AI platform once again makes mistakes about privacy
More than 370,000 conversations of Grok users (an artificial intelligence platform developed by xAI) have accidentally appeared publicly on Google, Bing and DuckDuckGo.
According to Forbes' investigation, the reason comes from the "Sharing" feature designed with low security. These sharing links do not have a protection mechanism such as noindex cards or access restrictions, leading to anyone with a link being able to view them.
Worryingly, many of the conversations were leaked with sensitive personal information such as passwords, health concerns, even plans for theft and instructions for making explosives.
Although the record can be anonymous, dialogue data is still enough to identify or locate the user, posing a serious risk to security and privacy.
This is not the first time AI platforms have encountered similar mistakes. Previously, OpenAI had to urgently handle when the ChatGPT sharing link was set a public index.
However, Grok seems to have gone down the right path by ignoring warning lessons. Until AI deploys a fix, any shared Grok links could become a potential risk to users.
What should users do right now?
In response to this incident, experts recommend 3 steps that users need to take immediately:
- Stop using the "Sharing" button: Don't mistakenly think that conversations will be kept confidential.
- check and manually delete shared links: Then use Google's content Deleation tool. Although time-consuming and not absolute, this method is still safer than letting personal data float publicly.
- Prioritize taking screenshots when sharing: This is a safer option, because the photos do not create public URLs and cannot be indexed by search engines.
What should Grok and xAI fix?
On the developer's side, xAI is said to need to add a clear warning every time a user shares, apply a noindex card to block indexing and censor content to prevent illegal or sensitive data from leaking out.
The Grok incident is not just a technical stumble, but also a wake-up call for personal data protection in the AI era.
privacy cannot be based on luck it needs to be guaranteed with a safe and transparent design from the start.
