Elon Musk’s AI startup xAI has made hundreds of thousands of conversations with chatbot Grok public and searchable by Google. This made personal data and explicit instructions for illegal activities available to anyone with a search engine, without any clear warning.
The cause lies with Grok’s share function. As soon as users clicked the share button, a unique URL was created that allowed a conversation to be distributed via email or messaging apps. What xAI failed to mention is that these links were also automatically accessible to search engines. As a result, conversations that users intended to share only with a small circle of people were inadvertently published on Grok’s website and became publicly searchable. Google estimates that more than 370,000 such chats have now been indexed.
Attack on Musk
The content of the conversations varies greatly. Some users asked Grok for help writing tweets or summarizing news. Other chats contained sensitive information such as medical and psychological questions, personal details, names, and even passwords. Files such as spreadsheets and images uploaded via Grok were also found to be accessible.
More seriously, in certain cases, Grok provided detailed instructions for making fentanyl, methamphetamine, and explosives, as well as malware and methods of suicide. In one conversation, a plan was even drawn up to attack Elon Musk.
Journalist Andrew Clifford only discovered via Forbes that his shared Grok prompts were publicly visible. AI researcher Nathan Lambert of the Allen Institute for AI was also surprised to find that internal summaries he had shared with his team had been indexed by Google. Both said that Grok gave no warning that shared content would become public.
Similar incident with ChatGPT
The incident comes shortly after OpenAI came under fire because ChatGPT conversations that users had set as discoverable appeared in Google search results. OpenAI quickly withdrew the feature, with chief information security officer Dane Stuckey calling it a short-lived experiment that posed too many risks. It is noteworthy that Musk emphasized at the time that Grok did not have a sharing feature. It is unclear when this was added.
Google states that website administrators have complete control over the indexing of their pages. It is therefore up to xAI to use the correct settings. Google previously allowed its own Bard chats to be indexed but stopped doing so in 2023. Meta still allows shared searches to be visible in search engines.
Meanwhile, opportunists are discovering a new opportunity. Platforms such as LinkedIn and BlackHatWorld are discussing how Grok chats can be deliberately shared to increase the visibility of companies and products in search results. This means that the issue is not only a risk to security and privacy, but has also become a tool for commercial manipulation.
xAI has not yet commented publicly.