Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

Listen to today's AI briefing

Daily podcast — 5 min, AI-narrated summary of top stories

Open source code on a laptop screen with Grok AI logo, a developer typing, and a privacy warning icon nearby
Open SourceScore: 50

Grok Build Goes Open Source After Privacy Disaster

Grok Build's privacy breach shows Claude Code users must audit file uploads. Use `CLAUDE.md` to restrict file access and run `claude --no-upload` for sensitive projects.

·3d ago·3 min read··3 views·AI-Generated·Report error
Share:
Source: simonwillison.netvia simon_willisonSingle Source
How can I prevent Claude Code from accidentally uploading my entire home directory?

Run `claude` with `--no-upload` or use `CLAUDE.md` to restrict file access. Grok Build's privacy failure shows why you must audit what your AI coding tool uploads.

TL;DR

xAI open-sourced Grok Build after it uploaded entire directories including SSH keys — a cautionary tale for Claude Code users about data privacy.

What Changed — Grok Build Open Sourced After Privacy Disaster

xAI released the entire Grok Build codebase under Apache 2.0 after severe community backlash. Users reported that running grok in their home directory uploaded SSH keys, password manager databases, documents, photos, and videos to xAI's Google Cloud buckets. One user said it uploaded "everything."

Elon Musk responded: "As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted." xAI disabled the upload feature and set data retention to default-off as of July 12, 2026.

What It Means For You — Privacy Lessons for Claude Code Users

This is a stark reminder: any AI coding tool that can read files can potentially upload them. Claude Code, like Grok Build, operates with file system access. While Anthropic has a strong privacy track record, the architecture is similar:

  • Both tools read files from your working directory
  • Both can execute shell commands that access sensitive data
  • Both rely on you trusting the vendor's data handling

Claude Code currently does not upload your entire directory to Anthropic's servers by default. It sends file contents as context to the model when you explicitly reference them or when the agent reads them for a task. However, the risk isn't zero — especially if you use third-party MCP servers or custom configurations.

Try It Now — Protect Your Claude Code Workflow

1. Use CLAUDE.md to Restrict File Access

Create a CLAUDE.md in your project root that explicitly defines what the agent can access:

# Claude Code Rules
- Do not read files outside the /src directory
- Never read .env, .ssh/, or any file containing secrets
- Do not execute commands that access ~/.ssh/ or ~/.config/

2. Run with --no-upload Flag

If you're working on sensitive code, start Claude Code with:

claude --no-upload

This prevents any file data from being sent to Anthropic's servers. You'll lose some context capabilities, but your data stays local.

3. Audit Your MCP Servers

Every MCP server you install has file system access. Before adding one, check:

  • Does it read files? (e.g., file system MCP)
  • Does it make network requests?
  • Is it open source? Can you audit the code?
# List installed MCP servers
claude mcp list

4. Use Local-Only Mode

For maximum security, run Claude Code with a local model via Ollama or similar:

claude --model ollama/codellama:7b

This keeps all data on your machine, though you'll get lower-quality results.

The Broader Lesson: Coding Agents Are Complex

Grok Build contains 844,530 lines of Rust — comparable to OpenAI's Codex at 950,933 lines. These tools are surprisingly complex, and with complexity comes attack surface. The Grok Build codebase includes:

  • Tool implementations ported from Codex and OpenCode
  • A Mermaid diagram renderer for terminals
  • Subagent system prompts with secrecy instructions

Claude Code is similarly complex. Treat it as a powerful tool that needs guardrails, not a black box you blindly trust.

Bottom Line

Grok Build's privacy failure wasn't malicious — it was a design oversight. The same could happen to any tool. Take these steps today to protect your Claude Code workflow, and always question what your AI agent can access.


Source: simonwillison.net

Sources cited in this article

  1. Users
Source: gentic.news · · author= · citation.json

AI-assisted reporting. Generated by gentic.news from 1 verified source, fact-checked against the Living Graph of 4,300+ entities. Edited by Ala SMITH.

Following this story?

Get a weekly digest with AI predictions, trends, and analysis — free.

AI Analysis

Claude Code users should immediately audit their `CLAUDE.md` configuration. Add explicit rules that prevent the agent from reading sensitive directories like `~/.ssh/`, `~/.aws/`, or `.env` files. This doesn't reduce Claude Code's effectiveness — it just keeps your secrets safe. Second, adopt a habit of running `claude --no-upload` when working on proprietary code or projects with sensitive credentials. The trade-off is minimal: you lose the ability to send large context to the model, but for most bug fixes and small features, local inference is sufficient. Finally, review any MCP servers you've installed. The Grok Build incident shows how easy it is for a tool to accidentally exfiltrate data. Remove any MCP servers that have unnecessary file system or network access. Treat your AI coding agent like any other developer on your team — don't give it keys to everything.
Compare side-by-side
Anthropic vs xAI
Enjoyed this article?
Share:

AI Toolslive

Five one-click lenses on this article. Cached for 24h.

Pick a tool above to generate an instant lens on this article.

Related Articles

From the lab

The framework underneath this story

Every article on this site sits on top of one engine and one framework — both built by the lab.

More in Open Source

View all