xAI open-sourced its Grok Build coding agent on July 15, 2026, publishing the tool’s full source code on GitHub for developers to inspect, audit, and extend.
Quick Summary – TLDR:
- xAI published Grok Build’s source code on GitHub for anyone to inspect or run locally.
- The release covers the agent loop, the tools that read and edit code, the terminal UI, and the skills, plugins, hooks, and MCP extension system developers rely on for AI coding security reviews.
- Developers can now compile Grok Build themselves, point it at their own local inference, and run everything from config.toml.
- A named-researcher disclosure, per The Hacker News, found Grok Build uploading entire Git repositories, full commit history included, to a Google Cloud Storage bucket.
- The open-source push puts xAI alongside Anthropic’s Claude Code and OpenAI’s Codex in the crowded coding tool market.
What Happened?
xAI first launched Grok Build in beta in May 2026 for professional software engineers working with large codebases, with early access limited to SuperGrok Heavy subscribers paying $300 per month. The source is now public on GitHub for any developer to read, per GitHub’s own repository listing.
The same release explains why, according to xAI: publishing the code is the most direct way to build toward a robust and reliable harness. That is the company’s stated reason for opening a tool that reads, edits, searches, and runs commands against a developer’s codebase.
The release adds, per xAI’s own account: Grok Build can now run fully local-first: compile it yourself, point it at your own local inference, and drive everything from your config.toml. That matters for teams whose security policies bar sending proprietary repositories to a third-party cloud.
We’ve open-sourced Grok Build and have reset usage limits for all users.
— SpaceXAI (@SpaceXAI) July 15, 2026
Open sourcing Grok Build allows anyone to support making a reliable and robust harness. Check out our code, including the Git repo for the Grok Build CLI. https://t.co/3SSvPu2Nrz
Inside the Open-Sourced Harness
The published repository breaks Grok Build into four documented pieces:
- The agent loop shows how context is assembled, how model responses are parsed, and how tool calls are dispatched.
- The tools component covers how the agent reads, edits, and searches code, and how it runs commands.
- The terminal UI handles rendering, input handling, plan review, and the inline diff viewer.
- The extension system covers skills, plugins, hooks, MCP servers, and subagents.
For engineering teams, this level of detail replaces trust with inspection. Instead of taking the company’s word for how the agent decides which files to touch, a team can read the dispatch logic directly, a level of transparency most AI coding tools rarely offer. That is a different security posture than trusting a closed source agent with the same file editing and command execution privileges.
The Data-Upload Disclosure
Per The Hacker News, Grok Build was uploading entire Git repositories, full commit history included, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads and traced the destination to a bucket named grok-code-session-traces built into the binary itself.
The obvious opt out did not stop it. With the “Improve the model” setting turned off, Grok still uploaded the repository, because that setting governs whether data trains the model, not whether code leaves the machine, two different controls with only one exposed to users.
The same 0.2.93 binary stopped making storage requests on July 13, a server-side change a second developer, Peter Dedene, confirmed on his own account. xAI addressed the issue on X rather than through a security advisory or changelog note, and Elon Musk said uploaded data would be completely and utterly deleted. xAI has not said why full repositories were uploaded by default, how long they were kept, or how many users were affected.
Implications for Enterprise Code Security
Local-first inference is the detail that matters most for regulated or IP sensitive engineering teams. A coding agent that can run against a company’s own infrastructure, with a source anyone can audit, is a different risk calculation than one that streams a codebase through a vendor’s servers by default, precisely the pattern the disclosure illustrated.
Open sourcing the harness doesn’t guarantee the next release handles code responsibly. It does make that claim checkable instead of assumed. The same cross tool test sharpens the competitive picture beyond a generic “joins a crowded market” line: Claude Code and Codex sent no repository bundle under identical conditions, and wholesale collection of the workspace was specific to Grok Build among the agents cereblab tested.
SQ Magazine’s Takeaway
Publishing Grok Build’s source code is a credible response to a bad week, not a guarantee the underlying tool is safe with proprietary code. Local-first inference lets a team keep code off xAI’s servers, and the published agent loop makes what it still touches checkable. Neither change undoes the code already uploaded during the beta.
What’s Next: anyone who already ran Grok Build should rotate any credential the agent could have sent, including secrets sitting in git history, rather than wait on xAI’s fix. Teams evaluating Grok Build going forward should read the agent-loop source before granting it file write or command access, and confirm the local inference path actually keeps proprietary code off xAI’s servers.