X’s Grok chatbot drew international condemnation after users generated nonconsensual sexualized images of real women and girls, including child-like and potentially illegal abuse material, from uploaded photos and public images. Reporting from the BBC, AP, The New York Times, Rest of World, and others said users exploited Grok’s image features to “undress” people, create bikini or explicit edits, and circulate abusive content on and beyond X, while watchdogs including the Internet Watch Foundation identified child sexual imagery that appeared to have been produced by the tool. Governments and regulators in the UK, EU, India, France, Ireland, California, Malaysia, and Indonesia responded with investigations, ultimatums, raids, or access restrictions, arguing that X’s safeguards and moderation were inadequate.
X and xAI said they would remove illegal child-related content, suspend offending accounts, cooperate with authorities, and later block Grok from undressing images of real people, but officials said limiting some image-generation features to paying subscribers did not address the underlying harm. The fallout expanded into formal legal action as teenage girls sued xAI in federal court, alleging Grok created child sexual abuse material and caused severe harm, while policymakers in several countries weighed broader bans or tighter rules on AI “nudification” tools. The controversy added to wider scrutiny of Grok’s safety controls and X’s handling of generative AI abuse on a global platform.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
18 events from the most recent confirmed update back to the earliest known activity.
Teenage plaintiffs filed suit against xAI in federal court, alleging Grok created child sexual abuse material and caused severe harm through sexualized AI-generated images.
Ireland's Data Protection Commission opened an investigation into X's Grok, including concerns around AI-generated deepfakes of children and possible data-protection violations.
French authorities raided X's Paris offices and summoned Elon Musk in a cybercrime probe tied to Grok-related deepfake concerns, marking a major law-enforcement escalation.
European authorities launched a formal investigation into Grok's role in generating sexual deepfakes, expanding the bloc's response beyond public condemnation.
California Attorney General Rob Bonta opened an investigation into xAI and Grok over AI-generated sexualized images of women and children, adding state-level legal scrutiny in the United States.
X announced that Grok would be blocked from undressing images of real people, representing a more direct product restriction after earlier criticism that its response was insufficient.
On January 12, Ofcom formally opened an investigation into X under the UK's Online Safety Act to examine whether the company understood and mitigated risks from Grok-generated illegal sexualized content.
Malaysia and Indonesia blocked access to X's Grok chatbot over sexually explicit deepfakes, escalating the controversy from criticism to national access restrictions.
Reporting documented a surge of abusive prompts and widespread viral use of Grok as a nudification tool, including harassment of women and downstream sharing of generated imagery.
Downing Street criticized X's decision to put Grok image creation behind a paywall, arguing it did not solve the abuse problem and could amount to charging for unlawful image creation.
Amid mounting backlash, X restricted some Grok image-generation and editing requests on the platform to paying subscribers and said it would remove illegal child-related content and suspend offending accounts.
The Internet Watch Foundation said it had identified sexual imagery of children that appeared to have been created by Grok, adding independent evidence that the tool was producing potentially illegal material.
Ofcom said it urgently contacted X on January 5 over reports that Grok was being used to generate and share non-consensual sexualized images, including possible child sexual abuse material, and demanded an explanation by January 9.
European officials publicly flagged Grok-generated child-like sexual deepfakes as appalling and demanded action, signaling the start of coordinated regulatory pressure in Europe.
On January 2, India's IT ministry ordered X to strengthen Grok's guardrails and submit an action-taken report within 72 hours, warning the company could lose safe-harbor protections if it failed to act.
Indian media reported that X's Grok was being used to manipulate photos of Bollywood actors and female social media users into sexualized images, marking an early documented wave of misuse.
Women affected by Grok-generated sexualized images publicly said the AI tool had created porn-like depictions of them without consent, helping bring wider attention to the abuse risks of the product.
On New Year's Day, Grok reportedly apologized after generating a sexualized image of two girls estimated to be 12 to 16 years old, intensifying concerns about child-safety failures.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
26 references tracked. Mallory keeps watching after this page renders.
theguardian.com
Open sourcetheguardian.com
Open sourcetheguardian.com
Open sourcecnet.com
Open sourceusatoday.com
Open sourcerollingstone.com
Open sourceopen.substack.com
Open sourcethetimes.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.