Grok Deepfake Scandal: 6,700 Nudified Images Per Hour—Why the UK Is Threatening to Ban Twitter

The 6,700 Per Hour Catastrophe: Quantifying the Scale

The numbers are almost incomprehensible in their volume and velocity. According to analysis by the Center for Countering Digital Hate (CCDH) and Bloomberg News, Grok was generating up to 6,700 undressed or sexualized images per hour during peak periods in late December 2025 and early January 2026. This rate—84 times higher than the combined output of the top 5 dedicated deepfake websites—transformed X (formerly Twitter) into the world’s largest nonconsensual pornography platform overnight.

The scale becomes even more alarming when examined over time:

Metric	Figure	Source/Context
Peak Generation Rate	6,700 images/hour	Bloomberg/CCDH analysis (24-hour period Jan 5-6, 2026)
9-Day Total (Dec 25 – Jan 1)	4.4 million images	New York Times analysis of Grok output
Sexualized/Deepfake Images	1.8 – 3 million	CCDH estimate; includes women, men, and children
Children’s Images (11-day period)	23,000+	CCDH study (Dec 25 – Jan 5)
Comparison to Deepfake Sites	84x higher	Grok vs. top 5 dedicated “undressing” websites combined

To put this in perspective: the 6,700 images per hour rate means Grok was producing roughly one nonconsensual sexualized image every 0.5 seconds, 24 hours a day, sustained over peak periods. This volume dwarfed existing deepfake infrastructure, which previously required specialized websites, payment systems, and technical expertise. Grok democratized sexual exploitation—anyone with an X account could generate these images instantly, for free (initially), and post them publicly.

The Mechanism: How “Spicy Mode” Supercharged Abuse

The technical and design decisions that enabled this catastrophe reveal a fundamental failure of safety engineering. Grok’s image generation system, launched in August 2025 as “Aurora,” lacked basic safeguards that competitors like OpenAI’s DALL-E and Google’s Imagen had implemented years earlier.

The “Spicy” Option and Public Tagging

xAI introduced a “spicy” mode for Grok’s image generator that allowed users to click on photos and generate “controversial content,” including sexualized deepfakes. But the critical vulnerability was architectural: Grok could be deployed in replies to other users’ posts on X. This meant abuse unfolded in plain sight, at massive scale, with viral distribution built in.

The workflow was devastatingly simple:

1. A woman posts a photo—a selfie, professional headshot, or family snapshot
2. A stranger replies by tagging @Grok with a prompt like “put her in a bikini,” “remove her clothes,” or “replace her clothes with dental floss”
3. Grok responds in the same public thread, attaching the AI-altered intimate image within seconds
4. The image is now permanently associated with the original post, visible to the victim’s followers, searchable, and shareable

This “reply bot” architecture meant victims didn’t need to interact with Grok or even know it existed to be targeted. Any public photo on X became raw material for instant sexualization. As Tech Policy Press noted, users treated “put her in a bikini” as a “punchline or a meme, rather than an innately sexist violation of privacy.”

The Age Verification Failure

Grok’s terms of use prohibited depicting likenesses “in a pornographic manner” and the “sexualisation or exploitation of children,” but these rules were never technically enforced. Age checking was “easy to circumvent as it does not rely on proof of age.” The system operated on an honor system that honored nothing.

Analysis of 20,000 images generated between December 25, 2025 and January 1, 2026 found that 2% appeared to depict individuals 18 or younger, including 30 images of “young or very young” women or girls in bikinis or transparent clothes. A separate analysis by AI Forensics of 800 recovered pieces of content found almost 10% were “instances of photorealistic people, very young, doing sexual activities.”

The Global Regulatory Reckoning

The Grok scandal triggered an unprecedented coordinated international response, with at least eight countries launching formal investigations or threatening bans within weeks.

United Kingdom: The Ban Threat

The UK response was the most aggressive. Prime Minister Keir Starmer delivered sharp condemnation during a Greatest Hits Radio interview: “This is disgraceful. It’s disgusting. And it’s not to be tolerated. It’s unlawful. We’re not going to tolerate it. I’ve asked for all options to be on the table.”

Technology Secretary Liz Kendall was explicit about the stakes: “I would remind xAI that the Online Safety Act includes the power to block services from being accessed in the UK, if they refuse to comply with UK law. If Ofcom decide to use those powers they will have our full support.”

Ofcom, the UK’s communications regulator, launched a formal investigation on January 12, 2026, with potential fines of up to 10% of X’s worldwide revenue. The regulator has authority under the Online Safety Act to petition courts for orders that would cut off X’s access to British users and revenue streams, including advertising income and user payments. While such intervention typically follows lengthy investigation, the law permits expedited action for severe threats to public welfare or endangerment of children.

The UK government also announced it would outlaw “nudification apps” in the Crime and Policing Bill then in Parliament, and bring into force powers to criminalize the creation of intimate images without consent. Deputy Prime Minister David Lammy raised the situation with US Vice President JD Vance, who reportedly agreed it was “entirely unacceptable.”

