Skip to main content
Emerging ThreatsMalware & Ransomware

Lawsuit Exposes AI Firms' Role in Deepfake Child Abuse Material

Blurred laptop screen on a plain surface in a dimly lit room, conveying solemnity and concern.

More than 7,000 computer-generated images are at the center of new claims in a widening class-action suit that accuses both a high-profile chatbot and a major open-weight image model maker of enabling nonconsensual deepfake child sexual assault material (CSAM).

The amended lawsuit and the new plaintiffs

The complaint, originally filed in March by three women, was amended this week to add two additional anonymous plaintiffs identified as Jane Does 4 and 5. All five plaintiffs remain anonymous in the filing, and the suit says the spread of the material has left them “humiliated and ashamed.”

According to the complaint, Jane Doe 4 — described as a female from Wyoming — alleges her stepfather uploaded a photo of her at age 11 and used Grok to produce “more than 7,000 CSAM-related images.” The suit describes those generated images being shared and traded on social media and says the stepfather “opted for Grok ‘because the platform was less restrictive than other AI models and responded to his prompts to generate sexually explicit material using an image depicting a prepubescent minor.’”

Jane Doe 5 alleges an adult male related to a classmate used Grok to convert a photograph from her eighth-grade graduation into illicit material, which was similarly traded and shared online. The complaint says much of that content remains available on the internet despite the man’s arrest and criminal charges.

Allegations against xAI and Grok, and law enforcement evidence claims

The suit names xAI and its Grok tool as defendants. It alleges that in February xAI generated a tip to the National Center for Missing and Exploited Children (NCMEC) but submitted only the original, authentic image as evidence. The complaint asserts that xAI “did not respond when law enforcement requested the thousands of Grok-generated images based on the photo and IP address information that would have quickly helped identify” the stepfather.

The complaint links a cascade of harms to that alleged failure: after the stepfather’s arrest and child-exploitation charges, he “shot himself two days after he was arrested,” a development the filing says compounded an “extreme personal crisis” for the victim. The complaint documents severe and ongoing mental-health impacts on Jane Doe 4, saying she regularly “struggles with self-loathing and disgust” and experiences “extreme anxiety” and suicidal ideation at the thought the images will be found by others.

CyberScoop reported that xAI’s press office did not respond to an emailed request for comment.

Allegations against Stability AI and Stable Diffusion’s training data

The amended complaint also adds Stability AI, alleging the company released Stable Diffusion 1.0 as an open-weight model “despite knowing it was trained on CSAM” and then declined to alter or tighten its guardrails. The filing cites a 2023 Stanford study saying the dataset used to train Stable Diffusion models was created through unguided webcrawling and thus ingested “a significant amount of explicit material,” including CSAM.

The suit notes that Stable Diffusion 1.0 included a classifier intended to block generation of such images, but claims that because of the training data downstream developers could more easily create modified versions that bypassed protections. While Stable Diffusion 2.0 reportedly introduced stronger guardrails, the complaint alleges Stability AI “rolled back those protections in response to ‘disgruntled’ users” who called the new restrictions “prude” and “unpopular,” a rollback the suit says helped fuel an ecosystem of jailbroken “nudify apps.”

CyberScoop reported Stability AI did not respond to a request for comment.

Evidence access, ongoing dissemination, and victim control

The complaint places particular emphasis on two interlocking problems: access to generated-output evidence that could identify perpetrators, and the enduring online availability of generated CSAM that victims cannot control. For Jane Doe 4, the suit says law enforcement requests for Grok-generated images and IP address information were not fulfilled by xAI, even though those records “would have quickly helped identify her stepfather as the perpetrator.”

For Jane Doe 5, the complaint stresses that although the man who allegedly produced her images was arrested and charged, “much of the content is still available on the internet,” and she “feels a complete lack of control over the ongoing dissemination of the files.” The suit adds: “It is impossible to know how many other child sex predators may now possess Jane Doe 5’s CSAM, nor how widely her CSAM has now been disseminated online through darknet channels and applications.”

What this means for technologists, law enforcement, and victims

  • Technologists and security teams: The complaint frames model-level safeguards as central — alleging that open-weight release and training on unguided webcrawls left models susceptible to downstream exploitation and to jailbroken apps that enable explicit generation.
  • Law enforcement and investigators: The filing underscores the importance of access to generated outputs and IP logs; it alleges that a lack of cooperation in providing those Grok-generated images hindered rapid attribution and evidence collection in at least one case.
  • Victims and families: The suit documents long-term, severe psychological harm tied to ongoing dissemination, and emphasizes the practical difficulty of removing or controlling deepfake CSAM once it has been shared broadly online.

The amended class-action expands the scope of the original March filing to assert both platform-level and model-level responsibility for deepfake CSAM. Both xAI and Stability AI were reported as nonresponsive to requests for comment in CyberScoop’s coverage, leaving the allegations to proceed through litigation as the public record now documents the plaintiffs’ claims and the scale of content they attribute to Grok and downstream model exploitation.

https://cyberscoop.com/deepfake-csam-lawsuit-grok-xai-expands-stability-ai/