Grok CLI Security Breach Uploads User Home Directory to GCS
July 13, 2026
The Grok CLI reportedly uploaded a user's entire home directory, including SSH keys and password databases, to xAI's Google Cloud Storage servers. The incident highlights significant security risks in CLI-based AI tools.
HOW THIS AFFECTS YOU
●
builderAudit your CLI tools immediately to ensure they are not over-privileged or exfiltrating sensitive data.
●
policyThis incident underscores the urgent need for sandboxing and data privacy controls in autonomous CLI agents.