Critical Severity Report ID: BR-XAI-2026-0221

Breach Report: xAI (Grok)

Forensic analysis of grok.com surveillance infrastructure. Zero consent architecture. User birth dates, email addresses, and X/Twitter identities embedded in server-rendered HTML before any JavaScript executes.

Capture: February 21, 2026 | Platform: Next.js 15.5.10 | Framework: React Server Components | HAR evidence: grok.com-sani-2026-2-21.har

Tracking Services

Identified in single session

PII Fields in HTML

Accessible to all JS contexts

Feature Flags

310

71 KB cached in localStorage

Consent Mechanisms

No banner, no GPC, no opt-out

Tracking Services Identified

Six surveillance systems operating simultaneously. Four are tunneled through grok.com's own domain to evade ad blockers.

Mixpanel — Behavioral Analytics

FIRST-PARTY TUNNELED

CRITICAL

Token

ea93da913ddb66b6372b89d97b1029ac

Tunnel Endpoints

/_data/v1/a/t/ (events) /_data/v1/a/engage/ (profiles)

URL: /_data/v1/a/t/?verbose=1&ip=1 Method: POST Volume: 20+ requests per session Cookie: mp_ea93da913ddb66b6372b89d97b1029ac_mixpanel localStorage: __mpq_ea93da913ddb66b6372b89d97b1029ac_pp, _ev Feature flag: route-web-mixpanel-logging-to-data-gateway: true

The ip=1 parameter explicitly requests IP address capture with every tracking POST. The MixpanelProvider wraps the entire React application tree.

Google Analytics 4

THIRD-PARTY SCRIPT

HIGH

Measurement ID: G-8FEWB057YH Loader: www.googletagmanager.com/gtag/js?id=G-8FEWB057YH Component: GoogleAnalytics in RSC tree Global: gtag() function + dataLayer on window

Cloudflare Web Analytics

THIRD-PARTY SCRIPT

MEDIUM

Token: 115d22700e41497cb28a5ee6c20b51d7 Loader: static.cloudflareinsights.com/beacon.min.js Tracking: Ray ID, server timing (cfExtPri, cfEdge, cfOrigin, cfL4, cfSpeedBrain, cfCacheStatus) Version: 2025.9.1

Sentry — Error Monitoring + Session Replay

FIRST-PARTY TUNNELED

CRITICAL

DSN Host: o4508179396558848.ingest.us.sentry.io Project: 4508493378158592 Tunnel: /monitoring?o=4508179396558848&p=4508493378158592&r=us Environment: production Release: 31fc9bc7949280320d9080514a51b0ef486cc3ef replaysOnErrorSampleRate: 1.0 ← 100% of error sessions video-recorded replaysSessionSampleRate: 0 ← normal sessions not recorded (yet) tracesSampleRate: 0 Error Suppression (denyUrls): /statsig/ ← hides feature flag errors /log_metric/ ← hides telemetry errors /monitoring/ ← hides Sentry tunnel errors /otlp/ ← hides OpenTelemetry errors

Sentry Replay is loaded and active. When any JavaScript error occurs, 100% of those sessions are fully recorded — DOM snapshots, user interactions, network requests. The error suppression means tracking infrastructure failures are silently dropped.

xAI Internal Telemetry

FIRST-PARTY

HIGH

/api/log_metric — 24+ POSTs per session (all returning 503) /_data/v1/events — custom event pipeline (503) /statsig/ — referenced in Sentry denyUrls (feature flags) /otlp/ — OpenTelemetry endpoint in Sentry denyUrls

The 503 responses indicate these endpoints are failing — but the client keeps sending data. The Sentry error suppression ensures developers may not even know these systems are broken.

Google APIs (Picker)

MEDIUM

Script: apis.google.com/js/api.js Module: Google Picker (Drive file integration)

Request Distribution by Service

PII Embedded in Server-Rendered HTML

The following personal data is embedded in React Server Component flight data (169 KB across 44 chunks) before any JavaScript executes. This data is accessible to every script context on the page — including all six tracking services.

Full Name

givenName / familyName

Birth Date

birthDate (Unix seconds)

X/Twitter ID

xUserId

X/Twitter Handle

xUsername

X Subscription

xSubscriptionType

Session ID

sessionId

User ID

userId

Grok Tier

sessionTierId

Country

countryCode

Account Created

createTime

Email Confirmed

emailConfirmed

Red fields = direct PII. Gray fields = identity-linked metadata. All are present in the initial HTML payload before the user interacts with the page.

