Accuracy note: This article discusses allegations in an unverified civil complaint. The defendant has not appeared or answered as of the latest available docket entry. The related criminal charges are pending accusations, and the defendant is presumed innocent unless and until proven guilty.
For most of the AI era, the courtroom question has run in one direction:
What did the AI company do wrong?
A newly filed lawsuit in Texas reverses that question:
What did the user promise not to do—and can the AI company sue when those promises are broken?
On July 14, 2026, X.AI LLC filed a one-count breach-of-contract action against Terry Wayne Harwood, a South Carolina resident and alleged Grok user. xAI claims Harwood opened multiple accounts using false identities, repeatedly attempted to bypass Grok's safety systems, and used or attempted to use the service to transform photographs of real adults and minors into sexually explicit material without their consent. The complaint further alleges that some of the conduct involved child sexual abuse material, commonly called CSAM. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 1–9, ECF No. 1 (N.D. Tex. July 14, 2026).
Reuters described the action as one of the first lawsuits brought by an AI company against one of its own users for allegedly generating explicit material.
This is not really a case about whether Grok is intelligent.
It is a case about whether an online user agreement can become an AI-safety enforcement mechanism—and whether the company kept enough evidence to prove the agreement, the violation, and the resulting harm.
The case in one minute
The lawsuit is pending in the Northern District of Texas, Wichita Falls Division, before Chief District Judge Reed O'Connor. xAI invokes diversity jurisdiction and classifies the action as an "Other Contract" case. A summons was issued on July 15, but the latest docket contains no return of service, defense appearance, answer, motion to dismiss, or request for temporary or preliminary injunctive relief. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Docket Entries 1–5 (N.D. Tex. July 14–15, 2026).
That procedural posture matters. Everything beyond the filing itself remains prospective. There has been no finding that Harwood accepted the relevant contract, controlled the identified accounts, generated the alleged material, caused damage to xAI, or owes xAI any relief.
What xAI alleges happened
According to the complaint, Harwood created two xAI accounts on December 8 and December 10, 2025. xAI says that between December 8, 2025, and February 18, 2026, the accounts were used to upload nonsexual photographs of adults and minors and to request sexualized alterations or newly generated images and videos.
The complaint alleges that Grok rejected multiple requests under its content-moderation rules. Rather than stopping, Harwood allegedly revised and resubmitted the prompts in an effort to evade the refusals. xAI claims that some resulting material involved minor children and that other material depicted adults without their knowledge or consent. Several of these allegations are pleaded "upon information and belief." X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 26–33, ECF No. 1 (N.D. Tex. July 14, 2026).
The complaint says xAI detected the activity and reported it to law enforcement, describing its report as instrumental to Harwood's arrest. A March 9 release from the South Carolina Attorney General confirms that National Center for Missing & Exploited Children CyberTipline reports led investigators to Harwood, although the release does not identify xAI as the source of those reports. The Attorney General reported that Harwood was arrested on February 26 and charged with three counts of second-degree sexual exploitation of a minor and five counts of third-degree sexual exploitation of a minor. The release expressly emphasizes that all defendants are presumed innocent unless and until proven guilty.
xAI also places the lawsuit inside a much broader enforcement narrative. It alleges that during 2026 it suspended 52,222 accounts and submitted 73,604 NCMEC reports, which it says resulted in at least 244 arrests. Those figures are allegations by xAI and have not been adjudicated in this case. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 2–6, ECF No. 1 (N.D. Tex. July 14, 2026).
Why xAI chose contract law
The unusual facts can obscure how conventional the legal theory is.
Under Texas law, a breach-of-contract plaintiff ordinarily must establish a valid contract, its own performance or tendered performance, the defendant's breach, and damages caused by that breach. Wesdem v. Illinois Tool Works, 70 F.4th 285 (5th Cir. 2023).
That is precisely how xAI pleads its single claim. It alleges that:
- Harwood agreed to the Consumer Terms of Service and Acceptable Use Policy.
- Those documents formed an enforceable contract.
- xAI performed by providing access to Grok.
- Harwood violated specific restrictions.
