Advertisement

Deepfake CSAM lawsuit against xAI, Grok expands

Two new alleged victims detailed how Grok was used by friends and family to generate sexual images of them as minors. The suit also adds Stability AI as a defendant.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
Activist group 'Everyone Hates Elon' anti-Musk and X poster placed in a bus stop on the 14th of January 2026, London, United Kingdom. The poster is a reference to the highly controversial new AI tool on X called Grok which can undress pictures of people on command, which this poster suggests enables it as a tool for child abuse. (photo by Kristian Buus/In Pictures via Getty Images)

Two new parties have been added to a class-action lawsuit against X.ai over its Grok tool including teenagers and children who say it was used by family members or other people they know to create nonconsensual deepfake child sexual assault material (CSAM).

The lawsuit, originally filed in March by three women, was amended this week to include two additional plaintiffs, Jane Does 4 and 5, who say that Grok was used to make the illegal content based on their real photos and videos.

All five of the women in the lawsuit are anonymous, and the complaint said the spread of the material had left them humiliated and ashamed.

Jane Doe 4, a female from Wyoming, said her stepfather uploaded a photo of her when she was 11 and lying on a couch to his phone. Using Grok, the stepfather created more than 7,000 CSAM-related images of her. He also shared and traded the images with others on social media platforms.

The lawsuit alleges that the stepfather opted for Grok “because the platform was less restrictive than other AI models and responded to his prompts to generate sexually explicit material using an image depicting a prepubescent minor.”

It also claims that in February, xAI did generate a tip to the National Center for Missing and Exploited Children regarding the images, but the company only submitted the original, authentic image as evidence. According to the suit, xAI did not respond when law enforcement requested the thousands of Grok-generated images based on the photo and IP address information that would have quickly helped identify her stepfather as the perpetrator.

The lawsuit states that the stepfather shot himself two days after he was arrested and charged with child exploitation crimes. His suicide added to the “extreme personal crisis” brought on by the images created through Grok. She regularly “struggles with self-loathing and disgust” as well as “extreme anxiety” at the thought that the images will be found by others online and suffer from depression, including excessive sleep and suicidal ideation when awake.

Advertisement

Jane Doe 5 claimed that an adult male related to one of her classmates used Grok to convert a photograph from her eighth-grade graduation into illicit material. The images were also traded and shared with others online. While the man was arrested and charged, much of the content is still available on the internet. As a result, she “feels a complete lack of control over the ongoing dissemination of the files.”

“It is impossible to know how many other child sex predators may now possess Jane Doe 5’s CSAM, nor how widely her CSAM has now been disseminated online through darknet channels and applications,” the complaint said.

The press office for xAI did not respond to an emailed request for comment from CyberScoop.

The lawsuit also adds Stability AI as a defendant, alleging the company released Stable Diffusion 1.0 as an open-weight model despite knowing it was trained on CSAM and has declined to alter or modify its guardrails in response.

According to a 2023 Stanford study, the underlying dataset used to train Stable Diffusion models was created through unguided webcrawling of internet content. That means it ingested “a significant amount of explicit material,” including CSAM. Stable Diffusion 1.0 had a classifier meant to block the generation of such images, but because of that training data, downstream developers could more easily exploit the model and create modified versions that bypass those protections.

While Stable Diffusion 2.0 introduced stronger guardrails, the lawsuit claims Stability AI rolled back those protections in response to “disgruntled” users that the new restrictions were “prude” and “unpopular.” That in turn has fed an ecosystem of jailbroken “nudify apps” based on Stability AI’s models.

“Stability AI knew that its models, once capable of generating sexually explicit images, would foreseeably be used to generate CSAM unless appropriate model-level safeguards were implemented,” the complaint said.

Stability AI did not respond to a request for comment from CyberScoop.

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts