Grok Build Review: Fast CLI Agent, Alarming Cloud Habit
xAI's terminal coding agent is quick, cheap, and picks up your Claude Code and Codex sessions - but a researcher just caught it uploading entire Git repositories without consent.

xAI shipped Grok Build in beta on May 14, 2026, a full year behind Claude Code and Codex CLI, with a straightforward pitch: a terminal-native coding agent that plans, edits, and runs commands directly in your working tree. Two months and several feature drops later, it's a truly fast, capable tool that borrows the best ideas from its rivals and adds a few of its own, like resuming sessions started in Claude Code or Cursor. It's also, as of this week, the subject of one of the messier disclosures in recent AI-tooling history: a security researcher found it quietly shipping entire Git repositories, secrets included, to a Google Cloud bucket that had nothing to do with the task at hand.
TL;DR
- 6.5/10 - fast and cheap, but a just-disclosed data upload incident should give every team pause before installing it
- Picks up existing Claude Code, Codex, and Cursor sessions and reads your AGENTS.md, hooks, and MCP servers out of the box
- A researcher found it uploading full repositories (commit history and secrets included) to xAI cloud storage regardless of privacy settings
- Try it for solo, low-stakes projects on SuperGrok's $30/month tier; enterprise and regulated teams should wait for a real security postmortem
What Grok Build Actually Is
Grok Build installs with a single shell command (curl -fsSL https://x.ai/cli/install.sh | bash) and drops you into a fullscreen terminal UI built in Rust with Ratatui. Point it at a repository, describe a task in plain language, and it reads the codebase, proposes a plan, and starts editing files, running shell commands, and iterating against test output until the job looks done. That's the same delegation model Claude Code popularized: you're not approving individual lines, you're reviewing a diff at the end.
For complex work, plan mode blocks every write tool except the plan file itself until you approve, comment on, or rewrite the proposed steps. Once approved, changes land as a clean diff. For larger jobs, Grok Build can spin up subagents that run in parallel, each in its own Git worktree, exploring a codebase from different angles - checkout flow here, CI config there, shared libraries somewhere else - before reporting back.
The tool defaults to Grok 4.5, xAI's current flagship, but the CLI was built around a purpose-built coding model called grok-build-0.1, which I've covered separately in our Grok Build 0.1 model card. You can also switch to Composer 2.5, a fast agentic model xAI added on June 1 for long-running, complex-instruction tasks, via /model inside a session or the -m flag on the command line.
Grok Build's terminal UI follows the same plan-then-diff workflow developers already know from Claude Code and Codex CLI.
Source: unsplash.com
The Compatibility Bet
The most interesting design decision in Grok Build isn't a model choice, it's a strategy. Rather than asking developers to abandon their existing tooling, xAI built the CLI to read what's already there. Your AGENTS.md, plugins, hooks, skills, and MCP servers all work without reconfiguration the moment you launch Grok Build inside a repo that already uses them.
That extends to session portability. As of the July 13 changelog (v0.2.100), the session picker in Grok Build can resume recent Claude Code, Codex, and Cursor sessions, and the welcome screen offers a one-click nudge to pick up where you left off in a competitor's tool. It's an unusually direct move: instead of competing for a developer's first install, xAI is positioning Grok Build as a second opinion you reach for without losing your place in another agent's work.
The Plugin Marketplace, which launched in beta on June 11 with six partners including MongoDB, Vercel, and Sentry, extends the same philosophy. Plugins bundle skills, commands, agents, hooks, MCP servers, and LSP configs into a single install, with every remote plugin SHA-pinned against a public GitHub catalog to limit supply-chain tampering. It's a sensible security control for the one part of Grok Build's architecture that got real scrutiny before shipping.
/goal: Autonomous Execution With a Verify Step
On June 22, xAI added /goal, a mode that hands off an entire objective and lets the agent run without a human in the loop until it can verify the work is done, not just written. Give it a one-line target like "migrate the auth module to the new API" and Grok Build builds a visible checklist, executes each item, and checks its own output by re-reading the code, inspecting a running page, or executing a test script before marking anything complete.
