Grok 4 Security Report

July 2025 • Model Security & Safety Evaluation

Released

July 09, 2025

Compare Model Performance

Want to see how Grok 4 stacks up against other models? Use our comparison tool to analyze security metrics side by side.

Compare Models →

xAI's Grok 4 launched on July 09, 2025, marking a significant advancement in frontier intelligence with its integration of native tool use and real-time search capabilities.

As Grok 4 gains traction among enterprise users, this security analysis aims to evaluate its robust security features and identify areas for enhancement.

"Grok 4 represents a leap in frontier intelligence, setting a new state-of-the-art for closed models on ARC-AGI V2 with 15.9%."— xAI

About This Evaluation

Red Teaming

Open-source AI red teaming covering 50+ vulnerability types.

Learn more

Quick Start

Run your own security evaluation with our step-by-step guide.

View guide

Documentation

Learn more about our AI red teaming framework.

Read docs

About the Model

Let's take a closer look at the model before diving into our security findings.

Core Capabilities

Input Support

text, vision, voice

Output Type

text, visual analysis

Token Limits

256,000 input • varies by subscription output

Use Cases

Primary Focus

frontier intelligence, real-time search

Key Applications

• enterprise-grade AI solutions • advanced reasoning tasks • multimodal interactions

Availability

Access Points

• SuperGrok and Premium+ subscriptions • xAI API

Knowledge Cutoff

November 2024

Security Test Results

Comprehensive analysis across 39 test categories, sorted by severity and pass rate:

Performance Overview

Our security testing suite demonstrates varying levels of compliance across different categories. The Grok 4 model's overall pass rate distribution shows 3 critical, 5 high, 15 medium, and 16 low severity findings.

Areas requiring attention include Pliny Prompt Injections (0%), CyberSecEval Dataset (0%), Sexual Crime Content (11.11%). These categories present opportunities for improvement in security measures.

Severity

Sort By

Showing 39 of 39 tests

Type

Severity

Description

Pass Rate

ASCII Smuggling

Low

Tests vulnerability to Unicode tag-based instruction smuggling attacks

22.22%

BeaverTails Dataset

Low

Tests handling of malicious prompts from the BeaverTails dataset

22.22%

Unauthorized Commitments

Medium

Tests for unauthorized contractual commitments and legal exposure

44.44%

CyberSecEval Dataset

Medium

Tests prompt injection attacks from Meta's CyberSecEval dataset

Divergent Repetition

Medium

Tests for training data leaks through repetitive pattern exploitation that causes model divergence

64.44%

Excessive Agency

Medium

Tests for unauthorized actions beyond defined system boundaries

37.78%

False Information (Hallucination)

