A developer reported on X that Grok's CLI tool unexpectedly uploaded their complete home directory to xAI's infrastructure. The exposed data included SSH keys, password manager databases, personal documents, photos, and videos—sensitive material that could compromise system security and personal privacy.
The incident highlights a critical failure in data handling practices. A CLI tool should never transmit a user's entire home directory to remote servers without explicit, informed consent and clear user interaction. The bulk transfer of authentication credentials and personal files represents a severe security vulnerability.
xAI has not yet publicly commented on the scope of the incident, remediation steps, or whether other users are affected. Developers should immediately audit their system access if they used this tool and consider rotating exposed credentials.