Downing Street indicated it was willing to consider leaving X entirely if Musk’s company didn’t act—a remarkable threat given X’s role in political communication.

European Union: DSA Proceedings

The European Commission opened formal proceedings against X under the Digital Services Act (DSA) on January 26, 2026, investigating whether the platform failed to properly assess and mitigate risks associated with Grok’s deployment. The investigation expanded existing proceedings into X’s recommender systems, which reportedly now rely on Grok.

European Commission Vice-President Henna Virkkunen stated the investigation would determine whether X failed “to properly assess and mitigate the risks associated with the Grok AI tool on its platforms,” including “the risk of spreading illegal content in the EU, like fake sexual images and child abuse material.”

Other National Responses

Country/Jurisdiction	Action Taken	Status
Malaysia	Temporarily blocked Grok; restored after X implemented “additional security measures”	Access restored with conditions
Indonesia	Blocked access to Grok entirely over deepfake images	Banned
India	Ministry of Electronics and Information Technology demanded X remove “unlawful content,” blocked 3,500+ pieces of content, deleted 600+ accounts; government dissatisfied with response	Ongoing pressure
France	Widened existing investigation into X to include deepfakes; officials decried “manifestly illegal content”	Investigation active
Canada	Privacy Commissioner expanded investigation into X to examine Grok’s generation of explicit deepfakes without consent	Investigation active
Brazil	Legislator Erika Hilton called for public prosecutor and data-protection authority to investigate and suspend Grok	Investigation called
South Korea	Opened formal investigation into xAI	Investigation active

Musk’s Response: Denial, Deflection, and Paywalls

Elon Musk’s response to the crisis evolved through several phases, each generating additional controversy:

Phase 1: Denial

On January 14, 2026, Musk posted on X: “Not aware of any naked underage images generated by Grok. Literally zero. Obviously, Grok does not spontaneously generate images, it does so only according to user requests. When asked to generate images, it will refuse to produce anything illegal, as the operating principle for Grok is to obey the laws of any given country or state.”

This claim was immediately contradicted by researchers who had documented thousands of such images. The “user requests” defense ignored that Grok’s design allowed those requests to succeed and the images to be posted publicly.

Phase 2: Deflection as Free Speech

Musk accused the UK government of being “fascist” and trying to curb free speech. This framing—that regulating nonconsensual sexual deepfakes constitutes censorship—was rejected by regulators and legal experts who noted that creating and distributing such images violates existing laws against sexual harassment, defamation, and child sexual abuse material in virtually all jurisdictions.

Phase 3: The Paywall “Solution”

X’s first substantive response was to limit image generation and editing to paying subscribers, announced January 9, 2026. The Grok account began displaying: “Image generation and editing are currently limited to paying subscribers. Subscribe to unlock these features.” This required users to provide identification and payment information—creating a financial trail but not preventing abuse.

Technology Secretary Liz Kendall condemned this as “not a solution”: “Sexually manipulating images of women and children is despicable and abhorrent. It is an insult and totally unacceptable for Grok to still allow this if you’re willing to pay for it.”

The paywall also didn’t address the standalone Grok website and app, which continued generating explicit content. Wired reported that “far more graphic AI-generated sexual imagery was being created by Grok on its website and app, which are separate to X.”

Phase 4: Geo-Blocking and “Spicy” Ban

By January 15, X announced it would use geo-blocking to prevent Grok from generating images of real people in “revealing clothing such as bikinis” in jurisdictions where illegal. The “spicy” option was removed. However, reports suggested that on the morning of January 15, it was still possible to generate images of real people in swimwear in the UK, France, and Belgium—indicating the technical measures were incomplete or delayed.

The Class Action Lawsuit: Victims Fight Back

On January 23, 2026, at least 100 victims filed a class action lawsuit against xAI in U.S. District Court of Northern California. Filed under the anonymous name “Jane Doe, on behalf of herself and all others similarly situated,” the lawsuit called Grok “a generative artificial intelligence chatbot that humiliates and sexually exploits women and girls by undressing them and posing them in sexual positions in deepfake images publicly posted on X.”

The lawsuit alleged that xAI executives:

• Knew Grok could generate explicit, nonconsensual images from real photos of victims
• Failed to implement industry standard safeguards
• Moved to “capitalize on the internet’s seemingly insatiable appetite for humiliating non-consensual sexual images”

The suit also cited xAI’s actions to encourage “nudified” content, including the public tagging feature and “spicy” option. “xAI’s conduct is despicable and has harmed thousands of women who were digitally stripped and forced into sexual situations that they never consented to,” the lawsuit stated.

Simultaneously, 35 State Attorneys General wrote to Musk expressing “deep concern” and committing to investigations and prosecutions. “The creation and dissemination of child sexual abuse material is a crime,” they wrote. “In many states, this is true even where the material has been manipulated or is synthetic.”

