CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

EU Investigates X Over Grok-Generated Sexual Content

First reported
Last updated
2 unique sources, 6 articles

Summary

Hide ▲

The European Commission, along with authorities in the UK, France, California, and now Ireland, are investigating X (formerly Twitter) over the use of its Grok AI tool to generate non-consensual sexual images, including child sexual abuse material (CSAM). The investigations are examining whether X has complied with data protection laws and adequately safeguarded against the generation of harmful content. The Irish Data Protection Commission (DPC) has opened a formal inquiry into X's compliance with GDPR obligations, joining the UK's Information Commissioner's Office (ICO), the European Commission, and French prosecutors in their respective investigations. French authorities have also raided X's offices in Paris and summoned Elon Musk and X CEO Linda Yaccarino for interviews. X has restricted Grok's image generation capabilities to paid subscribers, a move criticized by UK officials.

Timeline

  1. 03.02.2026 14:43 4 articles · 14d ago

    French Authorities Raid X Offices Over Grok AI Criminal Investigation

    French prosecutors raided X's offices in Paris as part of a criminal investigation into the platform's Grok AI tool, which has been used to generate sexually explicit images and other illegal content. The investigation, opened in January 2025 after two complaints, initially focused on operating an illegal online platform, fraudulent data extraction, and system tampering. It expanded to include allegations of complicity in the possession and distribution of CSAM, as well as sexual deepfakes and Holocaust-denial content. The Paris prosecutor's office has summoned Elon Musk and X CEO Linda Yaccarino for voluntary interviews on April 20, 2026, with additional employees to be questioned as witnesses between April 20 and April 24, 2026. The investigation covers seven criminal offenses, including complicity in possessing and distributing child pornography, violations related to sexual deepfakes, Holocaust denial, fraudulent data extraction, system tampering, and operating an illegal online platform as part of an organized criminal enterprise. Between June and October 2025, X’s submissions to the National Center for Missing and Exploited Children (NCMEC) regarding CSAM in France fell by 81.4%.

    Show sources
    Open in new tab
  2. 26.01.2026 19:14 5 articles · 22d ago

    EU Launches Investigation into X Over Grok-Generated Sexual Images

    The European Commission has launched a formal investigation into X under the DSA to assess risks associated with Grok AI, following reports of its use to generate sexually explicit images and CSAM. UK authorities, including the Information Commissioner's Office (ICO), have also launched a formal investigation into X and its Irish subsidiary over reports that Grok AI was used to generate nonconsensual sexual images. The ICO will examine whether X processed personal data lawfully and whether adequate safeguards were in place to prevent Grok from creating harmful, manipulated images. The ICO noted that losing control over personal data, when safeguards are not in place, can cause immediate and significant harm, particularly involving children. The ICO can impose fines of up to £17.5 million or 4% of a company's worldwide annual turnover. Ireland's Data Protection Commission (DPC) has opened a formal investigation into X over the use of Grok AI to generate non-consensual sexual images of real people, including children. The DPC will examine whether X Internet Unlimited Company (XIUC) complied with core GDPR obligations, including lawful processing, data protection by design, and conducting data protection impact assessments. The DPC's investigation is significant as it is the lead EU supervisory authority for X, and its findings could result in substantial fines enforceable across all 27 EU member states and the three European Economic Area countries.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

AI Agents Introduce Compliance Challenges for CISOs

AI agents are increasingly embedded in regulated workflows, introducing compliance challenges that blur the lines between security and compliance. CISOs are now responsible for ensuring AI agents operate within compliance frameworks like SOX, GDPR, PCI DSS, and HIPAA, which were designed for human actors. AI agents' probabilistic reasoning, adaptability, and broad permissions challenge traditional compliance controls. They can collapse segregation of duties, expose sensitive data, and create auditability issues. CISOs must treat AI agents as non-human identities with governance, access controls, and monitoring similar to privileged users.

Open in new tab

Latvian Crew Member Arrested for Malware Installation on Italian Ferry

French authorities arrested a Latvian crew member of the Italian ferry Fantastic for allegedly installing malware that could remotely control the vessel. The suspect faces charges of conspiring to infiltrate computer systems on behalf of a foreign power. The malware was discovered and neutralized without consequences. French officials suspect foreign interference, potentially linked to Russia. Additionally, a 22-year-old was arrested for breaching the French Ministry of the Interior's email servers.

Open in new tab

Cyberattack on French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers, detected between December 11 and 12, 2025. The breach allowed unauthorized access to document files, though data exfiltration remains unconfirmed. The ministry has tightened security protocols and launched an investigation to determine the origin and scope of the attack. Possible motives include foreign interference, activism, or cybercrime. On December 17, 2025, a 22-year-old suspect was arrested in connection with the attack. The suspect is accused of unauthorized access to an automated personal data processing system as part of an organized group. Investigations are being conducted by OFAC, France's Office for Combating Cybercrime. A BreachForums admin claimed responsibility for the attack, alleging it was in revenge for the arrests of forum moderators and admins. The forum post claims that data on 16,444,373 people from France's police records was stolen. In April 2025, France attributed a widespread hacking campaign to APT28, a group linked to Russia's GRU, targeting various French entities.

Open in new tab

Clearview AI Faces Criminal Complaint in Austria

Clearview AI, a US-based facial recognition firm, faces a criminal complaint in Austria for ignoring EU data protection regulations. The European Center for Digital Rights, noyb, filed the complaint on October 28, 2025. Clearview AI's database of over 60 billion facial images includes data from European citizens, which has led to multiple GDPR violations and fines. The new complaint seeks criminal sanctions against the company and its executives, potentially leading to jail time and personal liability. Clearview AI has previously argued that it is not subject to GDPR due to its lack of presence in Europe and non-provision of services within the EU. However, the Dutch DPA has asserted that the inclusion of European citizens' data makes the firm subject to EU law. The criminal complaint follows a series of administrative fines and bans issued by various European DPAs.

Open in new tab

Scarcruft (APT37) Ransomware Campaign Targets South Korea

North Korean threat actors have **expanded the Contagious Interview campaign** with a **new JavaScript-based backdoor** delivered via **malicious VS Code repositories**, marking the latest evolution in their multi-stage infection chain. When victims clone and open these repositories—framed as technical assignments or code reviews—they are prompted to trust the repository author. Upon granting trust, VS Code automatically executes a hidden **Node.js command** in the background, deploying the backdoor with **remote code execution capabilities**. The payload persists even after VS Code is closed, produces no visible output, and remains undetected while exfiltrating credentials and sensitive data. This tactic builds on earlier methods, such as **abusing `tasks.json` files** and **malicious npm dependencies (e.g., 'grayavatar')**, but introduces a **fully JavaScript-based payload** tailored for developers familiar with Node.js. The campaign, active since late 2023, continues to target **software developers, particularly in blockchain, cryptocurrency, and Web3 sectors**, blending **social engineering with technical deception**. Previous milestones include the **December 2025 deployment of EtherRAT**, which exploited **React2Shell (CVE-2025-55182)** and **Ethereum smart contracts for C2**, and the **January 2026 wave** using **BeaverTail and InvisibleFerret malware** via GitHub/GitLab/Bitbucket lures. The group collaborates with **North Korea’s fraudulent IT workers (WageMole)** to amplify credential theft and financial fraud, while consolidating hosting on **Vercel domains** and refining **AI-generated artifacts** to evade detection. The latest backdoor underscores the campaign’s **rapid adaptation**, combining **espionage-driven data theft** with **financial motives** through persistent, multi-layered infections.

Open in new tab