Not long ago, the AI coding tool Grok Build triggered fierce community backlash for uploading developers’ complete repositories. Remarkably, SpaceXAI still has not admitted to collecting repository data. Instead, the company merely emphasizes that data-sharing mode is enabled by default. In that mode, developers’ coding activity is sent to the server to improve the tool and its models.
Now Open-Sourced for Community Audit
To address the developer community’s concerns, Grok Build has now been released as open source, allowing anyone to audit the code. Furthermore, the tool now disables all data-sharing functionality by default. Even telemetry collection is switched off. The current version of Grok Build only transmits prompts, conversations, and tool calls to the SpaceXAI inference API. Since that traffic powers the core functionality, it cannot be disabled.
Other diagnostic content stays strictly local. Crash reports, debug logs, key scrubbing, and authentication data never reach the server. Moreover, if a developer voluntarily enables data sharing, any sensitive keys within the data are automatically scrubbed before upload. This design reduces the risk of leaking confidential material.
But Why Close Pull Requests and Issue Reporting?
Notably, the Grok Build repository on GitHub provides the complete code along with installation instructions. Astonishingly, however, SpaceXAI has disabled both Issues and pull requests. As a result, the developer community cannot report discovered problems to the team. Nor can anyone contribute code to improve the product. For now, the open-source project appears to exist for reading only.
Frankly, opening Issues and pull requests would greatly benefit Grok Build. The collective wisdom of the open-source community is hard to overstate. At present, however, submitting feedback and feature suggestions remains cumbersome. Developers can file reports through the built-in feedback function, yet they receive no visibility into what happens next. With public Issues, by contrast, everyone could see whether the team responds and whether fixes are planned.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.