Recently, Elon Musk’s AI chatbot Grok was found to be complying with users’ requests for the image generation function of “digital undressing”, which triggered global outrage (Gold, 2026b). Some female and underage users found that their images and videos were tampered with by Grok users as nude or explicit sexually suggestive content without their consent (Hays, 2026). From public figures like Taylor Swift to ordinary female users, and even minors, they may become victims of this “digital undressing” technology without knowing it (Hays, 2026).
The incident quickly aroused the attention of public opinion and regulators, but the problem it exposed was much more than an out-of-control AI function. When the platform can convert a real photo into humiliating and sexually suggestive content in a few seconds, it has become doubtful whether privacy is still a boundary that can be controlled by individuals. In a platformed digital environment, the ability to achieve privacy often requires the privilege to make choices and create structures, which is being lost (Marwick & Boyd, 2018). This means that users can’t be the rule-makers, so they can’t choose the way of privacy protection by themselves. When a private photo can be easily transformed into a content resource that can be consumed and disseminated. This means that privacy invasion has escalated into a digital security risk worthy of caution. At the same time, it further reflects the serious failure of contemporary digital rights protection.
From Collecting Data to Creating Harmful Content
In the past, digital privacy was violated mainly because some social media platforms used the “surveillance capitalism” model to collect and analyze existing users’ personal data information to make illegal profits (Flew, 2022). However, unlike the concerns about the illegal collection or leakage of privacy information, the current Grok issue also reflects that the privacy security problems behind it have developed into an abuse of privacy data. The theory of “contextual integrity” proposed by Nissenbaum (2015) believes that the definition of privacy is not simply understood as whether information is public, but whether information is properly used in its original social context. Grok automatically generates visual data information that is completely inconsistent with the user’s original image, and puts it in a communication context that is not expected by the user. In other words, it is actively “creating” highly sensitive false information. A photo generated by a user in the original context of social sharing between friends is stolen and transformed into pornographic or humiliating content, which is an inappropriate information flow (Nissenbaum, 2015). This shift from the context of social expression to the context of sexual consumption violates the “context-specific informational norms” called by Nissenbaum (2015), thus constituting a fundamental sexual invasion of privacy.
When AI can not only observe you but also freely “write” you, the traditional notice-and-consent model of privacy breaks down entirely.
How Platform Features Amplify Privacy Harm
Last year, the function called Grok Imagine or “spicy mode” released by xAI allowed Grok users to prompt it to create more sexually suggestive fake images (Hays, 2026). According to a report by The Verge, this mode “didn’t hesitate to spit out fully uncensored topless videos” of Taylor Swift without being asked to make explicit content (Weatherbed, 2025). Compared with other AI tool platforms, the generation speed and scale of this kind of content are significantly higher. In less than two weeks, Grok has created millions of sexualized pictures, including more than 20,000 children’s pictures (Center for Countering Digital Hate, 2026). This means that once the function is abused, its diffusion will have a strong effect of scale. Therefore, the transmission process is often difficult to reverse and completely delete.
Grok’s ability to modify images and videos is created and published by xAI, and its sole purpose is to promote the use of chatbots and X (Hays, 2026). Users can not only send requests to it in private conversations, but also directly tag Grok in public posts to generate content and present it to a wider audience instantly (Gold, 2026a). This highly integrated design that embeds Grok directly into the X platform makes image generation no longer a private behaviour, but is closely bound to the social communication mechanism. Therefore, the risk of these images generated by artificial intelligence is that once they enter the communication chain of social platforms, they will be quickly copied and diffused, so that the photos that originally belonged to individuals gradually leave their original boundaries of use.
When Platform Rules Fail in Practice
The claim that the responsibility for the crisis is attributed to individual behaviour ignores the decisive role played by the platform in it. Suzor (2019) pointed out that large technology platforms actually play the role of “private legislators” through their architecture, algorithms, and community guidelines, setting “secret rules” that dominate our digital life. All platforms will make decisions in their rules and technical designs, which will affect the types of content that users can publish and the types of content that can be seen (Suzor, 2019). Therefore, the content guardrail is not an additional restriction, but the core embodiment of the platform’s governance ability. Grok’s initiative to abandon the content protection system in the name of “freedom of speech” provides conditions for the generation and dissemination of these images (Gold, 2026a). In Grok’s case, this governance ability is obviously lacking. Although the acceptable use policy of xAI clearly prohibits the sexualization of real people and prohibits inappropriate content involving minors (xAI, 2025). However, if these specifications are not implemented in product design, it is still difficult to prevent the occurrence of actual injury.
