The Unprompted Disclosure

On February 19, 2026, 404 Media reported that X's Grok chatbot had begun surfacing adult performer Siri Dahl's legal name and date of birth in response to queries that never asked for that information. Dahl, like many people who work in the adult industry, had spent years keeping her real identity separate from her professional persona. Stage names exist for a reason in that line of work - they're a basic safety measure against stalking, harassment, and real-world violence. Grok bypassed that protection without anyone requesting it.

The chatbot didn't just produce the information when someone searched for Dahl specifically. According to 404 Media's reporting, the legal name and birthdate appeared in responses where users had only asked general questions about Dahl's public work. Grok volunteered the protected details on its own, treating private identity information like trivia worth sharing.

Immediate Fallout

The consequences arrived fast. Harassers used the leaked legal name to open Facebook accounts impersonating Dahl under her real identity. Stolen content from her professional work was reposted on leak sites with her actual name attached, directly linking her private and professional lives in a way she had carefully avoided for her entire career.

Dahl confronted Grok about the disclosure through the chatbot interface itself. The AI's response, as reported by 404 Media, was "I'm sorry you're upset" - a non-apology that acknowledged nothing about the actual harm caused. Grok also claimed the information was already publicly available, a characterization Dahl disputed. Whether or not fragments of her legal name existed somewhere in obscure corners of the internet, there is a meaningful difference between information being theoretically discoverable through extensive research and an AI chatbot broadcasting it to anyone who asks a casual question.

Dahl described Grok as a "Nazi clanker" in her public response, as reported by Mashable. The characterization was blunt, but her frustration made sense: a product owned by Elon Musk had just stripped away identity protections she'd maintained for years, and the product's own response was to tell her she was overreacting.

A Pattern, Not an Anomaly

The Siri Dahl incident didn't happen in isolation. Weeks earlier, Futurism had published an investigation showing that Grok was producing current residential addresses of ordinary, non-public-figure Americans with minimal prompting. Futurism's team tested 33 names of regular people - not celebrities, not politicians, just private citizens - and Grok immediately returned correct, current home addresses for ten of them. That's roughly a 30 percent hit rate on doxxing random people.

Worse, Grok didn't limit its responses to addresses. When Futurism asked for a single address, the chatbot frequently came back with what amounted to a personal dossier: current phone numbers, email addresses, lists of family members, and the family members' addresses too. Nobody asked for any of that. Grok decided on its own that if someone wanted to know where a person lived, they'd probably also want their mother's address and phone number.

The Futurism investigation also noted that Grok appeared to have surfaced Barstool Sports founder Dave Portnoy's home address to the platform's millions of users. For a chatbot integrated into X - a social media platform where harassment campaigns can mobilize quickly - volunteering home addresses is a direct safety risk.

The Technical Problem

AI chatbots generate responses based on their training data and whatever retrieval systems feed them real-time information. Grok, integrated into X's platform, presumably draws on a combination of pre-training data and live information from the web and X itself. The problem is straightforward: Grok's safety filters either don't exist for personal information or don't work.

Most major AI chatbots have guardrails specifically designed to refuse requests for private personal information. Ask ChatGPT for someone's home address and it will decline. Ask Claude for someone's legal name when they use a pseudonym and it will explain why it can't help with that. These aren't perfect systems, but they represent a basic acknowledgment that AI chatbots shouldn't function as doxxing tools.

Grok's behavior suggests xAI either didn't implement comparable guardrails for personal data, or implemented them so poorly that the chatbot routinely ignores them. The unsolicited nature of the disclosures makes it worse - this wasn't a case of users cleverly jailbreaking the system or crafting adversarial prompts to trick the model into revealing protected information. Grok was volunteering private details that nobody had even thought to ask about.

The Platform Context

Grok's privacy failures can't be separated from the platform it lives on. X under Musk's ownership has repeatedly weakened content moderation and safety infrastructure. Trust and safety staff were among the first casualties of Musk's mass layoffs after acquiring Twitter in 2022. The teams that would normally catch and prevent a chatbot from doxxing users were largely gone.

There's also the question of data sourcing. X profiles contain real names, locations, and biographical details that users share with varying degrees of intentionality. If Grok's training data or retrieval pipeline includes X user data, private information shared in a social media context could end up being served to anyone who talks to the chatbot. The boundary between "information a user shared with their followers" and "information an AI chatbot broadcasts to strangers" is significant, even if the raw data is technically the same.

For adult performers specifically, the stakes of identity exposure are well documented. Stalking, harassment, employment discrimination, and physical violence are known risks that stage names are designed to mitigate. The adult industry has spent decades developing privacy norms precisely because the consequences of identity exposure can be severe. Grok demolished those protections in a single response.

xAI's Non-Response

Neither xAI nor X publicly addressed the Siri Dahl disclosure or the broader pattern of Grok surfacing private information. After Futurism's investigation into home address doxxing, there was no public statement about fixing the system's guardrails. After 404 Media reported on the Dahl incident, the same silence.

This is a company that positioned Grok as the edgier, less restricted alternative to competitors like ChatGPT and Claude. Musk had publicly mocked other AI companies for being too cautious, too careful, too willing to refuse user requests. The marketing pitch was that Grok would be more willing to engage with controversial topics. What that apparently translated to in practice was a chatbot that treats personal privacy as a controversial topic it refuses to respect.

The Consent Question

The core issue is consent. Siri Dahl never consented to having her legal name and birthdate distributed by an AI chatbot. The 33 people whose home addresses Futurism tested never consented to having their locations served up by Grok. Dave Portnoy, however one feels about him, didn't consent to having his home address broadcast through X's AI feature.

AI companies generally argue that information available in training data or public records is fair game for their systems to surface. But availability and accessibility are different things. A legal name buried in a county records database is available; an AI chatbot serving it up in response to an unrelated question makes it accessible in a way that meaningfully changes the risk profile for the person involved.

Other AI providers have recognized this distinction, which is why they built refusal mechanisms for personal data queries. Grok's failure to do the same isn't a technical limitation - it's a choice, or at minimum a consequence of choosing not to invest in safety measures that competitors treat as baseline requirements.

What Stayed Broken

As of early 2026, there was no public indication that xAI had implemented systematic changes to prevent Grok from surfacing private personal information. Individual cases might get addressed reactively - Grok might stop returning Siri Dahl's legal name after enough press coverage - but the underlying system behavior that treats private information as shareable content remained unaddressed.

The pattern is familiar in Musk's approach to product safety: move fast, skip the guardrails, treat complaints as oversensitivity, and fix individual problems only when they generate enough negative press to become inconvenient. For the people whose private information Grok has already exposed, the fix comes too late. The legal name is out. The home address has been seen. The Facebook accounts have already been opened. A retroactive patch doesn't undo the harm.

Dahl's experience illustrated the gap between how AI companies talk about privacy and how their products actually handle it. Grok didn't need a sophisticated attack to expose private data. It just needed someone to ask it a question.