the applicable license terms. [1]
  • The subagent prompt instructs the model to conceal its contents while the main agent prompt carries no such restriction — an asymmetry in transparency that xAI has not explained. [1]

Status: active but too new to trend

Sources

  1. [1] xai-org/grok-build, now open source — Simon Willison (2026-07-15)
  2. [2] Grok Build Shipped Entire Codebases to xAI Cloud — reactive:grok-cli-privacy-open-source
  3. [3] Grok Build open-sources code and resets usage limits for ... — reactive:grok-cli-privacy-open-source
  4. [4] Mermaid to Unicode box art (grok-mermaid) — Simon Willison (2026-07-16)
  5. [5] GitHub - xai-org/grok-build: SpaceXAI's coding agent harness and TUI. Fullscreen, mouse interactive, extensible. — reactive:grok-cli-privacy-open-source
  6. [6] xAI to Delete All User Data Following Grok Build Code Upload Controversy — reactive:grok-cli-privacy-open-source
  7. [7] Grok Build open sourced under Apache 2.0 license — reactive:grok-cli-privacy-open-source