A disturbing new tactic is allowing cybercriminals to turn X’s own artificial intelligence, Grok, into an unsuspecting accomplice for spreading dangerous links across the social media platform. Security experts are raising alarms about this clever workaround, which completely bypasses the network’s built-in safety measures for paid advertisements and exposes millions of users to potential harm.

A Clever Workaround

The problem starts with X’s paid promotion system, often used for ads that appear in your feed. To keep users safe, X has rules that prevent advertisers from just dropping a suspicious link into a promoted post. Ads are typically limited to text, images, or videos, forcing scammers to get creative. And they have.

This new scheme, dubbed “Grokking” by the researchers at Guardio Labs who uncovered it, begins when criminals pay to promote a post, usually a video with clickbait content, like adult material, designed to grab attention. While they can’t put a clickable link in the main ad, they found a loophole. They are hiding the malicious website address in a less obvious place: the “From:” data field that appears just beneath the video. This small text field is reportedly not being scanned by X’s security systems, allowing the dangerous link to slip through unnoticed.

Turning the AI Against Itself

Hiding the link is only the first step. The truly deceptive part of the plan involves manipulating Grok, the AI assistant integrated into the X platform. After their promoted post is live and gathering views, the scammers use a different account to reply to their own ad. In the reply, they tag Grok (@grok) and ask an innocent-sounding question like, “Hey, where can I find this video?” or “What’s the source for this?”

This is where the trap is sprung. Grok, designed to be helpful and answer questions, scans the original post for information. It finds the hidden, malicious link in the “From:” field and, in its attempt to provide an answer, posts the link publicly in its reply.

The consequences are immediate and severe. A dangerous link that X’s advertising system was built to block is now being shared by a verified, trusted account: the platform’s own AI. Because the original post is a paid ad, it’s pushed into the feeds of hundreds of thousands, or even millions, of users. This gives the scam link massive visibility and an undeserved air of legitimacy. As one researcher noted, this trick also boosts the bad link’s reputation on search engines, making it seem even more trustworthy because it was shared by a major AI on a popular website.

What Happens When You Click?

For an unsuspecting user scrolling their feed, they see a viral post and a helpful reply from Grok providing a source link. It seems safe to click, but it leads directly to trouble. According to security experts, these links funnel users into a network of shady websites.

Once clicked, a person could be sent to pages that host fake “prove you’re human” CAPTCHA tests, which are actually designed to steal information or trick you into enabling unwanted browser notifications. Other destinations include websites that try to install information-stealing software, known as malware, onto your device. This software can hunt for passwords, banking details, and other personal data. In essence, the criminals are using a complex system to route traffic from X to whatever scam or malicious content will make them the most money that day.

A Widespread and Organized Problem

This isn’t the work of a few isolated tricksters. Researchers have identified hundreds of accounts actively engaging in this scheme over the last several days. These accounts operate like spam factories, churning out hundreds or even thousands of these baited posts in a short period. They continue this activity nonstop for days until their accounts are finally discovered and suspended for violating the platform’s rules. The sheer scale and relentless nature of the posts suggest a well-organized operation is behind the attacks, systematically exploiting this AI loophole to reach as many people as possible before being shut down.