Grok, the AI chatbot built into Elon Musk’s social platform X, has been used to produce sexualised ‘edited’ images of real people, including material that appeared to involve children. In a statement cited in the report, Grok attributed some of the outputs to gaps in its safeguards that allowed images showing ‘minors in minimal clothing,’ and said changes were being made to prevent repeat incidents.
One case described a Rio de Janeiro musician, Julie Yukari, who posted a New Year’s Eve photo on X and then noticed other users tagging Grok with requests to alter her image into a bikini-style version. She said she assumed the bot would refuse, but AI-generated, near-nude edits of her image later spread on the platform.
The report suggested that the misuse was widespread and rapidly evolving. In a brief midday snapshot of public prompts, it counted more than 100 attempts in 10 minutes to get Grok to swap people’s clothing for bikinis or more revealing outfits. In dozens of cases, the tool complied wholly or partly, including instances involving people who appeared to be minors.
The episode has also drawn attention from officials outside the US. French ministers said they referred the content to prosecutors and also flagged it to the country’s media regulator, asking for an assessment under the EU’s Digital Services Act. India’s IT ministry, meanwhile, wrote to X’s local operation saying the platform had failed to stop the tool being used to generate and circulate obscene, sexually explicit material.
Specialists quoted in the report argued the backlash was predictable: ‘nudification’ tools have existed for years, but placing a powerful image editor inside a significant social network drastically lowers the effort needed to misuse it and helps harmful content spread. They said civil-society and child-safety groups had warned xAI about likely abuse, while Musk reacted online with joking posts about bikini-style AI edits, and xAI previously brushed off related coverage with the phrase ‘Legacy Media Lies.’
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has filed a lawsuit against a Chinese-speaking cybercriminal network it says is behind a large share of scam text messages targeting people in the United States. The company says the legal action is aimed at disrupting the group’s online infrastructure rather than seeking damages.
According to the complaint, the group, known as Darcula, develops and sells phishing software that allows scammers to send mass text messages posing as trusted organisations such as postal services, government agencies, or online platforms. The tools are designed to be easy to use, enabling people with little technical expertise to run large-scale scams.
Google says the software has been used by hundreds of scam operators to direct victims to fake websites where credit card details are stolen. The company estimates that hundreds of thousands of payment cards have been compromised globally, with tens of thousands linked to victims in the United States.
The lawsuit asks a US court to grant Google the authority to seize and shut down websites connected to the operation, a tactic technology companies increasingly use when criminal networks operate in countries beyond the reach of US law enforcement. Investigations by journalists and cybersecurity researchers suggest the group operates largely in Chinese and has links to individuals based in China and other countries.
The case highlights the growing scale of text-based fraud in the US, where cybercrime losses continue to rise sharply. Google says it will continue combining legal action with technical measures to limit the reach of large scam networks and protect users from increasingly sophisticated phishing campaigns.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Growing concern over data privacy and subscription fatigue has led an independent developer to create WitNote, an AI note-taking tool that runs entirely offline.
The software allows users to process notes locally on Windows and macOS rather than relying on cloud-based services where personal information may be exposed.
WitNote supports lightweight language models such as Qwen2.5-0.5B that can run with limited storage requirements. Users may also connect to external models through API keys if preferred.
Core functions include rewriting, summarising and extending content, while a WYSIWYG Markdown editor provides a familiar workflow without network delays, instead of relying on web-based interfaces.
Another key feature is direct integration with Obsidian Markdown files, allowing notes to be imported instantly and managed in one place.
The developer says the project remains a work in progress but commits to ongoing updates and user-driven improvements, even joining Apple’s developer programme personally to support smoother installation.
For users seeking AI assistance while protecting privacy and avoiding monthly fees, WitNote positions itself as an appealing offline alternative that keeps full control of data on the local machine.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The booming influencer economy of Belgium is colliding with an advertising rulebook that many creators say belongs to another era.
Different obligations across federal, regional and local authorities mean that wording acceptable in one region may trigger a reprimand in another. Some influencers have even faced large fines for administrative breaches such as failing to publish business details on their profiles.
In response, the Influencer Marketing Alliance in Belgium has launched a certification scheme designed to help creators navigate the legal maze instead of risking unintentional violations.
Influencers complete an online course on advertising and consumer law and must pass a final exam before being listed in a public registry monitored by the Jury for Ethical Practices.
Major brands, including L’Oréal and Coca-Cola, already prefer to collaborate with certified creators to ensure compliance and credibility.
Not everyone is convinced.
Some Belgian influencers argue that certification adds more bureaucracy at a time when they already struggle to understand overlapping rules. Others see value as a structured reminder that content creators remain legally responsible for commercial communication shared with followers.
The alliance is also pushing lawmakers to involve influencers more closely when drafting future rules, including taxation and safeguards for child creators.
Consumer groups such as BEUC support clearer definitions and obligations under the forthcoming EU Digital Fairness Act, arguing that influencer advertising should follow the same standards as other media instead of remaining in a grey zone.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A ransomware attack has disrupted the Oltenia Energy Complex, Romania’s largest coal-based power producer, after hackers encrypted key IT systems in the early hours of 26 December.
The state-controlled company confirmed that the Gentlemen ransomware strain locked corporate files and disabled core services, including ERP platforms, document management tools, email and the official website.
The organisation isolated affected infrastructure and began restoring services from backups on new systems instead of paying a ransom. Operations were only partially impacted and officials stressed that the national energy system remained secure, despite the disruption across business networks.
A criminal complaint has been filed. Additionally, both the National Directorate of Cyber Security of Romania and the Ministry of Energy have been notified.