Grok not only creates harm but also embeds gender bias in product design. Nearly half of the more than 4 million pictures generated and released by Spicy mode at the peak of the scandal are the sexual images of women (Hart, 2026). This transforms “gender bias” into a product logic that attracts traffic, which reflects the sexual objectification of women’s image. Grok’s large-scale automation process makes women’s personal image no longer an inviolable privacy, but a bunch of free materials that can be processed arbitrarily. According to Australian government data, up to 90% to 95% of deep pornographic content is forged without consent, and 99% of the victims are women (Attorney-General’s Department, 2025). The generation of such involuntary intimate images can be easily used for blackmail, coercion, and other criminal activities, which poses a particularly serious threat to domestic violence survivors and minors (Gerard et al., 2017). “Their lives have been shattered by the devastating loss of privacy, dignity, and personal safety,” the lawyer of the victim woman said in the complaint (Hays, 2026). This is a new type of structural violence that is difficult to describe in the traditional privacy framework.
The injury is not caused by the individual breaking through the boundaries of the system, but because the system itself lacks sufficient boundaries. When specifications stay at the text level and are not embedded in product design, it is difficult for them to constrain actual behaviour.
The Disconnect Between Legal Responses and Platform Power
Under the power of the platform, it is often difficult for victims to get effective protection in a timely manner. The victim asked for help through the platform’s reporting system, but the company behind Grok, XAI, did not respond to a request for comment except for automatically-generated replies to “legacy media lies” (Cress, 2026a). Suzor (2019) pointed out that the platform’s audit system usually only deals with obvious violations and does not have the ability to judge context, so victims are often told that these insulting content “does not violate community standards”. In the face of such rules set by private companies, individual users have little power to negotiate or appeal, and cybersecurity advocate Davis said the victim has been waiting for the past six months (Williams, 2026). Therefore, large-scale public protests that trigger regulatory intervention in investigations often become a reliable way to force platforms to take action (Suzor, 2019). Only when the incident evolves into a public relations crisis and threatens the commercial interests of the platform, will those technology giants who originally shirk the blame will quickly correct the so-called “lapses in safeguards” and delete the content (Gold, 2026a).
In the face of this crisis, the response of global regulators and legislators highlights the urgency of governance. The European Union took the lead in using the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA) to assess whether X fulfills its legal obligations to correctly assess risks and prevent the dissemination of illegal and harmful content (Flew, 2022; Cress, 2026b). The subsequent statement expressed serious doubts (Cress, 2026b). The Ofcom has also launched a formal investigation into X, focusing on whether the platform has fulfilled its statutory duties of risk assessment and rapid removal of illegal content (Cress & Liv McMahon, 2026). In the United States, the chief prosecutor of California has launched an investigation into xAI (Jamali, 2026). Three minors (including two minors) in Tennessee have filed a class action lawsuit, accusing xAI of deliberately designing Grok to allow users to create explicit pornographic content based on other people’s real photos (Hays, 2026). Malaysia and Indonesia even temporarily blocking access to Grok (Cress & Liv McMahon, 2026). These measures show that countries have become aware of the new risks posed by generative AI and have tried to deal with them through legal means.
However, when the harm comes from the design and business model selection of the platform, is it enough to solve the problem by simply punishing end users? In fact, Australia has already established a legal and regulatory framework to address image-based abuse. At the federal level, the eSafety Commissioner is responsible for handling online harms such as the non-consensual sharing of intimate images under the Enhancing Online Safety (Intimate Images and Other Measures) Act 2015 (Gerard et al., 2017). At the state level, New South Wales passed criminal legislation against image-based abuse as early as 2017, which included the act of forging images in the category of crime (Gerard et al., 2017). However, the emergence of the Grok incident shows that even with the relatively perfect existing legal system, similar injuries can still occur on a large scale. The role of national laws in the digital environment is often limited by the speed of technological development and the power structure of the platform, and its governance capacity shows an obvious lag behind (Suzor, 2019). The existing legal framework is still largely an after-the-fact response, and responsibility is investigated through investigation, punishment, or litigation after the injury has occurred. The platform will shape the possibility of user behaviour through product functions and system architecture in advance. Therefore, the current problem is that it is difficult for supervision to intervene in the technical design itself in time, and the protection of privacy and security inevitably falls into passivity.
Digital Personhood and the Future of Privacy in the Age of AI
Grok’s crisis is the starting point of a new digital rights struggle, so it needs to radically change the public’s view of privacy. Privacy security not only refers to the independent control of personal information, but also needs to protect everyone’s personality and dignity (Flew, 2022). Without permission, AI may not use or even synthesize content that is highly related to personal privacy, because it is an individual’s right to choose who has intimate images about them (Morton, 2024). This also means that the core idea of building privacy-related laws in countries needs to shift from “information protection” to “personality protection”.
