For the past two weeks, X has been inundated with AI-manipulated nude photos, created by the Grok AI chatbot. An alarming range of women have been affected by the non-consensual nudity, including prominent models and actresses, as well as news personalities, crime victims and even world leaders.
A Dec. 31 research paper by Copyleaks estimated that an image was posted every minute, but later tests found far more. A sample collected from 5.-6. January found 6,700 per hour over the 24-hour period.
But while public figures from around the world have rejected the choice to release the model without safeguards, there are few clear mechanisms for regulators hoping to rein in Elon Musk’s new image-manipulating system. The result has been a painful lesson in the limits of technical regulation – and a forward-looking challenge for regulators hoping to make their mark.
Unsurprisingly, the most aggressive action has come from the European Commission, which on Thursday ordered xAI to retain all documents related to its Grok chatbot. The move does not necessarily mean the commission has opened a new investigation, but it is a common precursor to such action. That’s particularly ominous given recent reporting from CNN suggesting that Elon Musk may have personally intervened to prevent safeguards from being placed on any images that could be generated by Grok.
It is unclear if X has made any technical changes to the Grok model, although the public media tab for Grok’s X account has been removed. In a statement, the company specifically condemned the use of AI tools to produce sexual images of children. “Anyone who uses or encourages Grok to make illegal content will suffer the same consequences as if they upload illegal content,” the X Safety account posted on January 3, echoing an earlier tweet by Elon Musk.
Meanwhile, regulators around the world have issued stern warnings. The U.K.’s Ofcom issued a statement on Monday, saying it was in contact with xAI and “will conduct a rapid assessment to determine whether there are potential compliance issues that warrant investigation.” In a radio interview on Thursday, British Prime Minister Keir Starmer called the phenomenon “shameful” and “disgusting” and said: “Ofcom has our full support in acting on this.”
In a post on LinkedIn, Australian e-Security Commissioner Julie Inman-Grant said her office had received a doubling of complaints related to Grok since the end of 2025. But Inman-Grant stopped short of taking action against xAI, saying only: “We will use the range of regulatory tools at our disposal to investigate and take appropriate action.”
Techcrunch event
San Francisco
|
13.-15. October 2026
By far the biggest market to threaten action is India, where Grok was the subject of a formal complaint from a member of parliament. In January, India’s communications regulator MeitY ordered X to address the issue and submit an “action taken” report within 72 hours — a deadline that was subsequently extended by 48 hours. While a report was submitted to the regulator on January 7, it is unclear whether MeitY will be satisfied with the response. If not, X could lose its safe harbor status in India, potentially severely limiting its ability to operate in the country.