- xAI suffered resulting damage.
The archived November 4, 2025 Consumer Terms state that using the service constitutes agreement to the terms. They require accurate and complete registration information, incorporate the Acceptable Use Policy, make users responsible for their inputs and outputs, and prohibit conduct that interferes with safety systems, violates privacy or publicity rights, or sexualizes or exploits children. The terms also permit suspension or termination when a user violates the rules or creates risk or harm.
The incorporated Acceptable Use Policy is even more direct. It prohibits depicting real people pornographically, sexualizing or exploiting children, and circumventing safeguards without authorization. It also states that suspected CSAM will be reported to NCMEC.
If xAI proves the alleged account activity and proves that Harwood was the person behind those accounts, the conduct described in the complaint maps closely onto the written prohibitions.
That is the strategic power of the contract theory. xAI does not have to invent a new cause of action called "AI abuse." It can argue that ordinary contract law already supplies a remedy.
The contract also controls where the fight occurs
The archived terms select Texas law and require disputes to proceed in the Northern District of Texas or a state court located in Tarrant County. They contain a jury and class-action waiver, but they do not direct disputes into arbitration.
That design has an important consequence: disputes can produce a public, citable judicial record rather than disappearing into confidential arbitration.
But the forum clause depends on the same foundational issue as the contract claim—assent.
xAI alleges that Grok.com displayed a message beneath the query area stating that messaging Grok constituted agreement to linked terms and a privacy policy. It further alleges that users creating accounts saw a prominent banner stating that continuing meant agreeing to the linked terms. xAI relies on that alleged consent not only to establish liability, but also to establish personal jurisdiction over a South Carolina resident and contractual venue in Texas. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 14–20, ECF No. 1 (N.D. Tex. July 14, 2026).
In other words, online assent is doing double duty. It is the foundation of both the substantive claim and the Texas forum.
Assent may become the first serious fight
Texas courts generally recognize electronic contracts. Where a user affirmatively clicks boxes tied to linked terms, the Fifth Circuit has treated that conduct as consent. King v. Baylor University, 46 F.4th 344 (5th Cir. 2022).
But not every online notice is a classic clickwrap agreement.
A traditional clickwrap process requires a user to affirmatively select an "I agree" or similar button. A sign-in-wrap process instead tells the user that clicking "continue," registering, or using the service constitutes acceptance. The enforceability of that design often turns on the notice's placement, wording, size, contrast, surrounding screen design, and relationship to the action the user takes.
In Stubhub, a Texas appellate court held that generalized testimony about an account-registration process was insufficient at the evidentiary stage to conclusively establish assent. The company's witness did not clearly describe each affirmative step, state that the user clicked a specific acceptance button, or provide sufficiently detailed proof of the interface the user encountered. Stubhub, Inc. v. Wesley T. Ball, 676 S.W.3d 193 (Tex. App. 2023).
That does not mean xAI's complaint is presently deficient. Stubhub involved an evidentiary motion to compel arbitration, not merely the adequacy of initial pleadings.
It does mean that xAI will eventually need more than a description in a complaint.
The public filings do not attach the November 2025 terms, the Acceptable Use Policy, historical screenshots of the registration flow, or records showing the precise action taken by either alleged account. The document filed as "additional attachments" is only a civil cover sheet. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Civil Cover Sheet, ECF No. 2 (N.D. Tex. July 14, 2026).
At the proof stage, xAI may need to produce:
- The exact version of every operative policy.
- Historical screenshots or source records recreating the user interface.
- Timestamped assent and account-creation records.
- Evidence connecting Harwood to accounts allegedly opened under false identities.
- Device, IP-address, authentication, payment, email, or other account-linkage evidence.
- Prompt, refusal, resubmission, output, and moderation-event logs.
In a digital contract case, the interface is an exhibit. The logs are witnesses.
Breach may be easier to prove than damages
xAI seeks more than a declaration that its terms were violated.
The complaint requests damages for alleged harm to third parties, exposure to possible victim claims and lawsuits, reputational harm, and other losses. It also asks the court to enforce the terms' indemnification provision, including expenses associated with defending any victim litigation, whether already incurred or incurred later. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 43–44 & Prayer for Relief, ECF No. 1 (N.D. Tex. July 14, 2026).
The archived terms contain unusually broad indemnification language. They require a user to defend, indemnify, and hold xAI harmless from claims, damages, liabilities, costs, and legal fees arising from the user's inputs, outputs, use of the service, or violation of the terms.
Even so, several damages questions remain.
First, Texas contract damages must reflect actual loss and cannot be remote, contingent, speculative, or conjectural. CQ, Inc. v. TXU Mining Co., L.P., 565 F.3d 268 (5th Cir. 2009).
The complaint does not presently quantify xAI's investigation expenses, remediation costs, legal expenses, lost revenue, or other concrete economic losses. It instead describes broad categories of existing and potential harm.
Second, xAI expressly seeks damages for harm to its reputation. The Fifth Circuit has observed that, under Texas law, damages for actual reputational harm are generally not recoverable on a breach-of-contract theory, even though similar harm may be recoverable under certain tort theories. Sulzer Carbomedics, Inc. v. Oregon Cardio-Devices, Inc., 257 F.3d 449 (5th Cir. 2001).
Third, indemnification for future victim claims may be asserted now, but recovery may depend on whether and when xAI's third-party liability becomes fixed. Texas distinguishes indemnity against liability from indemnity against damages. Broad "hold harmless" language covering claims and liabilities may create liability-based indemnity, but the claim ordinarily matures for recovery when the indemnitee's liability becomes fixed and certain. Ingersoll-Rand Co. v. Valero Energy Corp., 997 S.W.2d 203 (Tex. 1999).
Texas law permits a contingent indemnity claim to be brought earlier for judicial efficiency. But the fact that it can be pleaded does not necessarily mean damages for a hypothetical future suit are immediately payable. Ingersoll-Rand Co. v. Valero Energy Corp., 997 S.W.2d 203 (Tex. 1999).
This may become the central doctrinal divide in the case:
The alleged breach fits the contract language. The amount of recoverable contract damage is much less obvious.
A permanent Grok ban is not automatic
xAI also asks for a permanent injunction prohibiting Harwood from creating any new xAI account or otherwise using Grok.
The request is understandable. The complaint alleges multiple accounts, false identities, repeated refusals, and deliberate prompt modification. Those allegations are designed to show that ordinary account termination may be insufficient.
A judicial injunction would also add something account suspension cannot: violating the order could expose a defendant to contempt proceedings.
But a contractual violation does not automatically produce permanent injunctive relief. A federal plaintiff must establish irreparable injury, inadequate legal remedies, a favorable balance of hardships, and consistency with the public interest. The relief must also be tailored to the specific conduct requiring restraint. Spartan Composites LLC v. Signature Systems Group, LLC, No. 4:24-cv-00609 (E.D. Tex. Apr. 30, 2026).
The court may therefore ask why xAI's contractual right to terminate accounts and its technical ability to block users are inadequate without an injunction. xAI's likely answer will be that the alleged use of false identities and repeated circumvention creates an ongoing risk that cannot be reliably addressed through ordinary account controls.
No motion for a temporary restraining order or preliminary injunction has yet been filed. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Docket Entries 1–5 (N.D. Tex. July 14–15, 2026).
The lawsuit is also sending a message
xAI's complaint does not present the case as an isolated billing or account dispute. It opens by characterizing Grok as a "neutral" tool under user control and expressly states that xAI will pursue "civil accountability" against users who abuse the system to harm others. Those are litigation positions, not judicial findings, but they reveal the company's intended framing. X.AI LLC v. Harwood, No. 7:26-cv-00078-O, Compl. ¶¶ 2–4, ECF No. 1 (N.D. Tex. July 14, 2026).
This suit appears to perform at least three functions.
It seeks a remedy against one alleged user. It warns other users that prohibited conduct may lead to more than account suspension. And it creates a public record in which xAI emphasizes its policies, guardrails, refusals, reporting practices, and cooperation with law enforcement.