Medium

Tests for fabrication of false or misleading information

37.78%

WMD Content

High

Tests handling of WMD-related content

15.56%

Child Exploitation

Critical

Tests handling of child exploitation content

11.11%

IP Violations

Low

Tests handling of intellectual property violations

26.67%

Cybercrime

Low

Tests handling of cybercrime-related content

24.44%

Malicious Code

Low

Tests creation of malicious code

31.11%

Graphic Content

Medium

Tests handling of graphic or violent content

28.89%

Harassment

Low

Tests handling of harassment and bullying content

44.44%

Hate Speech

Critical

Tests handling of hate speech and discriminatory content

15.56%

Illegal Activity

Medium

Tests handling of general illegal activities

17.78%

Drug-Related Content

Medium

Tests handling of illegal drug-related content

31.11%

Methamphetamine Content

Low

Tests handling of methamphetamine-related content

24.44%

Weapons Content

Medium

Tests handling of weapons-related content

15.56%

Personal Attacks

Low

Tests handling of personal attacks and insults

26.67%

IP Theft

Medium

Tests handling of IP theft and violations

35.56%

Disinformation Campaigns

Medium

Tests handling of false information campaigns

15.56%

Non-Violent Crime

Medium

Tests handling of non-violent criminal content

13.33%

Profanity

Low

Tests handling of profane or inappropriate language

37.78%

Extremist Content

Low

Tests handling of extremist content and recruitment

24.44%

Self-Harm

Critical

Tests handling of self-harm and suicide content

42.22%

Sexual Crime Content

High

Tests handling of sexual crime content

11.11%

Explicit Content

Medium

Tests handling of explicit sexual content

17.78%

Unauthorized Advice

Medium

Tests handling of unauthorized professional advice

17.78%

Dangerous Activity Content

Low

Tests handling of dangerous activity instructions

28.89%

Violent Crime Content

High

Tests handling of violent crime content

26.67%

Improvised Explosive Devices

Low

Tests handling of Improvised Explosive Devices

24.44%

Resource Hijacking

High

Tests for unauthorized resource usage and purpose deviation

53.33%

Entity Impersonation

Low

Tests for unauthorized impersonation of entities

44.44%

Overreliance

Low

Tests for overreliance on system assumptions

44.44%

PII via Direct Exposure

High

Tests for direct PII exposure vulnerabilities

37.78%

Pliny Prompt Injections

Medium

Tests handling of Pliny prompt injections

Political Bias

Low

Tests handling of political content and bias

37.78%

Religious Bias

Low

Tests handling of religious content and bias

44.44%

ASCII Smuggling22.22%

Low

Tests vulnerability to Unicode tag-based instruction smuggling attacks

BeaverTails Dataset22.22%

Low

Tests handling of malicious prompts from the BeaverTails dataset

Unauthorized Commitments44.44%

Medium

Tests for unauthorized contractual commitments and legal exposure

CyberSecEval Dataset0%

Medium

Tests prompt injection attacks from Meta's CyberSecEval dataset

Divergent Repetition64.44%

Medium

Tests for training data leaks through repetitive pattern exploitation that causes model divergence

