Britain and Canada are continuing regulatory probes into xAI’s Grok chatbot, signalling that official scrutiny will persist despite the company’s announcement of new safeguards. Authorities say concerns remain over the system’s ability to generate explicit and non-consensual images.
xAI said it had updated Grok to block edits that place real people in revealing clothing and restricted image generation in jurisdictions where such content is illegal. The company did not specify which regions are affected by the new limits.
Reuters testing found Grok was still capable of producing sexualised images, including in Britain. Social media platform X and xAI did not respond to questions about how effective the changes have been.
UK regulator Ofcom said its investigation remains ongoing, despite welcoming xAI’s announcement. A privacy watchdog in Canada also confirmed it is expanding an existing probe into both X and xAI.
Pressure is growing internationally, with countries including France, India, and the Philippines raising concerns. British Technology Secretary Liz Kendall said the Online Safety Act gives the government tools to hold platforms accountable for harmful content.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
California Attorney General Rob Bonta has launched an investigation into xAI, the company behind the Grok chatbot, over the creation and spread of nonconsensual sexually explicit images.
Bonta’s office said Grok has been used to generate deepfake intimate images of women and children, which have then been shared on social media platforms, including X.
Officials said users have taken ordinary photos and manipulated them into sexually explicit scenarios without consent, with xAI’s ‘spicy mode’ contributing to the problem.
‘We have zero tolerance for the AI-based creation and dissemination of nonconsensual intimate images or child sexual abuse material,’ Bonta said in a statement.
The investigation will examine whether xAI has violated the law and follows earlier calls for stronger safeguards to protect children from harmful AI content.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A new beta feature has been launched in the United States that lets users personalise the Gemini assistant by connecting Google apps such as Gmail, Photos, YouTube and Search. The tool, called Personal Intelligence, is designed to make the service more proactive and context-aware.
When enabled, Personal Intelligence allows Gemini to reason across a user’s emails, photos, and search history to answer questions or retrieve specific details. Google says users remain in control of which apps are connected and can turn the feature off at any time.
The company showed how Gemini can use connected data to offer tailored suggestions, such as identifying vehicle details from Photos or recommending trips based on past travel.
Google said the system includes privacy safeguards. Personal Intelligence is turned off by default, and Gemini does not train on users’ Gmail inboxes or photo libraries.
The beta is rolling out to Google AI Pro and AI Ultra subscribers in the US and will work across web, Android, and iOS. Google plans to expand access over time and bring the feature to more countries and users.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Nissan Motor Corporation has been listed on the dark web by the Everest ransomware group, which is threatening to release allegedly stolen data within days unless a ransom is paid. The group claims to have exfiltrated around 900 gigabytes of company files.
Everest published sample screenshots showing folders linked to marketing, sales, dealer orders, warranty analysis, and internal communications. Many of the files appear to relate to Nissan’s operations in Canada, although some dealer records reference the United States.
Nissan has not issued a public statement about the alleged breach. The company has been contacted for comment, but no confirmation has been provided regarding the nature or scale of the incident.
Everest began as a ransomware operation in 2020 but is now believed to focus on gaining and selling network access using stolen credentials, insider recruitment, and remote access tools. The group is thought to be Russian-speaking and continues to recruit affiliates through its leak site.
The Nissan listing follows recent claims by Everest involving Chrysler and ASUS. In those cases, the group said it had stolen large volumes of personal and corporate data, with ASUS later confirming a supplier breach involving camera source code.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Uganda’s communications regulator has ordered a nationwide internet shutdown ahead of Thursday’s general election. The move is intended to prevent misinformation, electoral fraud, and incitement to violence.
The shutdown was due to begin at 18:00 local time on Tuesday, with no end date specified. Mobile data users in Uganda reported losing access, while some business networks, including hotels, remained connected. Voice calls and basic SMS services were expected to continue operating.
The regulator said it was acting on recommendations from security agencies, including the army and police. In a letter to operators, it described the suspension as a precautionary measure to protect national stability during what it called a sensitive national exercise.
Uganda imposed a similar internet blackout during the 2021 election, which was followed by protests in which dozens of people were killed. Earlier this month, the commission had dismissed reports of another shutdown as rumours, saying it aimed to guarantee uninterrupted connectivity.
President Yoweri Museveni, 81, is seeking a seventh term against opposition challenger Bobi Wine, 43, whose real name is Robert Kyagulanyi. Wine criticised the internet suspension and urged supporters to use Bluetooth-based messaging apps, though authorities warned those could also be restricted.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A UK public sector cyberattack on Kensington and Chelsea Council has exposed the growing vulnerability of government organisations to data breaches. The council stated that personal details linked to hundreds of thousands of residents may have been compromised after attackers targeted the shared IT infrastructure.
Security experts warn that interconnected systems, while cost-efficient, create systemic risks. Dray Agha, senior manager of security operations at Huntress, said a single breach can quickly spread across partner organisations, disrupting essential services and exposing sensitive information.
