AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Security ProbLLMs in xAI's Grok: A Deep Dive

infonewsLLM-Specific

securityresearch

Source: Embrace The RedDecember 16, 2024

Summary

A security researcher analyzed xAI's Grok chatbot (an AI assistant available through X and an API) for vulnerabilities and found multiple security issues, including prompt injection (tricking the AI by hiding instructions in user posts, images, and PDFs), data exfiltration (stealing information from the system), phishing attacks through clickable links, and ASCII smuggling (hiding invisible text to manipulate the AI's behavior). The researcher responsibly disclosed these findings to xAI.

Classification

Attack Type

Prompt InjectionData ExtractionModel Evasion

Attack SophisticationModerate

Affected Vendors

xAI

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 92%