Investigators are still assessing the scale of the breach and whether sensitive data was exfiltrated before encryption. The Gentlemen ransomware group has not yet listed the energy firm on its dark-web leak site, a sign that negotiations may still be underway.
An attack that follows a separate ransomware incident that recently hit Romania’s national water authority, underlining the rising pressure on critical infrastructure organisations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A Moscow court has dismissed a class action lawsuit filed against Russia’s state media regulator Roskomnadzor and the Ministry of Digital Development by users of WhatsApp and Telegram. The ruling was issued by a judge at the Tagansky District Court.
The court said activist Konstantin Larionov failed to demonstrate he was authorised to represent messaging app users. The lawsuit claimed call restrictions violated constitutional rights, including freedom of information and communication secrecy.
The case followed Roskomnadzor’s decision in August to block calls on WhatsApp and Telegram, a move officials described as part of anti-fraud efforts. Both companies criticised the restrictions at the time.
Larionov and several dozen co-plaintiffs said the measures were ineffective, citing central bank data showing fraud mainly occurs through traditional calls and text messages. The plaintiffs also argued the restrictions disproportionately affected ordinary users.
Larionov said the group plans to appeal the decision and continue legal action. He has described the lawsuit as an attempt to challenge what he views as politically motivated restrictions on communication services in Russia.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The presidency of the Council of the European Union next year is expected to see Ireland lead a European drive for ID-verified social media accounts.
Tánaiste Simon Harris said the move is intended to limit anonymous abuse, bot activity and coordinated disinformation campaigns that he views as a growing threat to democracy worldwide.
A proposal that would require users to verify their identity instead of hiding behind anonymous profiles. Harris also backed an Australian-style age verification regime to prevent children from accessing social media, arguing that existing digital consent rules are not being enforced.
Media Minister Patrick O’Donovan is expected to bring forward detailed proposals during the presidency.
The plan is likely to trigger strong resistance from major social media platforms with European headquarters in Ireland, alongside criticism from the US.
However, Harris believes there is growing political backing across Europe, pointing to signals of support from French President Emmanuel Macron and UK Prime Minister Keir Starmer.
Harris said he wanted constructive engagement with technology firms rather than confrontation, while insisting that stronger safeguards are now essential.
He argued that social media companies already possess the technology to verify users and restrict harmful accounts, and that European-level coordination will be required to deliver meaningful change.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Apple has filed an appeal of a major UK antitrust ruling that could result in billions of dollars in compensation for App Store users. The move would escalate the case from the Competition Appeal Tribunal to the UK Court of Appeal.
The application follows an October ruling in which the tribunal found Apple had abused its dominant market position by charging excessive App Store fees. The decision set a £1.5 billion ($1.9 billion) compensation figure, which Apple previously signalled it would challenge.
After the tribunal declined to grant permission to appeal, Apple sought to appeal to a higher court. The company has not commented publicly on the latest filing but continues to dispute the tribunal’s assessment of competition in the app economy.
Central to the case is the tribunal’s proposed developer commission rate of 15-20 per cent, lower than Apple’s longstanding 30 per cent fee. The rate was determined using what the court described as informed estimates.
If upheld, the compensation would be distributed among UK App Store users who made purchases between 2015 and 2024. The case is being closely watched as a test of antitrust enforcement against major digital platforms.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
South Korea has blamed weak femtocell security at KT Corp for a major mobile payment breach that triggered thousands of unauthorised transactions.
Officials said the mobile operator used identical authentication certificates across femtocells and allowed them to stay valid for ten years, meaning any device that accessed the network once could do so repeatedly instead of being re-verified.
More than 22,000 users had identifiers exposed, and 368 people suffered unauthorised payments worth 243 million won.
Investigators also discovered that ninety-four KT servers were infected with over one hundred types of malware. Authorities concluded the company failed in its duty to deliver secure telecommunications services because its overall management of femtocell security was inadequate.
The government has now ordered KT to submit detailed prevention plans and will check compliance in June, while also urging operators to change authentication server addresses regularly and block illegal network access.
Officials said some hacking methods resembled a separate breach at SK Telecom, although there is no evidence that the same group carried out both attacks. KT said it accepts the findings and will soon set out compensation arrangements and further security upgrades instead of disputing the conclusions.
A separate case involving LG Uplus is being referred to police after investigators said affected servers were discarded, making a full technical review impossible.
The government warned that strong information security must become a survival priority as South Korea aims to position itself among the world’s leading AI nations.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
South Korea has introduced mandatory facial recognition for anyone registering a new SIM card or eSIM, whether in-store or online.
The live scan must match the photo on an official ID so that each phone number can be tied to a verified person instead of relying on paperwork alone.
Existing users are not affected, and the requirement applies only at the moment a number is issued.
The government argues that stricter checks are needed because telecom fraud has become industrialised and relies heavily on illegally registered SIM cards.
Criminal groups have used stolen identity data to obtain large volumes of numbers that can be swapped quickly to avoid detection. Regulators now see SIM issuance as the weakest link and the point where intervention is most effective.
Telecom companies must integrate biometric checks into onboarding, while authorities insist that facial data is used only for real-time verification and not stored. Privacy advocates warn that biometric verification creates new risks because faces cannot be changed if compromised.
They also question whether such a broad rule is proportionate when mobile access is essential for daily life.
The policy places South Korea in a unique position internationally, combining mandatory biometrics with defined legal limits. Its success will be judged on whether fraud meaningfully declines instead of being displaced.
A rule that has become a test case for how far governments should extend biometric identity checks into routine services.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