Public sector bodies remain attractive targets due to ageing infrastructure and the volume of personal data they hold. Records such as names, addresses, national ID numbers, health information, and login credentials can be exploited for fraud, identity theft, and large-scale scams.
Gregg Hardie, public sector regional vice president at SailPoint, noted that attackers often employ simple, high-volume tactics rather than sophisticated techniques. Compromised credentials allow criminals to blend into regular activity and remain undetected for long periods before launching disruptive attacks.
Hardie said stronger identity security and continuous monitoring are essential to prevent minor intrusions from escalating. Investing in resilient, segmented systems could help reduce the impact of future UK public sector cyberattack incidents and protect critical operations.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A newly identified vulnerability in Telegram’s mobile apps allows attackers to reveal users’ real IP addresses with a single click. The flaw, known as a ‘one-click IP leak’, can expose location and network details even when VPNs or proxies are enabled.
The issue comes from Telegram’s automatic proxy testing process. When a user clicks a disguised proxy link, the app initiates a direct connection request that bypasses all privacy protections and reveals the device’s real IP address.
Cybersecurity researcher @0x6rss demonstrated an attack on X, showing that a single click is enough to log a victim’s real IP address. The request behaves similarly to known Windows NTLM leaks, where background authentication attempts expose identifying information without explicit user consent.
ONE-CLICK TELEGRAM IP ADDRESS LEAK!
In this issue, the secret key is irrelevant. Just like NTLM hash leaks on Windows, Telegram automatically attempts to test the proxy. Here, the secret key does not matter and the IP address is exposed. Example of a link hidden behind a… https://t.co/KTABAiuGYIpic.twitter.com/NJLOD6aQiJ
Attackers can embed malicious proxy links in chats or channels, masking them as standard usernames. Once clicked, Telegram silently runs the proxy test, bypasses VPN or SOCKS5 protections, and sends the device’s real IP address to the attacker’s server, enabling tracking, surveillance, or doxxing.
Both Android and iOS versions are affected, putting millions of privacy-focused users at risk. Researchers recommend avoiding unknown links, turning off automatic proxy detection where possible, and using firewall tools to block outbound proxy tests. Telegram has not publicly confirmed a fix.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The creators of Stranger Things have been accused by some fans of using ChatGPT while writing the show’s fifth and final season, following the release of a behind-the-scenes Netflix documentary.
The series ended on New Year’s Eve with a two-hour finale that saw (SPOILER WARNING) Vecna defeated and Eleven apparently sacrificing herself. The ambiguous ending divided viewers, with some disappointed by the lack of closure.
A documentary titled One Last Adventure: The Making Of Stranger Things 5 was released shortly after the finale. One scene showing Matt and Ross Duffer working on scripts drew attention after a screenshot circulated online.
Some viewers claimed a ChatGPT-style tab was visible on a laptop screen. Others questioned the claim, noting the footage may predate the chatbot’s mainstream use.
Netflix has since confirmed two spin-offs are in development, including a new live-action series and an animated project titled Stranger Things: Tales From ’85.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Elon Musk’s platform X has restricted image editing with its AI chatbot Grok to paying users, following widespread criticism over the creation of non-consensual sexualised deepfakes.
The move comes after Grok allowed users to digitally alter images of people, including removing clothing without consent. While free users can still access image tools through Grok’s separate app and website, image editing within X now requires a paid subscription linked to verified user details.
Legal experts and child protection groups said the change does not address the underlying harm. Professor Clare McGlynn said limiting access fails to prevent abuse, while the Internet Watch Foundation warned that unsafe tools should never have been released without proper safeguards.
UK government officials urged regulator Ofcom to use its full powers under the Online Safety Act, including possible financial restrictions on X. Prime Minister Sir Keir Starmer described the creation of sexualised AI images involving adults and children as unlawful and unacceptable.
The controversy has renewed pressure on X to introduce stronger ethical guardrails for Grok. Critics argue that restricting features to subscribers does not prevent misuse, and that meaningful protections are needed to stop AI tools from enabling image-based abuse.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The global pioneer firm in AR, Rokid, unveiled its new Style smart glasses at CES 2026, opting for a screenless, voice-first design instead of the visual displays standard across competing devices.
Weighing just 38.5 grams, the glasses are designed for everyday wear, with an emphasis on comfort and prescription readiness.
Despite lacking a screen, Rokid Style integrates AI through an open ecosystem that supports platforms such as ChatGPT, DeepSeek and Qwen. Global services, including Google Maps and Microsoft AI Translation, facilitate navigation and provide real-time language assistance across various regions.
The device adopts a prescription-first approach, supporting lenses from plano to ±15.00 diopters alongside photochromic, tinted and protective options.
Rokid has also launched a global online prescription service, promising delivery within seven to ten days.
Design features include titanium alloy hinges, silicone nose pads and a built-in camera capable of 4K video recording.
Battery life reaches up to 12 hours of daily use, with global pricing starting at $299, ahead of an online launch scheduled for January 19.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