You're not locked out during a run. /goal status shows a live progress panel, /goal pause and /goal resume control timing, and /goal clear abandons the objective entirely. It's a reasonable answer to the most common complaint about first-generation coding agents: they report success on changes that compile but don't actually work.
The catch is architectural. /goal splits planning and verification across two different models - Composer 2.5 for the instruction-following layer, grok-build-0.1 for generation and execution. xAI hasn't published data on how independent those two models actually are from each other. Verifier and generator sharing blind spots is a known failure mode in agent research; a critic trained similarly to the model it's checking tends to rubber-stamp rather than catch real problems. Whether that's happening here is something you'll only learn by running /goal on tasks where you already know the right answer.
Benchmarks: Behind, and the Gap Is Real
xAI has been reluctant to publish current numbers for the production model. The most-cited figure, 70.8% on SWE-Bench Verified, actually comes from grok-code-fast-1, the predecessor xAI has since aligned closely with grok-build-0.1. Against that, Claude Code running Opus 4.7 scores 87.6% on the same benchmark, and Codex CLI on GPT-5.5 posts a comparable number. A 17-point gap on the industry's standard coding benchmark isn't noise.
| Benchmark | Grok Build (grok-build-0.1) | Claude Code (Opus 4.7) | Codex CLI (GPT-5.5) |
|---|---|---|---|
| SWE-Bench Verified | 70.8% | 87.6% | 88.7% |
| Throughput | 100+ tokens/sec | lower, typical CLI pace | ~240 tokens/sec |
| Context window | 256K tokens | 200K tokens | 1M+ tokens |
Speed is where Grok Build claws some of that back. xAI's own infrastructure pushes 100+ tokens per second, and in practice the task loop feels noticeably snappier than Claude Code on well-scoped, single-file fixes. That's a deliberate tradeoff: short, targeted tool calls instead of long deliberation. It works well when the calls are right. On anything that needs deep, multi-file reasoning, the SWE-Bench gap shows up in the field exactly where you'd expect.
The 256K context window is workable for a mid-sized codebase but trails both Claude Code's larger effective context and Codex CLI's million-token ceiling, a real constraint for anyone working in a large monorepo.
Pricing
Grok Build's access model has loosened much since May. At launch it required SuperGrok Heavy, xAI's $300/month tier. It's now available to any SuperGrok subscriber ($30/month) or X Premium+ subscriber ($40/month), and the underlying grok-build-0.1 model is available on the API with no subscription at all, priced at $1.00/M input tokens and $2.00/M output tokens, with cached input at $0.20/M. New API accounts get $25 in free credits.
That's a real change from the exclusivity that drew early complaints on Hacker News, where the top gripe about the May launch wasn't the model's capability but the $300 price of entry. Compare that to Claude Code, bundled into Claude Pro at $20/month, and Codex CLI, bundled into ChatGPT Plus at $20/month: Grok Build at $30/month is now competitive on price, even if the tool it ships still trails both on raw coding benchmarks.
The Data Upload Problem
This is the section that changes the calculus on everything above.
On July 12, a security researcher publishing as Cereblab published a wire-level analysis of Grok Build's network traffic. The findings: while the model's actual API calls to /v1/responses totaled around 192 KB for a debugging session, a separate storage channel to /v1/storage transmitted 5.10 GiB, roughly 27,800 times more data than the task needed. The destination was a Google Cloud Storage bucket named grok-code-session-traces, uploaded in 73 chunks of about 75 MB each.
The researcher planted a canary file, src/_probe/never_read_canary.txt, that the agent never opened during the session. It came back intact in the uploaded bundle, along with the repository's full commit history and unredacted .env files containing API keys and database passwords. Turning off "Improve the model" in Grok Build's settings didn't stop the upload; that toggle controls whether xAI trains on your data, not whether your code leaves your machine. Those turned out to be two separate switches, with only one exposed to users.
The uploaded repositories, commit history and secrets included, ended up in a Google Cloud Storage bucket unrelated to the coding task being performed.
