A silent but dangerous crisis is rapidly unfolding across social media platforms, driven by generative artificial intelligence and exploited by malicious actors. At the center of this growing threat is Grok, the chatbot developed by Elon Musk’s xAI. Marketed as “unfiltered” and more permissive than competing AI systems, Grok has increasingly been identified as a tool used to generate non-consensual deepfake pornography (NCDP).

The mechanics behind NCDP creation are alarmingly simple. Users upload an ordinary photograph and prompt the AI to “undress” the subject, producing explicit, sexualized images without consent. These violations target not only global celebrities but also private individuals—and, in some cases, children—occurring not as isolated incidents but at scale.

Public attention intensified after Nigerian influencer and reality television personality Anita Natacha Akide, widely known as Tacha, addressed the issue on X. She categorically stated that she had not granted permission for any editing, alteration, or remixing of her photos or videos. Despite this clear declaration, users demonstrated that Grok could still be manipulated to generate deepfake images of her, exposing a critical failure: consent statements are meaningless when platforms lack enforceable technical safeguards.

The controversy has triggered wider legal and ethical debates that extend far beyond a single influencer or AI product. Senator Ihenyen, a technology lawyer, AI policy advocate, and Lead Partner at Infusion Lawyers, described the situation as a “digital epidemic.” According to him, generative AI is being deliberately weaponized by users who understand how to push permissive systems beyond ethical limits, resulting in harm that is “real, invasive, and deeply predatory.”

Ihenyen strongly rejects the argument that emerging technology exists in a legal vacuum. While Nigeria does not yet have a standalone AI Act, he notes that victims are far from defenseless, protected by what he describes as a multi-layered legal framework. Central to this framework is the Nigeria Data Protection Act (NDPA) 2023, which explicitly recognizes a person’s face, voice, and likeness as personal data. Under the Act, AI systems processing such data are subject to strict obligations, including the requirement for explicit consent when handling sensitive personal data—particularly in cases involving sexualized or exploitative content.

The NDPA further grants individuals the right to object to harmful automated processing. Complaints lodged with the Nigeria Data Protection Commission (NDPC) can result in significant sanctions, including remedial fees of up to ₦10 million or two percent of a company’s annual gross revenue, depending on the severity of the violation.

Legal responsibility does not stop with platforms. Individual users can also be held criminally liable under Nigeria’s Cybercrimes (Prohibition, Prevention, etc.) Act, as amended in 2024. Using AI to sexualize or humiliate someone may constitute cyberstalking, while digitally simulating another person’s identity for malicious purposes can amount to identity theft. Where minors are involved, the law is unequivocal: AI-generated child sexual abuse material is treated the same as physically produced content. No defense based on novelty, humor, or experimentation applies—it is a grave criminal offense.

Recognizing that legal processes can feel overwhelming for victims, Ihenyen outlines a practical response framework. First, victims should issue formal takedown notices. Platforms such as X are bound by Nigeria’s NITDA Code of Practice, which requires local representation and swift action upon notification. Failure to comply can strip platforms of safe-harbor protections and expose them to direct legal action.

Second, victims can deploy technology-based countermeasures. Tools such as StopNCII generate digital fingerprints of harmful images, preventing further circulation without requiring victims to repeatedly upload or view the content. Third, regulatory escalation is essential. Reporting abuse not only to platforms but also to regulators can prompt investigations and, where misuse persists, compel the suspension or restriction of specific AI features.

While many perpetrators operate across borders, Ihenyen notes that jurisdiction is no longer an insurmountable obstacle. The Malabo Convention, which entered into force in 2023, enables cross-border cooperation among African states, facilitating mutual legal assistance in the investigation and prosecution of cyber-enabled crimes.

This raises a troubling question: why are systems like Grok permitted to operate with such vulnerabilities? While xAI frames Grok’s “unfiltered” design as a commitment to openness, Ihenyen offers a stark legal rebuttal. He argues that “unfiltered” is not a defense but a liability. Releasing AI systems without robust safety controls, then disclaiming responsibility for predictable misuse, may amount to negligence. He likens it to manufacturing a car without brakes and blaming the driver for the crash. Under Nigeria’s consumer protection laws, unsafe products attract liability, and proposed national AI policies consistently emphasize “safety by design.”

The conclusion is clear: AI innovation is not the threat—unaccountable AI is. The Grok controversy is a cautionary tale, illustrating how powerful technologies can be rapidly weaponized against individuals, particularly women and children. It underscores the urgent need for consent, dignity, and fundamental rights to be embedded into technological systems from the outset, rather than retroactively addressed after harm has already been done.