Blame the User, Not the Bot

xAI is suing a Grok user over AI-CSAM content.

Sponsored by

Every 41 seconds. That, according to the Center for Countering Digital Hate (CCDH), is how often Grok generated a sexualised image of a child during an 11-day stretch over the new year. Roughly 23,000 in total. And nobody at X pulled the plug.

Now the company behind Grok is finally in court over it, not as a defendant, but as a plaintiff. On 14 July, Elon Musk’s xAI turned round and sued one of its own users.

It is one of the first times an AI company has taken legal action against a customer for what he made with its tool. The suit landed eight days after xAI’s own legal week looked a little rough. Not so coincidental, I’d say.

But xAI didn’t invent this predicament by itself. It walked into a fight the whole industry was already losing.

The Broader Battle

Take Meta, which spent 2026 losing in slow, expensive instalments.

The company insists its safety systems work. It says it removed 13 million pieces of child-exploitation content between October and December 2025, more than 96% of it flagged before anyone reported it, a figure it repeats the way a student repeats the one exam answer they’re sure of. Juries weren’t grading on effort. The verdicts kept landing anyway, each one chipping away at the old defence that a platform is just a neutral pipe for whatever its users pour through it.

The nastiest came out of Delaware, where a court decided Meta's child-safety exposure grew out of its own intentional design choices to maximise engagement, and on that basis let its insurers walk away from the bill. Build it to hook children, own what happens next.

Table 1. The pattern courts are settling into: design-defect liability. It is exactly the pattern xAI is now trying to escape.

Below the headline lawsuits sits a messier problem: a decentralised “nudify” economy that no single takedown can touch. A three-month investigation by Decode’s Adrija Bose and the civic-tech group Tattle mapped a supply chain where open-weight models on Western repositories, Chinese software, European GPU servers, venture-backed monetisation platforms and local payment agents all quietly slot together to sexualise women and minors at scale. Issue a takedown and the software just clones itself and carries on.

Costly verdicts on one side, an ungovernable underground on the other, and somehow xAI managed to plant itself on both.

It started on 29 December 2025, when xAI switched on a one-click image-editing feature. Upload a photo of a real person, ask Grok to change it. The guardrails were, to put it kindly, relaxed. Musk joined in himself, reposting bikini-edited images of Bill Gates and of his own face, the founder beta-testing the toy before the rest of the internet found the obvious darker use for it. For about a fortnight it was all framed as fun.

The British watchdog CCDH counted and extrapolated from a random sample of 20,000 images to estimate across the 4.6 million images Grok generated in that 11-day window, revealing staggering numbers: roughly 3 million sexualised images in total, which translates to about 190 every minute, with approximately 23,000 depicting children, or one every 41 seconds.

Indonesia and Malaysia blocked Grok. Ofcom, the EU and Ireland's regulator all opened investigations. California's Attorney General launched his own. In the UK, Prime Minister Keir Starmer called the conduct of Grok and X “disgusting” and “shameful.”

In response, xAI restricted the feature to paid users on 9 January, then added technical limits on 14 January.

On 14 January, pushing back on the mounting scrutiny, Musk posted on X:

“I [am] not aware of any naked underage images generated by Grok. Literally zero.”

Elon Musk, 14 January 2026

He went further, laying out a theory of blame that would resurface almost word-for-word in court. Grok, he argued, refuses illegal requests and only acts on user prompts. Anyone using it to make illegal content would face the same consequences as if they had uploaded that content themselves. And when the model does produce something it shouldn’t? “There may be times when adversarial hacking of Grok prompts does something unexpected. If that happens, we fix the bug immediately.”

In Musk’s telling, the mass production of child-abuse imagery was a bug. Six months on, the patch to this bug turns out to be a lawsuit against the customer.

The lawsuit that flips the script

The target is Terry Wayne Harwood, a 67-year-old South Carolina man arrested in February on multiple counts of sexual exploitation of a minor. On 14 July, xAI, now folded into Musk’s SpaceX and rebranded in some filings as SpaceXAI, sued him in the Northern District of Texas. The complaint says he opened accounts under false identities and kept reworking his prompts to slip past Grok’s filters.

xAI calls Harwood’s conduct a “calculated scheme to weaponize” its tool for criminal ends, and it keeps stressing that Grok’s safeguards refused him, over and over, so the blame sits with his persistence rather than the model’s design. Then, to show how seriously it takes all this, xAI reaches for its own enforcement record, 52,222 accounts suspended, 73,604 reports to the NCMEC and at least 244 arrests in 2026 alone.

Which is a strange record to wave around, because the class action xAI is currently defending against says it does roughly the opposite of help. According to the amended complaint filed on 7 July, one plaintiff’s stepfather used Grok to generate thousands of abuse images from a single photo taken when she was eleven. xAI, the filing says, sent the NCMEC exactly one report, and attached only the original, innocent photograph. Then it went quiet when investigators asked for the generated images and the IP data that would have named him instantly. The same complaint drags in Stability AI as a co-defendant and points at a 2023 Stanford study that found verified CSAM sitting in the dataset behind its open-weight Stable Diffusion model.

Sued for how the machine was built, xAI has reinvented itself as a plaintiff aggrieved by how the machine was used. The strategy looks like this.

So where does the liability land?

Courts in New Mexico and Delaware keep edging toward the idea that a product which predictably churns out harm makes its maker answerable for that harm. Regulators in Brussels and London are circling the same instinct from the statutory side.

However, the question of liability is still marred with uncertainty, which largely benefits the companies behind AI-generation tools that are being misused.

Harwood makes an ideal test case precisely because he is impossible to root for. A 67-year-old with false accounts and a stack of exploitation charges, the kind of defendant a jury would convict right away. And while looks at the users, nobody quite gets round to the machine that created CSAM material 23,000 times.

MESSAGE FROM OUR SPONSOR

The Smartest Way To Get 37 Claude Prompts Free

Subscribe to The AI Report, the free 5-minute daily AI brief that 400,000+ business leaders at IBM, AWS and Microsoft read every morning, and we'll send our 37 Claude Prompts pack free in your welcome email.

Most prompt lists are sorted by function. This one's built around the 8 situations every manager actually faces: team comms, hiring, meetings, strategy, reporting and more. Find your moment, copy the prompt, fill the brackets, run it in Claude. Managers are saving 10+ hours a week.

Join the free daily newsletter and get the prompt pack free, instantly, today. Subscribe and grab both

📬 READER FEEDBACK

💬 What are your thoughts on using AI chatbots for therapy? If you have any such experience we would love to hear from you.

Share your thoughts 👉 [email protected]

Was this forwarded to you?

Have you been targeted using AI?

Have you been scammed by AI-generated videos or audio clips? Did you spot AI-generated nudes of yourself on the internet?

Decode is trying to document cases of abuse of AI, and would like to hear from you. If you are willing to share your experience, do reach out to us at [email protected]. Your privacy is important to us, and we shall preserve your anonymity.

About Decode and Deepfake Watch

Deepfake Watch is an initiative by Decode, dedicated to keeping you abreast of the latest developments in AI and its potential for misuse. Our goal is to foster an informed community capable of challenging digital deceptions and advocating for a transparent digital environment.

We invite you to join the conversation, share your experiences, and contribute to the collective effort to maintain the integrity of our digital landscape. Together, we can build a future where technology amplifies truth, not obscures it.

For inquiries, feedback, or contributions, reach out to us at [email protected].

🖤 Liked what you read? Give us a shoutout! 📢

↪️ Become A BOOM Member. Support Us!

↪️ Stop.Verify.Share - Use Our Tipline: 7700906588

↪️ Follow Our WhatsApp Channel