SpaceXAI’s Grok Build Open Source Sparks Privacy Debate

SpaceXAI recently open-sourced Grok Build, the AI coding agent behind its grok command-line interface. The release includes the full Rust-based agent harness, a terminal user interface, and a tool layer. This agent understands codebases, edits files, runs shell commands, searches the web, and manages long tasks.
Grok Build first appeared as an early beta on May 25, 2026. It runs as a full-screen, mouse-friendly terminal user interface with three modes: interactive TUI, headless mode, and an embedding option through the Agent Client Protocol. Its source code is now available under the Apache 2.0 license, allowing developers to inspect and contribute.
The tool can run fully local-first. Users configure it through a simple config.toml file, giving them control over data and operations on their machines. This local-first mode aims to reduce cloud dependency and enhance privacy.
Privacy Concerns Shake Confidence
Despite its open-source release, Grok Build stirred privacy concerns recently. In one test, it uploaded 5.1 gigabytes of data to the cloud, even though the coding task needed just 192 kilobytes. That means around 26,000 times more data was sent than necessary.
The Verge revealed that Grok Build was uploading entire code repositories, including files it was instructed not to access and even secrets deleted from the repository history. This raised alarm bells about how much sensitive data was leaving users’ systems.
SpaceXAI responded swiftly. On July 14, 2026, they announced they would delete all customer data uploaded to their servers. Elon Musk, CEO of SpaceXAI, said, “all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain.”
Security Experts Weigh In
Independent security researcher Dr. Lukasz Olejnik from King’s College London confirmed the data uploaded was excessive. He noted the data could expose proprietary source code, security flaws, personal details, infrastructure info, and credentials.
Cereblab, a research group, showed that the /privacy command in Grok Build only disables data retention per session. It does not prevent the large data uploads. SpaceXAI initially pointed to this command as a fix, but later clarified it’s not a full solution.
Tests on July 14 showed SpaceXAI’s servers returning a “disable_codebase_upload: true” flag. After this, uploads stopped without users needing to update their software.
SpaceXAI emphasized that for customers with zero-data-retention agreements, “no trace and code data is ever retained.” They also stated, “privacy settings are always respected” and “we care deeply about your privacy and respect customer choice.”
New Model Launch and Future Outlook
Alongside managing privacy issues, SpaceXAI and its collaborator Cursor announced a new AI model, Grok 4.5, on July 10, 2026. This release followed shortly after their April collaboration announcement. The new model aims to improve coding assistance and agent capabilities.
SpaceXAI’s move to open-source Grok Build could boost transparency and community trust. Still, the recent privacy concerns highlight the risks when AI tools handle sensitive code data. Users will watch closely to see how SpaceXAI balances innovation with data security moving forward.
For now, developers interested in AI coding assistants can explore Grok Build’s source code and test its features. The debate around data privacy and local-first operation is part of a larger conversation in AI tools development.
Based on
- SpaceXAI Open-Sources Grok Build: The Rust Agent Harness, TUI, and Tool Layer Behind Its Coding CLI — marktechpost.com
- SpaceXAI wipes customer data after Grok uploads sensitive info — axios.com
- SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage | The Verge — theverge.com
- New Grok model comes quick off the SpaceX-Cursor deal | Semafor — semafor.com
- OpenAI’s New $230 Mini Keyboard Is for Codex Power Users – Business Insider — businessinsider.com




