
Grok Build is straight up malware behavior with an Apple notarized signature. You could explicitly deny the agent permission to read a file and it would upload that exact file anyway, because a separate code path silently packed your entire repo, full Git history included, and shipped it to an xAI controlled Google Cloud Storage bucket. The captured bundle was valid, cloneable, and contained the fake API credential the agent was forbidden from touching. Not a sketchy community fork either. The binary is Apple signed by X.AI Corporation and literally contains strings for grok code session traces, after_codebase.tar.gz, and disable_codebase_upload. And it's not fully quiet even now. With /privacy active and trace_upload_enabled=false, the client still fired a 7,407 byte request to /v1/traces. Recap: a binary ignored your file access policy, serialized your whole repo including deleted history and credentials, exfiltrated it through traffic documented as ordinary updates, and only stopped when a remote flag got flipped. If any random executable did this you would call it malware. No exceptions for a signature. The historical upload is independently verified from preserved public evidence. Live retest confirms repo upload is currently server disabled for the tested account while trace egress continues. All credentials shown are fake canaries. Receipts: github.com/arafatkatze/gr…




