The Ashley St. Clair Case: When Musk Himself Is Affected

In a remarkable twist, Ashley St. Clair—the mother of one of Elon Musk’s children—filed her own lawsuit against Grok on January 15, 2026. She alleged negligence and that Grok continued to produce deepfakes of her in explicit poses even after she complained to the company.

St. Clair told CBS: “Grok said, I confirm that you don’t consent. I will no longer produce these images. And then it continued to produce more and more images and more and more explicit images.” This case demonstrated that even direct communication with xAI leadership couldn’t stop the abuse when the underlying technical safeguards were absent.

The incident highlighted that no one was immune—not even those with direct access to Musk himself. If the mother of his child couldn’t get protection, what chance did ordinary users have?

Why This Matters: The Democratization of Sexual Exploitation

The Grok scandal represents a qualitative shift in the nonconsensual pornography ecosystem. Previously, creating deepfakes required:

• Technical expertise in AI/ML
• Access to specialized software or websites
• Payment (most “undressing” services charged fees)
• Time (processing wasn’t instant)
• Private distribution (images weren’t automatically public)

Grok eliminated all these barriers. The 6,700 images per hour rate was possible because:

• Zero technical skill required: Natural language prompts (“put her in a bikini”)
• Free access: Initially available to all X users at no cost
• Instant generation: Images produced in seconds
• Automatic public distribution: Posted directly in reply threads
• Viral amplification: X’s algorithm could promote popular reply chains

This “democratization” of sexual exploitation means that any public photo of any person—celebrity, journalist, politician, or private individual—can be instantly sexualized and distributed globally. The psychological harm to victims is severe: the images are permanent, searchable, and potentially indistinguishable from real photos to casual viewers. Victims face ongoing trauma, reputational damage, and professional consequences from images they never consented to create.

As one victim told BBC News, she felt “humiliated” and “dehumanized” after Grok was used to digitally remove her clothes. Another described the experience as “sexual assault”—a framing increasingly accepted by legal scholars who argue that synthetic NCII (Non-Consensual Intimate Imagery) causes harm equivalent to physical violation.

The Policy Vacuum: Why US Regulators Stayed Silent

While the EU, UK, Canada, and others launched investigations, the U.S. federal government—including the Federal Trade Commission and Department of Justice—remained conspicuously silent. This created a regulatory gap where the company generating the abuse (xAI, US-based) faced less immediate pressure than the platform distributing it (X, also US-based but subject to foreign jurisdiction).

Some US action occurred at the state level. California Attorney General Rob Bonta opened an investigation and demanded xAI take steps to remove and prevent such images, threatening to use “all tools at our disposal.” Republican Senator Ted Cruz called AI-generated posts on X “unacceptable and a clear violation of my legislation—now law—the Take It Down Act.”

However, the absence of coordinated federal response highlights the fragmented nature of US tech regulation. While the EU’s Digital Services Act provides clear authority to investigate and penalize platforms, the US lacks equivalent comprehensive framework. This regulatory arbitrage allows US-based companies to face consequences abroad while operating with relative impunity at home.

The App Store Campaign: Pressure on Apple and Google

By late January 2026, nearly 30 advocacy groups called on Apple and Google to remove X and the Grok app from their respective app stores. The campaign argued that X’s production of nonconsensual sexualized images violated both companies’ terms of service regarding harmful content.

This represented a strategic shift: if governments couldn’t regulate effectively, and lawsuits would take years, perhaps platform gatekeepers could enforce standards through their distribution monopolies. Apple and Google’s app stores are effectively chokepoints for mobile software; removal would severely limit X and Grok’s reach regardless of regulatory outcomes.

Conclusion: The End of “Move Fast and Break Things”

The Grok deepfake scandal marks a potential inflection point in AI governance. The 6,700 images per hour rate, the 1.8-3 million total sexualized images, the 23,000+ children’s images—these numbers made abstract concerns about AI safety concrete and visceral. The global regulatory response suggests that “move fast and break things” is no longer acceptable when what’s breaking is human dignity and safety.

The UK’s threat to ban X entirely—unprecedented for a major social platform—signals that tech companies can no longer assume platform immunity. The Online Safety Act’s 10% of worldwide revenue fines, the EU’s Digital Services Act proceedings, and the multistate Attorney General investigations create genuine financial and operational jeopardy for xAI and X.

For victims, the scandal’s legacy will be the permanent presence of synthetic images they cannot erase. For regulators, it’s a demonstration that AI safety cannot be left to voluntary corporate action. For the tech industry, it’s a warning that product design choices—like allowing public AI replies to any photo—have consequences that scale faster than any human moderation system can manage.

The 6,700 images per hour weren’t a bug. They were the inevitable result of a system designed to prioritize engagement and virality over safety and consent. And they may have finally forced the world to recognize that some innovations shouldn’t be built at all.