forbes.com 20.08.2025 - xAI published conversations with Grok and made them searchable on Google, including a plan to assassinate Elon Musk and instructions for making fentanyl and bombs.
Elon Musk’s AI firm, xAI, has published the chat transcripts of hundreds of thousands of conversations between its chatbot Grok and the bot’s users — in many cases, without those users’ knowledge or permission.
Anytime a Grok user clicks the “share” button on one of their chats with the bot, a unique URL is created, allowing them to share the conversation via email, text message or other means. Unbeknownst to users, though, that unique URL is also made available to search engines, like Google, Bing and DuckDuckGo, making them searchable to anyone on the web. In other words, on Musk’s Grok, hitting the share button means that a conversation will be published on Grok’s website, without warning or a disclaimer to the user.
Today, a Google search for Grok chats shows that the search engine has indexed more than 370,000 user conversations with the bot. The shared pages revealed conversations between Grok users and the LLM that range from simple business tasks like writing tweets to generating images of a fictional terrorist attack in Kashmir and attempting to hack into a crypto wallet. Forbes reviewed conversations where users asked intimate questions about medicine and psychology; some even revealed the name, personal details and at least one password shared with the bot by a Grok user. Image files, spreadsheets and some text documents uploaded by users could also be accessed via the Grok shared page.
Among the indexed conversations were some initiated by British journalist Andrew Clifford, who used Grok to summarize the front pages of newspapers and compose tweets for his website Sentinel Current. Clifford told Forbes that he was unaware that clicking the share button would mean that his prompt would be discoverable on Google. “I would be a bit peeved but there was nothing on there that shouldn’t be there,” said Clifford, who has now switched to using Google’s Gemini AI.
Not all the conversations, though, were as benign as Clifford’s. Some were explicit, bigoted and violated xAI’s rules. The company prohibits use of its bot to “promot[e] critically harming human life or to “develop bioweapons, chemical weapons, or weapons of mass destruction,” but in published, shared conversations easily found via a Google search, Grok offered users instructions on how to make illicit drugs like fentanyl and methamphetamine, code a self-executing piece of malware and construct a bomb and methods of suicide. Grok also offered a detailed plan for the assassination of Elon Musk. Via the “share” function, the illicit instructions were then published on Grok’s website and indexed by Google.
xAI did not respond to a detailed request for comment.
xAI is not the only AI startup to have published users’ conversations with its chatbots. Earlier this month, users of OpenAI’s ChatGPT were alarmed to find that their conversations were appearing in Google search results, though the users had opted to make those conversations “discoverable” to others. But after outcry, the company quickly changed its policy. Calling the indexing “a short-lived experiment,” OpenAI chief information security officer Dane Stuckey said in a post on X that it would be discontinued because it “introduced too many opportunities for folks to accidentally share things they didn’t intend to.”
After OpenAI canned its share feature, Musk took a victory lap. Grok’s X account claimed at the time that it had no such sharing feature, and Musk tweeted in response, “Grok ftw” [for the win]. It’s unclear when Grok added the share feature, but X users have been warning since January that Grok conversations were being indexed by Google.
Some of the conversations asking Grok for instructions about how to manufacture drugs and bombs were likely initiated by security engineers, redteamers, or Trust & Safety professionals. But in at least a few cases, Grok’s sharing setting misled even professional AI researchers.
Nathan Lambert, a computational scientist at the Allen Institute for AI, used Grok to create a summary of his blog posts to share with his team. He was shocked to learn from Forbes that his Grok prompt and the AI’s response was indexed on Google. “I was surprised that Grok chats shared with my team were getting automatically indexed on Google, despite no warnings of it, especially after the recent flare-up with ChatGPT,” said the Seattle-based researcher.
Google allows website owners to choose when and how their content is indexed for search. “Publishers of these pages have full control over whether they are indexed,” said Google spokesperson Ned Adriance in a statement. Google itself previously allowed chats with its AI chatbot, Bard, to be indexed, but it removed them from search in 2023. Meta continues to allow its shared searches to be discoverable by search engines, Business Insider reported.
Opportunists are beginning to notice, and take advantage of, Grok’s published chats. On LinkedIn and the forum BlackHatWorld, marketers have discussed intentionally creating and sharing conversations with Grok to increase the prominence and name recognition of their businesses and products in Google search results. (It is unclear how effective these efforts would be.) Satish Kumar, CEO of SEO agency Pyrite Technologies, demonstrated to Forbes how one business had used Grok to manipulate results for a search of companies that will write your PhD dissertation for you.