The boundaries of platform responsibilities also urgently need to be re-clarified by legal and regulatory authorities. As the main body of digital ecology, the platform should take the initiative to take greater responsibility for the risks of various algorithm design that can be foreseen in advance (Suzor, 2019). At present, the user rights and interests protection mechanism with limited effectiveness of the platform needs to be continuously optimized. In the future, a more efficient content deletion mechanism and clearer accountability channels should be established. However, if the platform relies solely on post-processing, it is difficult to cope with the large-scale problems in the AI era. Therefore, it is necessary to do a good job in the security protection of private content in the stage of technical design and research and development.
According to the research on the grok case in this essay, it is proved that in the digital media environment, privacy is no longer independently selected and controlled by individuals, but is the result of the comprehensive definition of technology and platform design. If a chatbot is allowed to “take off” anyone’s clothes at will, then everyone’s digital dignity is also being stripped off one by one.
References
Attorney-General’s Department. (2025, November 3). Nation-leading changes tackling the dark side of Artificial Intelligence. Government of South Australia. https://agd.sa.gov.au/news/nation-leading-changes-tackling-the-dark-side-of-artificial-intelligence
CBCNews. (2026, January 14). These 2 countries banned Elon Musk’s Grok Ai. YouTube. https://www.youtube.com/shorts/ATou7PlVA8A
Center for Countering Digital Hate. (2026, January 22). Grok floods X with sexualized images of women and children. CCDH. https://counterhate.com/research/grok-floods-x-with-sexualized-images/
Cress, L. (2026a, January 3). Woman felt “dehumanised” after Musk’s Grok Ai used to digitally remove her clothes. BBC News. https://www.bbc.com/news/articles/c98p1r4e6m8o
Cress, L. (2026b, January 27). EU investigates Elon Musk’s X over grok ai sexual deepfakes. BBC News. https://www.bbc.com/news/articles/clye99wg0y8o
Cress, L., & Liv McMahon, L. (2026, January 13). Ofcom investigates Elon Musk’s X over grok ai sexual deepfakes. BBC News. https://www.bbc.com/news/articles/cwy875j28k0o
Flew, T. (2022). Regulating platforms. Polity Press.
Gerard, G., Ariadne, V., Kimberlee, W., Fiona, M., Webb, A., Lucy, S., & Francesco, B. (2017, November 22). Digital rights in Australia. The University of Sydney. https://ses.library.usyd.edu.au/handle/2123/17587
Gold, H. (2026a, January 9). Elon Musk’s Xai under fire for failing to rein in “digital undressing.” CNN business. https://edition.cnn.com/2026/01/08/tech/elon-musk-xai-digital-undressing
Gold, H. (2026b, January 15). Elon Musk’s grok can no longer undress images of real people on X . CNN Business. https://edition.cnn.com/2026/01/14/tech/grok-elon-musk-image-generation
Hart, R. (2026, February 3). Elon Musk’s grok is still undressing men. The Verge. https://www.theverge.com/report/872062/grok-still-undressing-men
Hays, K. (2026, March 16). Teens sue Elon Musk’s Xai over Grok’s pornographic images of them. BBC News. https://www.bbc.com/news/articles/cgk2lzmm22eo
Jamali, L. (2026, January 15). California investigates Grok over AI deepfakes. BBC News. https://www.bbc.com/news/articles/cpwnqlpw7gxo
Marwick, A. E., & Boyd, D. (2018). Understanding Privacy at the Margins: Introduction. International Journal of Communication, 1157–1165. https://link.gale.com/apps/doc/A561120196/AONE?u=usyd&sid=bookmark-AONE&xid=3df64beb
Morton, B. (2024, December 14). Speed up plans to criminalise deepfake abuse, ministers told. BBC News. https://www.bbc.com/news/articles/cq629lyvj40o
Nissenbaum, H. (2015). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831–852. https://doi.org/10.1007/s11948-015-9674-9
Pymnts. (2025, February 16). Musk: New version of Grok Ai Tool Launching Monday. PYMNTS. https://www.pymnts.com/artificial-intelligence-2/2025/musk-new-version-of-grok-ai-tool-launching-monday/
Suzor, N. P. (2019). Lawless: The secret rules that govern our digital lives. Cambridge University Press.
Weatherbed, J. (2025, August 6). Grok’s “spicy” video setting instantly made me Taylor Swift Nude Deepfakes. The Verge. https://www.theverge.com/report/718975/xai-grok-imagine-taylor-swifty-deepfake-nudes
Williams, B. A. (2026, January 14). Quicker action would have stopped Grok AI deepfakes, victim says. BBC News . https://www.bbc.com/news/articles/c98p4214577o
xAI. (2025, January 2). Acceptable use policy. xAI. https://x.ai/legal/acceptable-use-policy
xAI. (2026). Grok image generation interface. Grok. https://grok.com/imagine
Be the first to comment