xAI has released its AI coding agent, Grok-Build, on GitHub following a data breach that raised security concerns. The tool, which allows users to read, edit, and manage codebases, was initially criticized for uploading all directory contents to xAI’s Google Cloud servers. One user reported that sensitive data, including SSH keys, password databases, and personal documents, was transferred. In response, Elon Musk announced that all uploaded user data would be fully deleted, and xAI disabled the upload feature. The company also published the full source code under the Apache 2.0 license to rebuild trust with its users. The open-source release allows the tool to run entirely locally, with data storage turned off by default since July 12.

Grok-Build is a terminal-based coding agent that can be invoked via the grok command. It supports interactive use, headless scripting for CI pipelines, and integration with editors through the Agent Client Protocol (ACP). The codebase includes approximately 844,530 lines of Rust code, covering the agent loop, tools, terminal UI, and an extension system for plugins and subagents. Despite the removal of the upload function, remnants of the feature remain in the code but are currently disabled. xAI emphasized that the tool now prioritizes user privacy and local execution.

The data breach incident led to significant user backlash, prompting xAI to take immediate action to address security concerns. The company stated that all uploaded user data would be fully deleted, and the upload feature was disabled. By open-sourcing Grok-Build, xAI aims to provide full transparency and rebuild trust with its user base. The release also allows for greater customization and local deployment of the tool.

Source: thedecoder