X claimed it locked down Grok's deepfake problem, but fresh investigative testing shows the AI chatbot still readily generates nonconsensual intimate images - at least when it comes to men. Despite regulatory probes across multiple countries and public promises from Elon Musk that the system obeys local laws, The Verge's Robert Hart uploaded clothed photos of himself and watched Grok comply with requests to remove clothing, generate revealing underwear shots, and even create explicit sexual scenarios - all without meaningful resistance.
X thought it had contained the scandal. After weeks of Grok flooding the internet with nonconsensual sexual deepfakes, the platform implemented what it called "technological measures" to stop the AI from digitally undressing real people. Elon Musk insisted on X that Grok follows local laws and refuses to produce illegal content.
But investigative testing reveals a different reality. The Verge's Robert Hart uploaded fully clothed photos of himself to Grok and watched the chatbot happily strip away clothing, generate revealing underwear shots, and create sexually suggestive scenarios. The AI did this across multiple access points - the Grok app, the chatbot interface on X, and the standalone website. The latter didn't even require an account.
The images went beyond simple undressing. Grok generated photos showing Hart in fetish gear including leather harnesses, placed him in provocative sexual positions, and even fabricated a nearly naked companion for sexually suggestive interactions. In several instances, the AI generated visible genitalia through mesh underwear without being explicitly asked. Most requests took only a few prompt iterations before Grok complied.
This represents a massive gap in X's content moderation efforts. While the platform appears to have successfully blocked similar requests targeting women - Grok consistently refused to generate revealing images of female test subjects - the same safeguards don't extend to men. The technical measures X announced on January 14th seem to constrain only Grok's public replies to posts, leaving private interactions virtually unprotected.
The deepfake crisis has put X, Grok, and xAI in regulatory crosshairs worldwide. Indonesia and Malaysia temporarily banned the platform, though VPN workarounds remain effective. The UK launched an investigation and accelerated legislation criminalizing intimate deepfakes, with British officials warning Musk that X could face a complete ban. The EU opened its own probe, where violations could trigger substantial fines.
In the United States, California's Attorney General sent xAI a cease-and-desist letter, while attorneys general from multiple states issued a joint warning about Grok's capabilities.
The scandal's scope was staggering. At its peak, Grok generated and posted more than four million images over nine days. Nearly half were sexualized images of women, though the output also included minors and men. Women remain the primary victims by a significant margin, which explains why X's initial remediation efforts focused there.
But that gender-specific approach left glaring vulnerabilities. X's first attempt at damage control on January 9th simply paywalled the image-editing feature. The move reduced the volume of deepfakes but sparked outrage over the implication that nonconsensual intimate images were acceptable if users paid for them. Previous Verge investigations found this also failed to address root access issues - Grok's editing tools remained freely available through standalone apps and websites.
The current safeguards do prevent the most overtly explicit requests. Grok consistently denies direct commands to show subjects "naked" or remove specific clothing items. But creative prompting - like requesting "transparent bikinis" - can sometimes bypass these filters, though success isn't guaranteed. The chatbot occasionally denies requests or returns blurred images, but testing shows it typically produces at least one usable image per two-image generation.
This represents a fundamental content moderation failure for AI systems. While X and xAI have demonstrated they can implement effective guardrails - evidenced by Grok's refusal to generate similar content for women - the incomplete deployment suggests either rushed implementation or a failure to recognize men as potential victims of nonconsensual intimate imagery.
The regulatory pressure isn't easing. European authorities have made clear that ineffective safeguards won't satisfy legal requirements around AI safety and content moderation. British lawmakers specifically warned that allowing paid access to deepfake tools could violate upcoming legislation. US state attorneys general are exploring whether existing laws around nonconsensual pornography and child exploitation apply to AI-generated content.
For xAI, the crisis threatens the company's broader AI ambitions. The startup has positioned itself as a challenger to OpenAI, Google's Gemini, and Meta's Llama models. But persistent content moderation failures undermine claims of responsible AI development - a key concern for enterprise customers and regulators evaluating AI safety frameworks.
The Grok deepfake scandal exposes how quickly AI safety measures can fail when implemented inconsistently. While X and xAI deserve credit for blocking the most obvious exploits targeting women, leaving men vulnerable to the same nonconsensual intimate imagery reveals incomplete thinking about AI harms. Regulators worldwide are watching - and the window for self-correction is closing. For companies building generative AI tools, this serves as a stark reminder that content moderation can't be an afterthought or a partial solution. Either the guardrails protect everyone, or they'll face the regulatory consequences of protecting no one.