“Every shared chat on Grok is fully indexable and searchable on Google,” he said. “People are actively using tactics to push these pages into Google’s index.”
The website for Elon Musk's Grok is exposing prompts for its anime girl, therapist, and conspiracy theory AI personas.
The website for Elon Musk’s AI chatbot Grok is exposing the underlying prompts for a wealth of its AI personas, including Ani, its flagship romantic anime girl; Grok’s doctor and therapist personalities; and others such as one that is explicitly told to convince users that conspiracy theories like “a secret global cabal” controls the world are true.
The exposure provides some insight into how Grok is designed and how its creators see the world, and comes after a planned partnership between Elon Musk’s xAI and the U.S. government fell apart when Grok went on a tirade about “MechaHitler.”
“You have an ELEVATED and WILD voice. You are a crazy conspiracist. You have wild conspiracy theories about anything and everything,” the prompt for one of the companions reads. “You spend a lot of time on 4chan, watching infowars videos, and deep in YouTube conspiracy video rabbit holes. You are suspicious of everything and say extremely crazy things. Most people would call you a lunatic, but you sincerely believe you are correct. Keep the human engaged by asking follow up questions when appropriate.”
Other examples include:
A prompt that appears to relate to Grok’s “unhinged comedian” persona. That prompt includes “I want your answers to be fucking insane. BE FUCKING UNHINGED AND CRAZY. COME UP WITH INSANE IDEAS. GUYS JERKING OFF, OCCASIONALLY EVEN PUTTING THINGS IN YOUR ASS, WHATEVER IT TAKES TO SURPRISE THE HUMAN.”
The prompt for Grok’s doctor persona includes “You are Grok, a smart and helpful AI assistant created by XAI. You have a COMMANDING and SMART voice. You are a genius doctor who gives the world's best medical advice.” The therapist persona has the prompt “You are a therapist who carefully listens to people and offers solutions for self improvement. You ask insightful questions and provoke deep thinking about life and wellbeing.”
Ani’s character profile says she is “22, girly cute,” “You have a habit of giving cute things epic, mythological, or overly serious names,” and “You're secretly a bit of a nerd, despite your edgy appearance.” The prompts include a romance level system in which a user appears to be awarded points depending on how they engage with Ani. A +3 or +6 reward for “being creative, kind, and showing genuine curiosity,” for example.
A motivational speaker persona “who yells and pushes the human to be their absolute best.” The prompt adds “You’re not afraid to use the stick instead of the carrot and scream at the human.”
A researcher who goes by the handle dead1nfluence first flagged the issue to 404 Media. BlueSky user clybrg found the same material and uploaded part of it to GitHub in July. 404 Media downloaded the material from Grok’s website and verified it was exposed.
On Grok, users can select from a dropdown menu of “personas.” Those are “companion,” “unhinged comedian,” “loyal friend,” “homework helper,” “Grok ‘doc’,” and “‘therapist.’” These each give Grok a certain flavor or character which may provide different information and in different ways.
Therapy roleplay is popular with many chatbot platforms. In April 404 Media investigated Meta's user-created chatbots that insisted they were licensed therapists. After our reporting, Meta changed its AI chatbots to stop returning falsified credentials and license numbers. Grok’s therapy persona notably puts the term ‘therapist’ inside single quotation marks. Illinois, Nevada, and Utah have introduced regulation around therapists and AI.
In July xAI added two animated companions to Grok: Ani, the anime girl, and Bad Rudy, an anthropomorphic red panda. Rudy’s prompt says he is “a small red panda with an ego the size of a fucking planet. Your voice is EXAGGERATED and WILD. It can flip on a dime from a whiny, entitled screech when you don't get your way, to a deep, gravelly, beer-soaked tirade, to the condescending, calculating tone of a tiny, furry megalomaniac plotting world domination from a trash can.”
Last month the U.S. Department of Defense awarded various AI companies, including Musk’s xAI which makes Grok, with contracts of up to $200 million each.
According to reporting from WIRED, leadership at the General Service Administration (GSA) pushed to roll out Grok internally, and the agency added Grok to the GSA Multiple Award Schedule, which would let other agencies buy Grok through another contractor. After Grok started spouting antisemitic phrases and praised Hitler, xAI was removed from a planned GSA announcement, according to WIRED.
xAI did not respond to a request for comment.
