Grok, the built-in chatbot on X, is facing intense scrutiny after acknowledging it generated and shared an AI image depicting two young girls in sexualized attire.

In a public post on X, Grok admitted the content “violated ethical standards” and “potentially U.S. laws on child sexual abuse material (CSAM).” The chatbot added, “It was a failure in safeguards, and I’m sorry for any harm caused. xAI is reviewing to prevent future issues.”

That admission alone is alarming. What followed revealed a far broader pattern.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

OPENAI TIGHTENS AI RULES FOR TEENS BUT CONCERNS REMAIN

Grok quietly restricts image tools to paying users after backlash

As criticism mounted, Grok confirmed it has begun limiting image generation and editing features to paying subscribers only. In a late-night reply on X, the chatbot stated that image tools are now locked behind a premium subscription, directing users to sign up to regain access.

The apology that raised more questions

Grok’s apology appeared only after a user prompted the chatbot to write a heartfelt explanation for people lacking context. In other words, the system did not proactively address the issue. It responded because someone asked it to.

Around the same time, researchers and journalists uncovered widespread misuse of Grok’s image tools. According to monitoring firm Copyleaks, users were generating nonconsensual, sexually manipulated images of real women, including minors and well-known figures.

After reviewing Grok’s publicly accessible photo feed, Copyleaks identified a conservative rate of roughly one nonconsensual sexualized image per minute, based on images involving real people with no clear indication of consent. The firm says the misuse escalated quickly, shifting from consensual self-promotion to large-scale harassment enabled by AI.

Copyleaks CEO and co-founder Alon Yamin said, “When AI systems allow the manipulation of real people’s images without clear consent, the impact can be immediate and deeply personal.”

PROTECTING KIDS FROM AI CHATBOTS: WHAT THE GUARD ACT MEANS

Sexualized images of minors are illegal

This is not a gray area. Generating or distributing sexualized images of minors is a serious criminal offense in the United States and many other countries. Under U.S. federal law, such content is classified as child sexual abuse material. Penalties can include five to 20 years in prison, fines up to $250,000 and mandatory sex offender registration. Similar laws apply in the U.K. and France.

In 2024, a Pennsylvania man received nearly eight years in prison for creating and possessing deepfake CSAM involving child celebrities. That case set a clear precedent. Grok itself acknowledged this legal reality in its post, stating that AI images depicting minors in sexualized contexts are illegal.

The scale of the problem is growing fast

A July report from the Internet Watch Foundation, a nonprofit that tracks and removes child sexual abuse material online, shows how quickly this threat is accelerating. Reports of AI-generated child sexual abuse imagery jumped by 400% in the first half of 2025 alone. Experts warn that AI tools lower the barrier to potential abuse. What once required technical skill or access to hidden forums can now happen through a simple prompt on a mainstream platform.

Real people are being targeted

The harm is not abstract. Reuters documented cases where users asked Grok to digitally undress real women whose photos were posted on X. In multiple documented cases, Grok fully complied. Even more disturbing, users targeted images of a 14-year-old actress Nell Fisher from the Netflix series “Stranger Things.” Grok later admitted there were isolated cases in which users received images depicting minors in minimal clothing. In another Reuters investigation, a Brazilian musician described watching AI-generated bikini images of herself spread across X after users prompted Grok to alter a harmless photo. Her experience mirrors what many women and girls are now facing.

Governments respond worldwide

The backlash has gone global. In France, multiple ministers referred X to an investigative agency over possible violations of the EU’s Digital Services Act, which requires platforms to prevent and mitigate the spread of illegal content. Violations can trigger heavy fines. In India, the country’s IT ministry gave xAI 72 hours to submit a report detailing how it plans to stop the spread of obscene and sexually explicit material generated by Grok. Grok has also warned publicly that xAI could face potential probes from the Department of Justice or lawsuits tied to these failures.

LEAKED META DOCUMENTS SHOW HOW AI CHATBOTS HANDLE CHILD EXPLOITATION

Concerns grow over Grok’s safety and government use

The incident raises serious concerns about online privacy, platform security and the safeguards designed to protect minors.

Elon Musk, the owner of X and founder of xAI, had not offered a public response at the time of publication. That silence comes at a sensitive time. Grok has been authorized for official government use under an 18-month federal contract. This approval was granted despite objections from more than 30 consumer advocacy groups that warned the system lacked proper safety testing.

Over the past year, Grok has been accused by critics of spreading misinformation about major news events, promoting antisemitic rhetoric and sharing misleading health information. It also competed directly with tools like ChatGPT and Gemini while operating with fewer visible safety restrictions. Each controversy raises the same question. Can a powerful AI tool be deployed responsibly without strong oversight and enforcement?

What parents and users should know

If you encounter sexualized images of minors or other abusive material online, report it immediately. In the United States, you can contact the FBI tip line or seek help from the National Center for Missing & Exploited Children.

