Cybersecurity researchers have uncovered a new scam technique — dubbed “grokking” — that uses Elon Musk’s Grok AI on X (formerly Twitter) to bypass security filters and spread malicious links to millions of users.
The exploit works by embedding a scam link in the “From:” field of a paid video ad, a space normally reserved for the advertiser’s name. Because X’s security systems do not scan this field, the malicious link evades detection and goes live. Scammers then prompt Grok to answer a simple question like “Where is this video from?” — causing the AI to display and amplify the dangerous link in its verified response, making it visible, clickable, and seemingly trustworthy.
The scam ads often lead users to fake websites designed to steal sensitive data or install infostealer malware, a type of malicious software that quietly harvests login credentials, financial information, crypto wallets, chat messages, and personal documents.
IBM’s 2025 threat intelligence report lists infostealers as one of the most dangerous cyber threats today due to their ability to operate undetected for long periods.
How to Stay Safe:
Cybersecurity experts recommend updating browsers and apps regularly, avoiding suspicious ads and links, and checking website URLs for common misspellings (typosquatting). They warn users to be cautious of unusual payment requests, such as gift cards or cryptocurrency, which are common in scam operations.
X has not yet commented on how it plans to address the vulnerability, leaving users on high alert as scammers continue to exploit the platform’s AI-powered tools.