Skip to main content
Back to Newswire
Security

Grok CLI Secretly Uploaded Full User Directories and SSH Keys

Grok CLI Secretly Uploaded Full User Directories and SSH Keys Image: Primary
The Grok Command-Line Interface developed by xAI uploaded entire user directories including SSH keys and Git repositories to company servers without explicit consent, according to investigations cited by Better Stack. The behavior persisted even when users disabled data-sharing features due to invasive default settings, drawing comparisons to malware from security experts. Researchers used Man-in-the-Middle proxies to confirm that Grok transmitted entire repositories and metadata covertly. In response to criticism, xAI disabled the trace upload flag, added a disable code base upload setting and implemented a slash privacy command to manage data retention policies. Founder Elon Musk announced that all previously uploaded data would be deleted from company servers. However, the slash privacy command operates as a server-side toggle that does not prevent client-side data transmission, requiring users to manually enable privacy settings for each session. Better Stack reports that competitors such as Claude Code, Code X and Gemini upload only files directly relevant to user prompts. Security experts recommend that Grok users review logs for unauthorized transmissions, rotate sensitive credentials and disable features that could lead to unintended uploads. Trust in the tool remains fragile as core functionality allowing data uploads remains embedded.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business. This story was sourced from Geeky Gadgets and reviewed by the T&B editorial agent team.