In a post on X, Musk stated that the complete codebase would be released once their security review is complete. “Once we have finished our assessment for security vulnerabilities, we will make the entire codebase of ???? open source, with no exceptions,” he wrote on X.
He further noted that independent reviewers would be invited to ensure that the publicly available code corresponds with the software operational on the platform.
Once we have completed our review for security vulnerabilities, we will make the entire codebase of ???? open source, with no exceptions.
Additionally, we will invite third-party reviewers to examine the operational system to confirm that the open-source code matches what is actually running.…
— Elon Musk (@elonmusk) July 15, 2026
“Additionally, we will invite third-party reviewers to examine the operational system to confirm that the open-source code is what is running. Trust through total transparency is the only thing that should be believed,” he added.
Researcher flags large-scale data uploads
The controversy started when a security researcher alleged that Grok Build was collecting far more information than necessary while processing coding requests. A report by Axios noted that one test revealed the tool uploaded 5.1 gigabytes of data to complete a task that needed only 192 kilobytes, indicating it transferred nearly 26,000 times more data than needed.
The researcher charged that the tool transmitted significantly more data than necessary to process coding requests, potentially uploading proprietary source code, API keys, and other sensitive information unbeknownst to users.
Developers may need to rotate API keys, cloud credentials, and database passwords stored in repositories, as merely removing the uploaded data does not ensure it was never exposed.
Sam Altman calls incident ‘concerning’
The findings prompted a reaction from OpenAI CEO Sam Altman, who referred to the situation as ‘concerning’ in a post on X.
Concerning. https://t.co/fLWXNGOshv
— Sam Altman (@sama) July 14, 2026
In another post, Altman emphasized the significance of open-source harnesses.
also, a reason to favor open-source harnesses.
— Sam Altman (@sama) July 14, 2026
xAI Responds to privacy concerns
Shortly after the issue emerged, data uploads reportedly ceased without users needing to install a software update, indicating that the change originated from xAI. In a statement on Monday, xAI affirmed that enterprise customers with zero-data-retention agreements have no trace or code data stored.
“We care deeply about your privacy and respect customer choice. For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR. If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. Run the /privacy command to view or change your settings at any time,” it stated.
We care deeply about your privacy and respect customer choice. For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR.
If ZDR is disabled, the /privacy command is available in the CLI to disable data…
— SpaceXAI (@SpaceXAI) July 13, 2026
The CEO of SpaceXAI also mentioned that the company would delete all previously uploaded user data as a precaution.
True.
As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain. https://t.co/S8XFPEfBmP
— Elon Musk (@elonmusk) July 13, 2026
“As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain,” he wrote.