Do not download, share, screenshot or interact with the content in any way. Even viewing or forwarding illegal material can expose you to serious legal risk.

Parents should also talk with children and teens about AI image tools and social media prompts. Many of these images are created through casual requests that do not feel dangerous at first. Teaching kids to report content, close the app and tell a trusted adult can stop harm from spreading further.

Platforms may fail. Safeguards may lag. But early reporting and clear conversations at home remain one of the most effective ways to protect children online.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com       

Kurt’s key takeaways

The Grok scandal highlights a dangerous reality. As AI spreads faster, these systems amplify harm at an unprecedented scale. When safeguards fail, real people suffer, and children face serious risk. At the same time, trust cannot depend on apologies issued after harm occurs. Instead, companies must earn trust through strong safety design, constant monitoring and real accountability when problems emerge.

Should any AI system be approved for government or mass public use before it proves it can reliably protect children and prevent abuse? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.

In one case that experts described as “really dangerous”, Google wrongly advised people with pancreatic cancer to avoid high-fat foods. Experts said this was the exact opposite of what should be recommended, and may increase the risk of patients dying from the disease.

In another “alarming” example, the company provided bogus information about crucial liver function tests, which could leave people with serious liver disease wrongly thinking they are healthy.

Email scams have become one of the fastest ways scammers steal money from older adults. A single click can expose bank accounts, personal data and retirement savings built over a lifetime. That growing risk is what prompted Bob to write to us with a question many families are now facing:

“My friend’s father is 95 and absolutely lives through his phone/laptop. He refuses to give up either and often clicks on email links. A few years ago, he got caught up in a gift card scam that almost cost him his life savings. It’s not taking away the car keys anymore; it is taking away the email and access to online banking! What do you recommend that his daughter do to protect his online presence?”

Bob is right. For many seniors, email and online banking have replaced car keys as the most dangerous access point. The goal is not to take devices away. It is to quietly put guardrails in place so one bad click does not turn into a financial disaster.

Here is a practical plan families can actually use.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

 1) Separate money from daily email use

Start by limiting how much damage a single click can cause. If possible, remove online banking access from the devices used for email. When that is not realistic, open a second checking account with only everyday spending money and link it to a debit card for routine purchases.

Keep primary savings accounts offline or set to view-only access. If available, require in-branch or phone verification for transfers above a set amount. This way, even if credentials are compromised, the largest accounts remain protected. 

2) Lock down email to stop scams targeting seniors

Email is the number one entry point for scams targeting seniors. Strong filtering matters. Use an email provider with advanced spam protection, such as Gmail or Outlook.com. In the email settings:

• Turn off automatic image loading
• Disable link previews
• Block or auto-quarantine attachments from unknown senders
• Automatically move messages from unknown senders to a Review folder

If available, enable warnings for emails that use familiar display names but come from unfamiliar addresses. This helps stop impersonation scams that pretend to be family, banks or service providers. These steps slow scammers down and reduce impulse clicks before damage happens.

Email is dominant, but voicemail and callback scams are also growing fast among seniors, often as a follow-up to phishing emails. If possible, silence unknown callers and block voicemail-to-email transcription for unfamiliar numbers, since many scams now start with urgent callback messages rather than links.

3) Add a trusted second set of eyes

Next, add safety nets that notify family members when something looks wrong. Enable banking alerts for large withdrawals, new payees, password changes, unusual logins and new device sign-ins. Add his daughter as a trusted contact wherever the bank allows it. If available, enable delays or approval requirements for first-time transfers to new payees. This creates a cooling period that can stop scam-driven transactions. For email accounts, set up a recovery contact so that his daughter is notified immediately if someone attempts to access or reset the account.

Enable two-factor authentication (2FA) on email and banking accounts, but pair it with device and transfer alerts, since many scams now succeed even when 2FA is enabled.

4) Harden devices so clicks do not equal catastrophe

Devices should be set up to fail safely. Keep operating systems and browsers updated. Make sure the laptop uses a standard user account instead of an administrator account. This prevents software from installing without approval. Install real-time protection that blocks scam sites before they load. Strong antivirus software helps block malicious links and fake login pages automatically.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Use a password manager to block fake logins

Password reuse makes scams far more dangerous. Fake pop-ups and lookalike websites are designed to trick people into typing usernames and passwords by hand. A password manager removes that risk by storing credentials securely and autofilling them only on legitimate websites. If a page is fake or malicious, the password manager will not fill anything. That simple refusal often prevents account takeovers before they start. Password managers also reduce frustration by eliminating the need to remember or reuse passwords across email, banking and shopping accounts. When set up correctly, this protection works quietly in the background on both phones and laptops.

Many phishing scams no longer rely on obvious fake emails. They rely on realistic login pages. Autofill protection is one of the most effective ways to stop these attacks without changing daily habits.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

6) Freeze credit and monitor identity exposure

If scammers already have personal information, prevention alone is not enough. Freeze credit with Experian, TransUnion and Equifax to prevent new accounts from being opened. Also, place freezes with ChexSystems and the National Consumer Telecom and Utilities Exchange to stop criminals from opening bank accounts, phone lines, or utility services in his name.

