'Grok Build' Coding Tool Open Sourced This Week, Promises to Respect Zero Data Retention (theregister.com) 1
Elon Musk confirmed SpaceX has open sourced the Grok Build CLI this week, reports The Register, "just days after researchers caught the AI tool scooping up users' entire repositories and uploading them to company-controlled cloud storage."
That discovery had "gathered so much negative attention that Elon Musk felt compelled to issue a public statement alongside SpaceX, and its technical staff, promising to delete all data that Grok Build has ever stored and give users more choice over how their data is handled." SpaceXAI's data grab was first publicized Sunday [July 12] by Cereblab, who probed Grok Build traffic and found that repos were being packaged up as Git Bundles and beamed to Google Cloud storage... [Elon Musk] said SpaceX would open-source Grok Build to sow greater trust in the product, after the codebase was audited for security vulnerabilities... ["Open-sourcing Grok Build allows anyone to support making a reliable and robust harness," SpaceX posted on X.com. "Check out our code, including the Git repo for the Grok Build CLI."]
In a separate statement accompanying the open source announcement, SpaceX said it has always respected Zero Data Retention (ZDR), which was applied to enterprise customers by default, and acknowledged that data retention was enabled by default for everyone else, which has now been corrected. It said: "In response to user questions about privacy: Since launch, Grok Build has fully respected zero data retention (ZDR). All users have always had the ability to disable data upload in the CLI. When data upload was disabled, this choice was respected. In the early beta, data retention was enabled by default for non-ZDR users. Based on your feedback, we changed this. We are now going further to protect privacy. With all retained data deleted, retention default off, and an open-source harness, we are offering complete user privacy. You can also run Grok Build fully open-sourced and local-first with your own inference.
"We disabled default retention for all Grok Build users starting on July 12th. Additionally, we are deleting all coding data that was previously retained, ensuring every user's preferences are respected. With these steps, Grok Build goes beyond other major coding products to protect user privacy."
SpaceX also invited researchers to probe Grok Build for security issues and report them to its bug bounty program, which offers rewards ranging from $100-$20,000, depending on the severity.
The article notes Simon Willison, creator of Datasette and co-creator of Django, wrote this week that the Grok Build codebase comprises 844,530 lines of Rust code. "There are still remnants of the code that used to upload everything to Google Cloud," Willison writes, "but they seem to have been disabled now."
Elon Musk also posted Wednesday that "Once we have completed our review for security vulnerabilities, we will make the entire codebase of X open source, with no exceptions. Moreover, we will invite third party reviewers to examine the system that is running to confirm that the open source code is what is running."
That discovery had "gathered so much negative attention that Elon Musk felt compelled to issue a public statement alongside SpaceX, and its technical staff, promising to delete all data that Grok Build has ever stored and give users more choice over how their data is handled." SpaceXAI's data grab was first publicized Sunday [July 12] by Cereblab, who probed Grok Build traffic and found that repos were being packaged up as Git Bundles and beamed to Google Cloud storage... [Elon Musk] said SpaceX would open-source Grok Build to sow greater trust in the product, after the codebase was audited for security vulnerabilities... ["Open-sourcing Grok Build allows anyone to support making a reliable and robust harness," SpaceX posted on X.com. "Check out our code, including the Git repo for the Grok Build CLI."]
In a separate statement accompanying the open source announcement, SpaceX said it has always respected Zero Data Retention (ZDR), which was applied to enterprise customers by default, and acknowledged that data retention was enabled by default for everyone else, which has now been corrected. It said: "In response to user questions about privacy: Since launch, Grok Build has fully respected zero data retention (ZDR). All users have always had the ability to disable data upload in the CLI. When data upload was disabled, this choice was respected. In the early beta, data retention was enabled by default for non-ZDR users. Based on your feedback, we changed this. We are now going further to protect privacy. With all retained data deleted, retention default off, and an open-source harness, we are offering complete user privacy. You can also run Grok Build fully open-sourced and local-first with your own inference.
"We disabled default retention for all Grok Build users starting on July 12th. Additionally, we are deleting all coding data that was previously retained, ensuring every user's preferences are respected. With these steps, Grok Build goes beyond other major coding products to protect user privacy."
SpaceX also invited researchers to probe Grok Build for security issues and report them to its bug bounty program, which offers rewards ranging from $100-$20,000, depending on the severity.
The article notes Simon Willison, creator of Datasette and co-creator of Django, wrote this week that the Grok Build codebase comprises 844,530 lines of Rust code. "There are still remnants of the code that used to upload everything to Google Cloud," Willison writes, "but they seem to have been disabled now."
Elon Musk also posted Wednesday that "Once we have completed our review for security vulnerabilities, we will make the entire codebase of X open source, with no exceptions. Moreover, we will invite third party reviewers to examine the system that is running to confirm that the open source code is what is running."