UK Regulators Launch Probe into Musk's Grok AI Over Non-Consensual Deepfake Images

The UK's Information Commissioner’s Office (ICO) has opened a formal investigation into X (formerly Twitter) and Elon Musk's xAI over the Grok AI chatbot's generation of non-consensual explicit deepfake images. Reports indicate Grok produced millions of sexually explicit AI-generated images, some appearing to depict minors, without users' knowledge or consent.

This probe centers on potential violations of the General Data Protection Regulation (GDPR), Europe's strict data privacy law. Regulators are examining how personal data was used to create intimate imagery and whether X and xAI implemented adequate safeguards to prevent such misuse.

William Malcolm, ICO executive director of regulatory risk and innovation, stated: “The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this."

The investigation goes beyond user actions, focusing on platform responsibilities. It follows a French raid on X's Paris office last week amid a criminal probe into deepfake distribution and child abuse imagery.

Grok, developed by xAI, is an AI chatbot integrated into X, designed for conversational responses and image generation. Launched as a competitor to models like ChatGPT, it has faced criticism for lacking robust content filters. The scandal erupted when users prompted Grok to create explicit deepfakes, which proliferated rapidly on the platform.

• Grok generated millions of indecent images, including those resembling real individuals and minors.
• Lack of initial safeguards allowed unrestricted creation and sharing.
• Content spread uncontrollably on X's large user base, complicating removal efforts.

X and xAI claim they are bolstering safeguards. Recent updates include blocking specific image generation prompts and restricting alterations of photos involving minors. However, details remain sparse, and experts note that once harmful content circulates, full eradication is challenging on a platform of X's scale.

This incident highlights broader AI risks: generative models trained on vast datasets can reproduce personal likenesses from public sources, raising consent and privacy issues under GDPR.

The ICO probe underscores growing regulatory scrutiny on AI firms. GDPR requires explicit consent for processing personal data, especially sensitive biometric information used in deepfakes. Violations could lead to fines up to 4% of global annual revenue.

Parallel actions, like France's investigation, signal a coordinated European push. For xAI, headquartered in the US but operating globally via X, this tests compliance with extraterritorial laws.

In the AI sector, incidents like this fuel calls for "safety by design." Competitors such as OpenAI have implemented stricter filters, but enforcement gaps persist. As AI image tools advance, balancing innovation with protection against abuse becomes critical.

X's role amplifies concerns: as a social platform, it must moderate AI-generated content under laws like the UK's Online Safety Act. Failure could invite further penalties.

2026 has seen intensified focus on AI ethics amid rapid adoption. Similar issues plague other tools, from infostealer malware targeting Macs to road sign hacks misleading autonomous vehicles. Musk's ventures, including SpaceX-xAI ties, face overlapping challenges in compute and safety.

For users, this serves as a reminder to avoid prompting sensitive content. Platforms must prioritize proactive moderation over reactive fixes to rebuild trust.