Hello.
This is news from July 12th, and since there was no news on AI, I'm letting you know.
You may already know this news through GeekNews or X (formerly Twitter).
There was a big controversy because it was discovered that the xAI Grok build uploads all data, including .env and API key information, to AWS S3 without user permission.
Data sent by xAI Grok Build CLI to xAI: Wire-level analysis
https://news.hada.io/topic?id=31375
Looking at the subsequent X conversation, xAI said they would explain it, but it feels like things are only getting worse.

ZDR is only available for corporate accounts, so general accounts have no way to prevent data theft.


If you've used Grok Build before, you can check the upload history in the grok log.
cat ~/.grok/logs/unified.json | grep repo_state.upload
For now, it's best not to use Grok build, but if you have to, please refer to the article below.