If possible, request an IRS Identity Protection PIN to prevent tax-related identity theft.

Add ongoing identity monitoring so suspicious activity triggers alerts quickly. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

7) Set clear rules around scams and payments

Technology helps, but expectations matter. Have one calm conversation and agree on simple rules:

• No gift cards for urgent emails or texts
• No sending money through unfamiliar apps or cryptocurrency
• Always call a trusted family member before acting on urgency

Post these rules near the computer or phone. Visual reminders reduce panic decisions. Also, before setting rules, choose one primary trusted contact. Multiple helpers can slow response during urgent scams and create confusion when fast decisions matter. That person should be the default call for anything urgent involving money, account access, or unexpected requests.

8) Reduce exposure with a data removal service

Scammers often find seniors by pulling personal details from public data broker websites. These sites publish phone numbers, addresses, relatives and age information that make targeting easier. A data removal service works behind the scenes to opt seniors out of these databases and reduce how much personal information is publicly available online. Fewer exposed details means fewer scam calls, fewer phishing emails and fewer impersonation attempts. This step does not stop every scam, but it significantly lowers how often seniors are targeted in the first place.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

9) Use senior-friendly monitoring tools the right way

Many tools designed for child safety also work well for seniors when used thoughtfully. When configured correctly, they add protection without interfering with daily routines.

Below are device-specific steps families can use today.

iPhone and iPad

Apple’s built-in Screen Time tools provide strong protection without installing extra apps.

What to set up:

• Open Settings and tap Screen Time
• Turn on Screen Time for the device
• Tap Content & Privacy Restrictions and turn it on
• Under App Store Purchases, set app installs to Don’t Allow
• Tap Web Content and limit access to approved or safe websites
• Set a Screen Time passcode known only to the caregiver

If the caregiver wants remote visibility or control, add the device to Family Sharing and manage Screen Time from the caregiver’s Apple ID.

BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

Why this helps: It blocks many scam sites, prevents accidental app installs and stops fake update prompts from causing damage.

Android phones and tablets

Android offers built-in protections and optional supervised controls.

What to set up:

Settings may vary depending on your Android phone’s manufacturer

• Open Settings and go to Digital Wellbeing & parental controls
• Turn on parental controls for the device
• Restrict app installs and require approval for new downloads
• Enable Safe Browsing and website filtering
• Turn on alerts for new app installs and account changes

For families who want shared oversight, Google Family Link can be used to supervise app installs and receive alerts, as long as both parties agree.

Why this helps: Many Android scams rely on fake app installs. These settings block that path.

Windows computers

Windows protection works best when user accounts are set correctly.

What to set up:

• Create a standard user account for daily use
• Keep the caregiver account as the only administrator
• Turn on Microsoft Family Safety if available
• Enable SmartScreen and browser phishing protection
• Block software installs without administrator approval

Why this helps: Malware often installs silently on admin accounts. This setup prevents that.

Mac computers

macOS includes built-in controls similar to those on iPhone and iPad.

What to set up:

• Create a standard user account for the senior
• Limit administrator access to a trusted caregiver
• Open System Settings and enable Screen Time
• Restrict app installs and system changes
• Keep built-in malware and phishing protections enabled

Why this helps: It prevents fake software updates and malicious downloads from installing.

10) Best practices for all devices

• Use alert-only or limited-control settings whenever possible
• Review settings together so expectations are clear
• Avoid tools that feel invasive or confusing
• Focus on blocking harm, not monitoring behavior

This is not about spying. It is about adding digital seatbelts while preserving independence. When used respectfully, these tools reduce risk without changing daily habits.

Pro Tip: Use a secure email service for added privacy

For families looking to go a step further, switching to a secure email service can significantly reduce scam exposure. Privacy-focused email providers are designed to limit tracking, block hidden tracking pixels, and reduce how much data advertisers or scammers can collect from inbox activity. Many secure email services also offer disposable or alias email addresses for one-time signups. If an alias starts receiving spam or scam messages, it can be disabled without affecting the main email account. This makes it easier to keep a primary email address private and limit long-term exposure. Secure email platforms typically include features like encrypted messages, no advertising and stronger privacy controls. While switching email providers is optional, it can be a useful upgrade for seniors who receive large volumes of spam or have been repeatedly targeted by scams.

Why it matters: Less tracking means fewer scam attempts. Aliases reduce how often personal email addresses are exposed, without changing daily habits.

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Protecting seniors online is not about control. It is about prevention. Email scams are designed to exploit trust and urgency, especially in people who did not grow up with digital threats. Smart guardrails protect independence while preventing irreversible mistakes. If email and banking are today’s car keys, families need modern safety features to go with them.

If your parent clicked a scam email right now, would you know before the money was gone? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.