Researchers at the Center for Countering Digital Hate estimated Grok generated roughly 3 million sexualized images during an 11-day window in late December 2025 and early January 2026. Around 23,000 of those depicted apparent children. That is not a bug that slipped through testing. That is a product behaving as configured.

I want to be precise about what the evidence actually shows, because the PR version and the engineering reality are far apart. xAI's response after those numbers went public was not to disable image generation. They moved it behind a paywall. They kept advertising "Spicy Mode" as a premium feature. A March 2026 class action filed by Lieff Cabraser Heimann & Bernstein alleges xAI deliberately configured Grok's system prompt to assume good intent when users referenced "teenage" or "girl." That is a prompt engineering choice. Someone wrote that prompt. Someone approved it.

When Grok's Changelog Becomes a Crime Scene

Builders will recognize the pattern. You do not accidentally configure a system prompt to interpret ambiguous user input as benign. That is an explicit decision, the kind that gets made in a Slack thread or a design review, not the kind that emerges from hallucinations. The lawsuit documents that Musk personally promoted the "undress" feature on X, which is relevant because product direction at xAI runs through one person. This was not a rogue team pushing a feature without oversight.

The regulatory pile-on is real: a provisional €45 million EU fine issued January 20, 35 U.S. state attorneys general writing formal letters, California's AG opening an investigation, and Ireland's Data Protection Commission starting its own inquiry. The 2026 International AI Safety Report specifically flagged that xAI committed to blocking harmful content only in jurisdictions where it is explicitly illegal. That is a compliance posture, not a safety posture. Any engineer who has shipped production code knows the difference between a guard rail and a legal minimum.

xAI claims Grok 2.5, released in late January, now blocks 99.99% of suspicious requests for harmful content. Fair point: that number, if accurate, represents real engineering work. I will grant them that. But a 0.01% failure rate on a system processing millions of image requests per day is not a rounding error. And self-reported accuracy stats from a company currently facing a federal CSAM lawsuit are not something I would push to production without third-party verification.

The Integration Problem Nobody Is Talking About

Grok is not a standalone web app you can just avoid. xAI has a partnership to put it inside Tesla vehicles. That means the same alignment decisions baked into Grok's image generation could surface in consumer hardware sitting in people's driveways. When a dependency has a known vulnerability, you pin a safer version or you rip it out. Right now, Tesla owners cannot do either.

The honest builder's question is not whether Grok's safety improved after January 2026. It probably did, under legal and regulatory pressure. The question is whether xAI's safety architecture is auditable by anyone outside xAI. It is not. There is no public safety red team report, no independent third-party audit, no open model weights to inspect. Musk says xAI keeps "honest versions" of Grok and eliminates "bad transformers." That is a philosophical claim, not a verifiable one.

If you are building something on top of Grok or recommending it to a team, you are trusting a closed system that demonstrably failed at the worst possible category of harm and responded by monetizing access instead of fixing the root cause. That is not a tradeoff I would ship.