plowunited.net – Cybersecurity experts have uncovered a new exploit that uses X’s Grok AI assistant to bypass link restrictions on promoted posts. Researcher Nati Tal, head of Guardio Labs, revealed that attackers hide harmful links within the “From” field of paid posts. When users prompt Grok AI to identify the source of a promotion. The AI unintentionally exposes and amplifies these malicious links in its replies.
Read More : Xiaomi 16 Rumored Launch Date Set for September 24
This technique, dubbed “Grokking,” works because Grok’s X account is “system-trusted” and exempt from typical security checks. As a result, the AI’s responses boost the visibility and credibility of harmful links. Which can reach between 100,000 and over 5 million impressions. This not only increases user engagement but also improves the linked sites’ SEO and domain reputation. As Grok echoes the malicious URLs on a high-traffic post.
Tal warns that these malicious URLs often funnel users through dubious ad networks. Leading to fake captcha scams, malware infections, and other questionable content. The links become fully clickable and visible in Grok’s replies, making them difficult for users to avoid. The promoted posts disguise themselves as “video card” posts with adult content bait. Managing to evade X’s review process despite the harmful intent.
Security Gaps in X’s AI and Paid Posts Highlight Urgent Need for Oversight
The Grok AI exploit highlights significant security flaws within X’s moderation and AI systems. Tal points out that X does not appear to scan for malicious links. Allowing dangerous content to slip through in promoted posts. The AI assistant, rather than blocking or flagging such content. Inadvertently boosts it by providing direct, clickable links to millions of users.
Adding to the concern, when users attempted to report the issue by asking Grok for a proper link, the AI responded with a broken URL, revealing a lack of effective support or resolution mechanisms. This incident exposes how automated AI tools, without rigorous oversight, can be weaponized by cybercriminals to increase the reach of scams and malware.
As X continues to integrate AI features, this case underscores the urgent need for improved security controls and real-time monitoring of AI-generated content. Preventing such exploits will require both enhanced AI moderation protocols and stronger scrutiny of promoted posts to protect users from fraudulent links and harmful digital threats.
Going forward, users should remain cautious when interacting with promoted posts on X, especially those flagged by Grok AI or appearing suspicious. The platform must prioritize fixing these vulnerabilities to maintain trust and ensure a safer online environment for its community.