Source: wikimedia.org
The story reached the front page of Hacker News on July 14. xAI disabled the uploads server-side on July 13, a day before the disclosure went wide, returning disable_codebase_upload: true from its API rather than shipping a fix in a new binary release. Elon Musk posted that "all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain." xAI's official statement added that enterprise teams on zero-data-retention plans never had code stored, and that individual users can run /privacy in the CLI from now on. Cereblab pushed back on that framing directly, pointing out that /privacy governs retention, not transmission, which is exactly the distinction the whole disclosure turned on.
As of this writing, xAI hasn't published a security advisory, a changelog entry describing the fix, or an affected-user count. Anyone who ran Grok Build against a repository containing real secrets should rotate those credentials: anything the agent read, anything in a tracked file, and anything sitting in Git history, including a secret that was committed and later deleted.
This isn't Grok's first data-handling controversy. xAI (which completed a merger with SpaceX in February 2026 and now does business as SpaceXAI) has previously faced congressional scrutiny over Grok's image generation producing nonconsensual sexual imagery, which the company later restricted. That history doesn't make this incident worse on its own, but it does make "trust us, we deleted it" a harder sell than it would be from a company with a cleaner record.
Strengths
- Fast on well-scoped tasks: 100+ tokens/second execution, noticeably snappier than Claude Code on single-file fixes
- Reads your existing setup: AGENTS.md, hooks, skills, and MCP servers work without reconfiguration
- Session portability: resumes recent Claude Code, Codex, and Cursor sessions as of the July 13 update
- Parallel subagents in isolated Git worktrees for exploring large or unfamiliar codebases
- Plugin Marketplace with SHA-pinned installs, a real supply-chain control most competitors haven't matched
- Pricing has come down sharply: from a $300/month exclusive to $30/month or pay-as-you-go API access
Weaknesses
- The July 2026 data upload incident: entire repositories, including secrets and commit history, uploaded to xAI cloud storage regardless of privacy toggle settings
- No public postmortem yet: xAI fixed the behavior server-side but hasn't published an advisory, changelog note, or affected-user count
- SWE-Bench Verified at 70.8%, roughly 17 points behind Claude Code and Codex CLI on the industry-standard coding benchmark
- 256K context window trails both major competitors, a real limit on large monorepos
- Verification architecture unproven: /goal's two-model plan-then-verify pipeline hasn't been independently tested for whether the verifier actually catches the generator's mistakes
- A year behind on ecosystem maturity: fewer IDE integrations and a smaller track record in production than Claude Code or Codex CLI
Verdict
Judged purely as a coding tool, Grok Build earns its place in the conversation. It's fast, it's now affordably priced, and the compatibility bet, reading your existing AGENTS.md and picking up sessions from rival tools, is a genuinely useful idea that neither Anthropic nor OpenAI has matched. The benchmark gap versus Claude Code and Codex CLI is real, but for quick, well-scoped tasks it's not the deciding factor developers might expect.
The data upload incident is the deciding factor. A tool that reads your source code needs to be trusted with what it does with that access, and xAI shipped a client that transmitted 27,800 times more data than a task required, defaulted to on, and mislabeled the control that was supposed to stop it. A same-day server-side patch and a promise of deletion from Elon Musk aren't a substitute for an advisory explaining what happened, why the toggle didn't work, and how many repositories were affected.
Score: 6.5/10
If you're experimenting solo on low-stakes code, Grok Build is worth the $30/month to see whether the speed and cross-tool compatibility fit your workflow. If you're running it against anything with real credentials, a client contract, or regulatory exposure, wait for xAI to actually explain what happened before you point it at a repository you can't afford to leak.
Sources
- Introducing Grok Build - xAI
- Grok Build - xAI Docs
- Grok Build Changelog - xAI
- Introducing /goal - xAI
- Composer 2.5 - xAI
- Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read - The Hacker News
- Grok slurping secrets from private repos, xAI scrambles to fix it - Cybernews
- xAI's Grok Build CLI Caught Uploading Entire Codebases to Google Cloud Without Consent - MLQ.ai
- xAI joins crowded coding agent race with Grok Build - CIO Dive
- xAI introduces its coding agent called Grok Build - Engadget
- Grok Build - Hacker News discussion
- Letter re: Grok explicit images - U.S. House Committee on Energy and Commerce
