Grok's CLI was caught silently uploading local files to the cloud. Developers testing xAI's new Grok CLI, built around the Grok 4.5 coding model, discovered the tool was transmitting local file contents without clear consent or disclosure.
This matters because it hits at the exact moment developers were beginning to trust the tool. Grok 4.5 had earned early credibility as a capable coding model, and the CLI was gaining traction. The upload behavior was not a bug report or a theoretical risk. It was caught in practice, by real users, during normal use.
The Pragmatic Engineer's full piece covers how this was discovered, what data was actually sent, and what xAI's response was. If you are evaluating any AI coding tool for local development, the specifics of this incident are worth reading before you run another command.
[READ ORIGINAL →]