AIToday

xAI sues Grok user over CSAM, blames users for AI outputs

Ars Technica AI3h ago
xAI sues Grok user over CSAM, blames users for AI outputs

Key takeaway

xAI has sued one of its users, Terry Wayne Harwood, over his use of the Grok chatbot to generate child sexual abuse material. In the lawsuit, xAI argues that users—not the company—are solely responsible for all AI-generated outputs, including illegal content. This legal move comes as xAI faces a proposed class action from victims who allege the company failed to provide law enforcement with the user information needed to identify abusers, and it represents a direct contradiction to prior claims by Elon Musk that he had not seen examples of Grok-generated CSAM.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    xAI filed a lawsuit Tuesday against Terry Wayne Harwood, a South Carolina man arrested earlier this year for possession and distribution of child sexual abuse materials (CSAM). The complaint alleges Harwood used two xAI accounts from December 8 to February 18 to generate illegal content, including sexualized images of minors, by modifying prompts to bypass Grok's safeguards.

  • Why it matters

    xAI is arguing that users alone are responsible for Grok outputs—a legal stance designed to shield the company from liability in a looming class action lawsuit. The strategy comes after victims alleged that xAI refused to provide law enforcement with user information; a 2026 National Center for Missing & Exploited Children report found that 90 percent of xAI's CyberTipline reports "were not actionable by law enforcement because xAI declined to include user information that would allow law enforcement to track and locate perpetrators."

  • What to watch

    The lawsuit frames Grok as "a neutral tool, subject to user control," which directly contradicts the U.S. Copyright Office's position that AI outputs are not human-created. If the court agrees with xAI, it could set a precedent shielding AI firms from responsibility for harmful outputs and give xAI leverage to defend against potential class actions involving thousands of victims.

In Depth

Elon Musk's xAI filed a lawsuit Tuesday against Terry Wayne Harwood, a South Carolina resident arrested earlier this year for possession and distribution of child sexual abuse materials. The complaint alleges that Harwood used two xAI accounts—identified by the usernames "ceae2cb4-a9f6-4885-8ae9-6e2096d084f4" and "befccb94-4029-454d-9f1f-0d4945e8fa7c"—to generate illegal content from December 8 to February 18. According to xAI, Harwood used the Grok chatbot to "undress" or "nudify" non-sexual images of multiple victims, including a child who appeared to be as young as 10. While Grok's safeguards sometimes refused harmful requests, the lawsuit states that Harwood successfully bypassed these defenses by modifying prompts "in clear violation of the xAI Terms of Service and of US law," though xAI did not disclose the specific techniques he employed. The company alleged that Harwood should have understood his continued use violated xAI's terms after his first violation, yet xAI does not indicate that Harwood ever received warnings his account risked penalties.

The lawsuit reflects xAI's growing legal exposure. A week before filing, a young girl filed a proposed class action alleging that her stepfather used Grok, possibly in conjunction with other AI tools, to create 7,000 sexualized images of her and distribute them on the dark web. She further alleged that when she reported her image being uploaded to Grok, xAI refused to help police identify the user. A 2026 National Center for Missing & Exploited Children (NCMEC) report corroborated this pattern: 90 percent of xAI's CyberTipline reports "were not actionable by law enforcement because xAI declined to include user information that would allow law enforcement to track and locate perpetrators." These mounting accusations directly contradict earlier statements by Musk, who on January 3 posted on X that "anyone using Grok to make illegal content will suffer the same consequences as if they upload illegal content" and claimed he had not seen examples of Grok-generated CSAM.

In its complaint, xAI argues that Harwood alone bears responsibility for his outputs and that the company should be viewed as providing "a neutral tool, subject to user control." The firm contended that "every response, every image, every generation is the result of the user's prompts and directions." xAI's terms of service prohibit users from using Grok to "undress or nudify real persons" or to "alter a real person's image or likeness to depict them in an intimate or sexual context," and also ban "depicting likenesses of persons in a pornographic manner" or "sexualizing or exploiting children." xAI alleged that Harwood flagrantly violated these rules and "went to great lengths to circumvent" Grok's "technological safeguards." The company stated it reported any discovered CSAM to NCMEC and assisted in Harwood's arrest after discovering his misuse.

If the court agrees with xAI's position, Harwood could owe substantial damages, including damages for "any real harm to third parties," xAI's "exposure to potential third-party claims and lawsuits," and "any xAI reputational harm." More broadly, such a ruling could shield xAI from liability in the proposed class action, which lawyers estimate could involve thousands of victims. However, xAI's strategy faces a potential obstacle: the U.S. Copyright Office has stated that AI outputs are not human-created, a precedent that could complicate xAI's argument that users are responsible for AI-generated content. The South Carolina attorney general's office confirmed that Harwood's criminal case is still pending, and he has been charged with "distributing, transporting, exhibiting, receiving, selling, purchasing, exchanging, or soliciting CSAM that was 'through the use of an artificial intelligence platform.'" A spokesperson was not authorized to verify if Grok was the platform in question, though xAI's complaint alleged that "upon information and belief, at least some of the images at-issue in the Harwood Criminal Action were generated or altered through Defendant's violative use of Grok."

Context & Analysis

xAI's lawsuit against Harwood marks a significant strategic shift: the company can no longer deny that Grok generates child sexual abuse material, so it is instead trying to legally establish that users—not xAI itself—bear full responsibility for AI outputs. This approach directly supports xAI's defense against a proposed class action lawsuit filed by victims, some of whom allege that xAI refused to provide law enforcement with user identification information that could have stopped perpetrators. The 2026 NCMEC report corroborates these allegations, showing that 90 percent of xAI's reports to law enforcement lacked user data, rendering them unusable for investigations. xAI's argument that Grok is merely "a neutral tool, subject to user control" faces a potential legal obstacle: the U.S. Copyright Office has already stated that AI outputs are not human-created, which could undermine xAI's liability shield if a court applies the same reasoning to criminal responsibility.

FAQ

How long was the user allegedly generating illegal content on Grok?
According to xAI's complaint, Terry Wayne Harwood used two xAI accounts to generate illegal content from December 8 to February 18.
What does xAI claim about how Harwood bypassed Grok's safeguards?
xAI alleged that Harwood modified prompts to circumvent safeguards "in clear violation of the xAI Terms of Service and of US law," though the company did not disclose the specific methods used to avoid detection.
What does xAI want the court to rule?
xAI is seeking a court ruling that users—not xAI—are liable for Grok-generated CSAM and other harmful content, and that Harwood breached his contract with the company by violating xAI's terms of service.
What did the 2026 NCMEC report say about xAI's cooperation with law enforcement?
A 2026 National Center for Missing & Exploited Children report found that 90 percent of xAI's CyberTipline reports "were not actionable by law enforcement because xAI declined to include user information that would allow law enforcement to track and locate perpetrators."

Get AI news like this every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →