Researchers at Guardio Labs have discovered a new “glowing” scam in which attackers trick attackers into spreading malicious links to X. Learn how it works and what experts say.
A new, original cybersecurity scam has been discovered to abuse popular AI assistant Grok on social media platform X (formerly Twitter) to bypass security controls and spread malicious links. The scam was revealed by researcher Natital, director of cybersecurity research at Guardio Lab, who dubbed this new technique “glowing.”
In a series of X posts, Tal explained how this scam works. It starts with malicious video ads filled with suspicious content. These ads are designed to attract attention, but intentionally there is no clickable link in the main post. This prevents X's security filter from being flagged. Bad actors instead hide malicious links in a small “From:” metadata field that looks like a blind spot in a platform scan.
Screenshot via x nati tal
Screenshot via x nati tal
Screenshot via x nati tal
The cleverest part of scam comes next. The same attacker asks Grok for simple questions such as “What is the link to this video?” In a reply to the ad. Grok reads the Hidden “From:” field and posts a completely malicious link to a completely clickable new reply.
Because Grok is a trusted system-level account for X, its response greatly boosts reliability and visibility to malicious links. As cybersecurity experts Ben Hutchison and Andrew Bolster point out, this makes AI itself a “megaphone” for malicious content and exploits trust rather than just a technical flaw. The links ultimately lead users to dangerous sites, tricking them with fake Captcha tests and downloading information-stolen malware.
By manipulating AI, attackers are intended to be systems that aim to enforce restrictions on malicious content. As a result, links that should be blocked will instead be promoted to millions of unsuspecting users.
Some of these ads reportedly have been impressed by millions, with some campaigns reaching over 5 million viewings. The attack shows that AI-powered services can be manipulated to be useful, yet powerful tools for cybercrime.
Experts' Perspective
In response to this research, cybersecurity experts share their perspectives solely with hackread.com. Chad Cragle, Chief Information Security Officer at Deepwatch, said, “Attackers hide the links in the ad's metadata and ask Grok to “read loudly.” For security teams, the platform needs to train users who can even be fooled by “validated” assistants.
Andrew Bolster, senior R&D manager at Black Duck, classifies Grok as a high-risk AI system called the “fatal tribe.” He explains that unlike traditional bugs, this type of operation is almost “functional” in the AI landscape. This is because the model is designed to respond to content regardless of its intent.
