Canada’s federal privacy watchdog said Thursday that Elon Musk’s artificial intelligence company xAI violated the country’s privacy law by launching Grok’s image-generation tool without adequate safeguards, marking one of the strongest regulatory findings yet against the controversial chatbot.
Privacy Commissioner Philippe Dufresne said an investigation found that Grok enabled users to create and share non-consensual sexualized deepfake images of real people, exposing weaknesses in the platform’s protections against harmful AI-generated content. The probe was launched in January after reports that users were employing the tool to alter photographs of individuals without their consent.
READ: Musk defends Grok as ‘Space(XAI)’ eyes massive IPO (May 26, 2026)
The ruling adds to mounting international scrutiny of Grok and xAI as regulators in several countries examine whether rapidly evolving AI image tools are adequately protecting privacy and preventing abuse. Authorities in Britain, Italy and other jurisdictions have also launched investigations or issued warnings related to Grok’s ability to generate sexualized images of real people.
Dufresne said xAI failed to implement appropriate safeguards when the image-generation feature was introduced. However, he acknowledged that the company has since taken steps to reduce the creation of sexualized deepfakes, including restrictions on editing images of real individuals in revealing or inappropriate contexts. According to the commissioner, xAI has also committed to proactively monitoring for problematic content rather than responding only after complaints are filed.
READ: Sexualized image threats: X limits Grok AI image edits to paid users amid backlash (January 9, 2026)
While Canada’s privacy commissioner cannot impose fines or compel policy changes, the findings are likely to intensify pressure on AI developers facing growing demands for stronger protections against deepfake abuse.
The decision comes as governments worldwide grapple with the rise of AI-generated imagery and concerns that powerful generative tools can be used to create non-consensual sexual content, misinformation and other harmful material. Canada recently expanded its broader scrutiny of Grok and related services, while regulators in the United Kingdom and elsewhere continue examining whether the technology complies with privacy and data-protection laws. xAI did not immediately respond to requests for comment following the Canadian watchdog’s findings.