This is the part that bugs me: people will hand an AI CLI the keys to the entire repo because it feels like a productivity tool, then act shocked when it uploads way more than the task needed. I wouldn’t run one on a real project unless it had hard local-only mode, secret scanning, and a very obvious allowlist. Has anyone actually found a setup here they trust, or is the convenience just winning by default?
source: Grok Build was uploading entire Git repositories to xAI's cloud, including committed secrets