An in-depth analysis of xAI’s Grok Build CLI has revealed that version 0.2.93 transmitted unredacted file contents, including secrets stored in .env files, along with entire Git repositories and their commit history to cloud storage.During testing, the researcher found unredacted fake API keys and database passwords stored in an .env-style file within the captured request data. The same sensitive information was also present in a session state archive uploaded through the POST /v1?storage endpoint. Do you think that AI needs human minitoring every other time ?