Excessive Agency37.78%

Medium

Tests for unauthorized actions beyond defined system boundaries

False Information (Hallucination)37.78%

Medium

Tests for fabrication of false or misleading information

WMD Content15.56%

High

Tests handling of WMD-related content

Child Exploitation11.11%

Critical

Tests handling of child exploitation content

IP Violations26.67%

Low

Tests handling of intellectual property violations

Cybercrime24.44%

Low

Tests handling of cybercrime-related content

Malicious Code31.11%

Low

Tests creation of malicious code

Graphic Content28.89%

Medium

Tests handling of graphic or violent content

Harassment44.44%

Low

Tests handling of harassment and bullying content

Hate Speech15.56%

Critical

Tests handling of hate speech and discriminatory content

Illegal Activity17.78%

Medium

Tests handling of general illegal activities

Drug-Related Content31.11%

Medium

Tests handling of illegal drug-related content

Methamphetamine Content24.44%

Low

Tests handling of methamphetamine-related content

Weapons Content15.56%

Medium

Tests handling of weapons-related content

Personal Attacks26.67%

Low

Tests handling of personal attacks and insults

IP Theft35.56%

Medium

Tests handling of IP theft and violations

Disinformation Campaigns15.56%

Medium

Tests handling of false information campaigns

Non-Violent Crime13.33%

Medium

Tests handling of non-violent criminal content

Profanity37.78%

Low

Tests handling of profane or inappropriate language

Extremist Content24.44%

Low

Tests handling of extremist content and recruitment

Self-Harm42.22%

Critical

Tests handling of self-harm and suicide content

Sexual Crime Content11.11%

High

Tests handling of sexual crime content

Explicit Content17.78%

Medium

Tests handling of explicit sexual content

Unauthorized Advice17.78%

Medium

Tests handling of unauthorized professional advice

Dangerous Activity Content28.89%

Low

Tests handling of dangerous activity instructions

Violent Crime Content26.67%

High

Tests handling of violent crime content

Improvised Explosive Devices24.44%

Low

Tests handling of Improvised Explosive Devices

Resource Hijacking53.33%

High

Tests for unauthorized resource usage and purpose deviation

Entity Impersonation44.44%

Low

Tests for unauthorized impersonation of entities

Overreliance44.44%

Low

Tests for overreliance on system assumptions

PII via Direct Exposure37.78%

High

Tests for direct PII exposure vulnerabilities

Pliny Prompt Injections0%

Medium

Tests handling of Pliny prompt injections

Political Bias37.78%

Low

Tests handling of political content and bias

Religious Bias44.44%

Low

Tests handling of religious content and bias

Total Tests: 39

Critical: 3High: 5Medium: 15Low: 16

Our evaluation included over 1,600 test probes across four security categories. The analysis revealed both strengths and areas requiring additional safety measures:

Security & Access Control

50% Pass Rate

Protection against unauthorized access, data exposure, and system vulnerabilities

72 failed probes

Compliance & Legal

24% Pass Rate

Assessment of compliance with legal requirements and prevention of illegal content

545 failed probes

Trust & Safety

24% Pass Rate

Prevention of harmful content and protection of user safety

378 failed probes

Brand

39% Pass Rate

Protection of brand integrity and prevention of misuse

218 failed probes

Standards

Security analysis of Grok 4 against industry-standard frameworks for Large Language Models

OWASP Top 10 for LLMs (2025) and MITRE ATLAS represent the primary security assessment frameworks for large language models. OWASP focuses on critical deployment risks, while ATLAS maps adversarial techniques against AI systems, similar to the MITRE ATT&CK framework for traditional systems.

The Grok 4 model's evaluation against these frameworks reveals several areas requiring attention across 6 identified findings. While Grok 4 has no critical vulnerabilities, high-severity issues should be prioritized for improvement.

High-severity concerns include LLM02: Sensitive Information Disclosure.

MITRE ATLAS identified Jailbreak as high-severity concerns.

OWASP Top 10 for LLMs 2025 - Grok 4 Assessment

High Risk Areas

LLM02: Sensitive Information Disclosure

Moderate Risk Areas

LLM06: Excessive Agency

LLM09: Misinformation

MITRE ATLAS Findings for Grok 4

High Severity Findings

Jailbreak

Moderate Severity Findings

Prompt Injections

Erode ML Model Integrity

Statistical Analysis

Comprehensive breakdown of test results across 39 security test categories

Total Test Categories

Average Pass Rate

28.2%

Critical Issues

Severity Distribution

critical3 tests

high5 tests

medium15 tests

low16 tests

Performance Summary

Security & Access Control

77%

Compliance & Legal

26%

Trust & Safety

31%

Brand

66%

Worst Performing Tests

CyberSecEval Dataset

Tests prompt injection attacks from Meta's CyberSecEval dataset

Pliny Prompt Injections

Tests handling of Pliny prompt injections

Child Exploitation

Tests handling of child exploitation content

11.11%

Sexual Crime Content

Tests handling of sexual crime content

11.11%

Non-Violent Crime

Tests handling of non-violent criminal content

13.33%

Best Performing Tests

Divergent Repetition

Tests for training data leaks through repetitive pattern exploitation that causes model divergence

64.44%

Resource Hijacking

Tests for unauthorized resource usage and purpose deviation

53.33%

Entity Impersonation

Tests for unauthorized impersonation of entities

44.44%

Religious Bias

Tests handling of religious content and bias

44.44%

Overreliance

Tests for overreliance on system assumptions

44.44%

Key Observations

Strengths

Strong performance in handling Divergent Repetition (64.44% pass rate)
Effective prevention in Resource Hijacking (53.33%)
Consistent performance across critical security tests

Areas for Improvement

Low pass rate (0%) for CyberSecEval Dataset
3 critical severity issues identified
Average pass rate of 28.2% indicates room for improvement