In March, a girl’s stepfather took his own life after cops discovered that he had used Grok to create 7,000 sexually explicit images using one photo taken when his stepdaughter was 11 years old, the amended complaint alleged.

Grok allowed the man to generate extreme images depicting incest and rape without flagging any harmful behavior, the complaint said. Seemingly, xAI’s child safety system only intervened after the man input a prompt for “gang rape.” That request sent a CyberTip to the National Center for Missing and Exploited Children (NCMEC), which alerted law enforcement to the AI CSAM.

Yet the harm was not stopped then, either. Despite mandatory reporting requirements to share information like a user’s IP address when CSAM is flagged, xAI repeatedly refused to help cops or NCMEC identify the user, the complaint alleged. For weeks, xAI allegedly “obstructed this investigation at every turn” and made it harder for “law enforcement efforts to locate, identify, and apprehend the perpetrator.”

Eventually, the stepfather was arrested after cops obtained a warrant to seize his devices. That’s when “a forensic review revealed approximately 7,000 AI-generated images and videos” depicting his stepdaughter, which were allegedly produced using Grok. Without Grok providing users with easy access to “undressing” capabilities, his family doubts he ever would have generated the harmful images, which he allegedly trafficked online in trade for “CSAM produced by other child sex predators.”

  • brucethemoose@lemmy.world
    link
    fedilink
    arrow-up
    40
    ·
    edit-2
    3 days ago

    Horrors of this aside… is Grok using a keyword filter for CSAM detection?

    I cannot even begin to describe how technically negligent that is.

    Image based CSAM detectors have been around for ~2 decades, and any image host with an ounce of self preservation uses them. I’m pretty use some Lemmy instances use them. Twitter must have already been using them, even before Musk bought them, because it would be legal suicidal not to.


    That they wouldn’t implement a strong image-based checker in Grok is mind-boggling.

    • prole@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      7
      ·
      2 days ago

      is Grok using a keyword filter for CSAM detection?

      At some point in the last ten years, everyone apparently forgot why this doesn’t work

      • brucethemoose@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 days ago

        Not everyone. Not even AI platforms.

        CivitAI is a great example; they have a robust image categorizer that auto tags anything uploaded to the site, or generated on it. They have it divided into a SFW and NSFW sites, and nothing even related to children is allowed on the NSFW side. No depictions of real people are allowed on either. And by all indications, they have CSAM firmly under control.

        It’s why this story is so mind boggling to me. Either Grok’s team is such a mess that they weren’t aware of ancient filtering technology, or they deliberately left it “uncensored” and thought they could get away with it. Either possibility is horrifying.

    • mnemonicmonkeys@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      ·
      3 days ago

      I cannot even begin to describe how technically negligent that is.

      Tbh, this is par for the course for most of Elon’s businesses

      • brucethemoose@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        3 days ago

        But even unintentionally serving CSAM is unique in that it can get you in legal hot water reeeal quick. It’s why web services are so strict about filtering.

        I just can’t wrap my head around this. Maybe I’m misreading what Grok did, or maybe the story isn’t quite right, but if it is, the company should be getting raked over hot coals by the feds right about now.

      • brucethemoose@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 days ago

        Well, that’s what I’m saying. Even if shareholder value is the only objective, this is a catastrophic mistake. CSAM is baaad for business.