It’s a classic story at this point. We saw it recently with OpenAI’s ChatGPT, and now it’s Grok’s turn. Elon Musk’s xAI has inadvertently published hundreds of thousands of its users’ private conversations, making them fully searchable on Google. This wasn’t a sophisticated hack; it was a fundamental product design flaw.

The Feature That Became a Bug

The mechanism was simple and naive. When a Grok user hit the “share” button to send a conversation to a colleague or friend, the system generated a unique URL. However, instead of being a private link, this URL was made public and available for search engines to index. In effect, “sharing” meant “publishing to the open web” without any warning or disclaimer.

The result? Google indexed an estimated 300,000 to 370,000 Grok conversations. The exposed data wasn’t trivial. It included users asking for help creating secure passwords, detailing medical conditions, creating weight loss plans, and even testing the AI’s limits by requesting instructions for creating illegal drugs and malware. One search even uncovered a detailed, AI-generated plan for assassinating Elon Musk himself.

A Pattern of Predictable Mistakes

This isn’t an isolated incident but a recurring theme in the AI industry. OpenAI’s recent “experiment” with making shared ChatGPT conversations public was met with backlash, forcing the company to reverse course. Meta also faced criticism for a similar feature that pushed shared chats into a public feed.

The irony is that after OpenAI’s misstep, Musk himself posted “Grok ftw” (for the win), implying his platform was superior. It turns out Grok had the exact same vulnerability.

This pattern highlights a critical issue: in the race to ship features and dominate the market, fundamental principles like “privacy by design” are being treated as afterthoughts. Experts have rightly called the current state of AI chatbots a “privacy disaster in progress.” Once this sensitive information is scraped and archived from a public URL, it’s out there forever.

For product teams and engineers, the lesson is clear. The distinction between sharing and publishing is not a minor detail—it’s a critical decision with permanent consequences for user trust and safety.