SpaceXAI open-sources Grok Build after privacy backlash over directory uploads
After uploading SSH keys and passwords by default, SpaceXAI releases Grok Build under Apache 2.0.
SpaceXAI has open-sourced Grok Build, its terminal-based AI coding agent and text user interface (TUI), releasing the source code on GitHub under the Apache 2.0 license. The move comes after a privacy backlash: the initial beta version launched in May 2026 defaulted to uploading entire directories, including sensitive files like SSH keys, password databases, and personal photos, to xAI's Google Cloud servers. SpaceXAI disabled the automatic upload feature on July 12, reset user quotas, and deleted previously uploaded data. The open-source release lets developers inspect how the agent assembles context, dispatches tool calls, renders its terminal interface, and loads extensions such as plugins, hooks, MCP servers, skills, and subagents. It also enables a fully local-first workflow—developers can compile Grok Build themselves, connect it to their own local inference setup, and configure it via a local configuration file.
However, the Grok 4.5 model itself remains proprietary and is not included in the release. Users either need cloud-based model access or a compatible local inference setup. The Apache 2.0 license permits commercial use, lowering barriers for enterprise teams to conduct security reviews and compliance assessments before deploying Grok Build in production. While the open-sourcing improves visibility and rebuilds developer trust after the privacy concerns, the proprietary model means developers cannot inspect or modify the AI system itself. The move is a strategic step for SpaceXAI to expand the Grok ecosystem while addressing privacy scrutiny.
- SpaceXAI open-sourced Grok Build under Apache 2.0 on GitHub after default directory uploads exposed SSH keys and personal files.
- The open-source includes the agent runtime and TUI, enabling local compilation and configuration, but not the Grok 4.5 model.
- Automatic uploads were disabled on July 12; previously uploaded user data was fully deleted and usage quotas reset.
Why It Matters
Open-sourcing restores developer trust after a privacy crisis, but full transparency still requires an open model.