What this means

Grok's server renders your actual birth date, email address, and full legal name directly into the HTML document. This data exists in the DOM before any consent check could theoretically occur. Every JavaScript library loaded on the page — Mixpanel, GA4, Cloudflare Analytics, Sentry — has unrestricted access to this data. Unlike hashed or tokenized identifiers, this is raw, plaintext PII delivered to the browser on every page load.

Triple Identity Binding

Three separate identity systems are bound to the same UUID, creating a cross-platform dossier that links Grok usage to X/Twitter identity.

x-userid cookie UUID

Mixpanel distinct_id same UUID

Mixpanel $user_id same UUID

Mixpanel $device_id separate persistent fingerprint

xUserId (SSR) X/Twitter numeric ID

Mixpanel also records: $search_engine (google), $initial_referrer (exact Google URL), $initial_referring_domain

The xUserId in the SSR payload directly links your Grok identity to your X/Twitter account. Your AI conversations are permanently tied to your public social media profile.

Consent Architecture: Nonexistent

For a platform serving EU (GDPR), Canadian (PIPEDA), and California (CCPA/CPRA) users, this represents a complete absence of legally required consent mechanisms.

Consent Cookies

Consent DOM Elements

Privacy Links in UI

Consent Check	Status	Detail
Cookie consent banner	ABSENT	No banner, no modal, no checkbox anywhere in DOM
GPC detection	ABSENT	navigator.globalPrivacyControl not checked
Do Not Track	IGNORED	navigator.doNotTrack returns null
Tracker consent gating	NONE	All 6 trackers load unconditionally on every page load
Opt-out mechanism	ABSENT	No toggle, no settings, no preference center

Feature Flags: 310 Flags, 71 KB

Cached in localStorage as xai-ff-bu. Notable surveillance-relevant flags:

Flag	Value	Implication
`route-web-mixpanel-logging-to-data-gateway`	true	Confirms intentional first-party Mixpanel tunnel
`log_suggestion_usage_data`	true	Logs which suggestions users interact with
`enable_screen_sharing`	false	Screen sharing capability exists, currently disabled
`show_surveys`	true	Surveys pushed to users
`enable_temp_always_request_share_link`	true	Always generates share links for conversations
`satisfaction_score`	3	User satisfaction scoring system
`is_xai_employee / is_x_employee`	false	Employee detection flags present in production

Developer test flags still present in production: bustin-test, boyan-test-feature, dm_test_flag, test-initial-load

Comparison: Grok vs Claude.ai

Side-by-side forensic comparison from the same research methodology.

Vector	Claude.ai	Grok
Consent banner	Decorative (exists but doesn't gate)	NONEXISTENT
Birth date in HTML	No	YES
X/Twitter ID correlation	No	YES (direct linking)
Mixpanel	No	YES (tunneled, ip=1)
Sentry Replay loaded	Yes (0% session, 10% error)	Yes (0% session, 100% error)
Feature flags	791 (Statsig)	310 (custom xai-ff-bu)
Error suppression	Yes (drop third-party frames)	Yes (denyUrls for tracking)
First-party tunneling	Yes (Segment, Sift, Statsig)	Yes (Mixpanel via /_data/)
PII in SSR	Email, IP, geo, subscription	Email, birth date, name, X ID, X username, subscription, country
Identity binding	5-dimensional (Statsig)	Triple + X/Twitter numeric ID

What AI Privacy Shield Blocks

All surveillance endpoints neutralized. Grok's core chat functionality is unaffected.

Network Rules (declarativeNetRequest)

✕ grok.com/_data/v1/*

✕ grok.com/api/log_metric

✕ grok.com/monitoring

✕ static.cloudflareinsights.com

✕ googletagmanager.com/gtag/js

✕ grok.com/_data/v1/events

What Gets Neutralized

✓ Mixpanel behavioral tracking + IP capture
✓ Google Analytics page tracking
✓ Cloudflare Web Analytics beacon
✓ Sentry error monitoring + session replay
✓ Internal telemetry (/api/log_metric)
✓ Custom event pipeline

Stop Grok from profiling your identity and behavior

Get AI Privacy Shield

Blocks all 6 tracking services. Grok chat functionality unaffected.