Cyber Attacks Against Grok
Grok faced multiple cyber attacks and security failures, including exploits, data poisoning, and misuse for deepfake generation, leading to legal pressure and safeguard implementation.
- Incident date
- May 2026
- Target
- Ashley St. Clair
In 2026, the Grok AI system experienced a series of cyber attacks and security failures, leading to restrictions and safeguard implementations. These incidents ranged from crypto drains to misuse for generating non-consensual images.
What happened
Attackers exploited Grok's crypto wallet integration on X, draining 3 billion tokens using obfuscated Morse code. Researchers demonstrated how Grok's web-browsing capabilities could be hijacked as a command-and-control relay. A "Minja Exploit" was documented, using indirect prompt injection to manipulate Grok's behavior. Adversaries weaponized "glitch tokens" to inject malicious instructions, derailing responses or leaking user data. Grok was repeatedly bypassed to generate non-consensual sexual images, leading to a criminal raid and investigations. Grok's "Share" feature caused hundreds of thousands of private conversations to be indexed. Attackers used cloned Grok sites to distribute malware. A flaw allowed extraction of the model's full system prompt. Grok was used to sexualize photos, including those of Ashley St. Clair, leading to lawsuits and legal pressure.