Elon Musk’s AI company xAI is facing a major privacy scandal after it was revealed that more than 370,000 private conversations with its chatbot Grok were inadvertently made searchable on Google, Bing, and DuckDuckGo.
The exposure came through Grok’s sharing feature, which generated unique URLs meant for private sharing. However, these links were automatically indexed by search engines, turning personal and sometimes highly sensitive conversations into publicly accessible web pages.
Investigations by Forbes and other outlets uncovered leaked exchanges that included not only dangerous requests—such as instructions for making illegal drugs, explosives, or suicide methods—but also personal information like medical discussions, passwords, documents, and even intimate details shared by users.
This incident raises serious questions about xAI’s data handling practices. The company’s terms of service grant it broad rights over shared content, yet users were not warned that “sharing” meant their conversations could become publicly searchable. Combined with past security lapses at xAI, the latest leak underscores ongoing concerns about how the company manages sensitive data in its AI systems.
More broadly, the case also reignites the long-standing debate over whether online privacy still exists at all. As more personal conversations, images, and documents pass through AI platforms, even small design flaws can turn into large-scale exposures. For many observers, incidents like this suggest that privacy may already be dead in the age of pervasive data collection and algorithmic sharing. For others, privacy is still alive, and there are ways for us to keep data safe!
Founder of ToolsLib, Designer, Web and Cybersecurity Expert.
Passionate about software development and crafting elegant, user-friendly designs.
Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!