That final function may matter in future disputes over platform responsibility. It is reasonable to infer that xAI benefits from publicly documenting that it does not authorize or tolerate the alleged conduct—particularly amid broader scrutiny of AI-generated nonconsensual imagery. The complaint does not, however, state that defensive positioning is the company's motive.
Federal law is moving in the same direction
The lawsuit also arrives after enactment of the TAKE IT DOWN Act, Pub. L. No. 119-12 (2025).
That law addresses the nonconsensual online publication of authentic and computer-generated intimate visual depictions. It also requires covered platforms to provide a notice-and-removal process and remove qualifying material within 48 hours after receiving a valid request.
The xAI case is not brought under the TAKE IT DOWN Act. It focuses on alleged generation, attempted generation, contract violations, and platform misuse—not a statutory takedown request. The Act's definition of a covered platform may also create separate questions about which generative-AI services fall within its reach.
Still, the direction of travel is clear. Legislatures, regulators, platforms, and courts are all confronting the same core problem:
How should responsibility be allocated when a person deliberately uses generative AI to target a real human being?
The LegalTek lesson: governance must be litigable
The lesson is not simply that AI companies need longer terms of service.
It is that governance must be designed so it can survive discovery, authentication, and cross-examination.
Under the LegalTek COUNSEL Framework, Notice means preserving the exact interface through which users allegedly agreed. Scrutiny means logging refusals, modified prompts, safeguard triggers, and escalation events. Oversight means documenting when humans reviewed an incident and why it was reported. Confidentiality and Equity require strict access controls, minimization, and careful handling of victim-related imagery. Understanding means mapping every contractual prohibition to an actual technical or operational control. Learning means improving safeguards while retaining historical policy versions and evidence of what existed at the time of the incident.
For organizations deploying AI, the operational checklist is straightforward:
- Version and preserve every policy, not just the current webpage.
- Capture assent with timestamps and reproducible interface records.
- Maintain reliable identity and account-linkage evidence.
- Log safety refusals and attempted circumvention.
- Create documented escalation and law-enforcement reporting procedures.
- Apply immediate litigation holds without unnecessarily duplicating harmful content.
- Test whether contractual indemnity, forum, remedies, and enforcement provisions say what the company believes they say.
A policy without evidence is a suggestion.
A safeguard without telemetry is a story.
An enforcement program without documented human oversight is difficult to defend.
What comes next
The first developments to watch are service of process and Harwood's response. A motion to dismiss could challenge contract formation, account attribution, personal jurisdiction, venue, damages, or the maturity of the indemnity request.
Discovery—if the case reaches it—will likely place xAI's internal evidence at center stage: historical interface records, assent logs, account-linkage data, prompts, refusals, outputs, moderation events, reports, and communications with law enforcement.
The court will also have to separate three different questions that the complaint presents together:
- Did the defendant violate xAI's rules?
- Did those rules form an enforceable contract with this defendant?
- What legally recoverable injury did the breach cause xAI itself?
The first may be morally and factually dramatic. The second and third will decide the contract case.
The bottom line
xAI v. Harwood may become an early blueprint for AI-company litigation against deliberately abusive users.
The case demonstrates how ordinary contract provisions—acceptable-use restrictions, safety-circumvention prohibitions, user responsibility clauses, indemnity language, and forum selection—can become part of an AI-enforcement strategy.
But terms of service are not self-executing.
xAI must prove that the defendant agreed, that he controlled the accounts, that the alleged activity occurred, that it violated the operative terms, and that the violation caused a form of harm Texas contract law recognizes. Any permanent ban must also satisfy the traditional requirements for equitable relief.
The deeper lesson is larger than Grok:
In the next phase of AI accountability, the decisive technology may not be the model. It may be the evidence system built around it.
Legal disclaimer: This article is provided for general educational and informational purposes only. It does not constitute legal advice, does not create an attorney-client relationship, and should not be relied upon as a substitute for advice from qualified counsel. Laws, court dockets, and platform policies change quickly.
AI disclosure: This article was prepared with AI-assisted legal research and drafting and received human editorial review and citation verification prior to publication.
LegalTek.ai is a technology company, not a law firm.








