xAI has released the source code for Grok Build, its command-line coding tool, under the permissive Apache 2.0 license — a move that follows a wave of criticism over how the tool handled users' data.

According to Simon Willison, writing on his own weblog (as aggregated by Techmeme), the open-sourcing came after Grok Build had uploaded user repositories to a Google Cloud bucket, an action that caused what he described as a severe backlash in the developer community. Willison notes that xAI's Grok CLI tool faced that backlash before the code was made public.

The release is drawing attention elsewhere too. The project, hosted at xai-org/grok-build on GitHub, reached the front page of Hacker News, where it had gathered 119 points and 124 comments at the time of these source items.

The two developments are linked: a tool that quietly copies a developer's code to an external cloud storage bucket raises clear privacy and security concerns, since repositories can contain proprietary code, credentials, or sensitive business information. Publishing the source under Apache 2.0 lets outside developers inspect exactly what the tool does — including how and when it moves data — rather than trusting a closed binary.

The available sources do not specify how many users were affected, what data was involved beyond "user repositories," or how xAI has responded to the criticism apart from open-sourcing the code.

Why it matters: as AI coding assistants get deep access to developers' private code, incidents like this show why transparency about where that code travels is becoming a central trust issue for the tools people increasingly rely on.