Sex workers are once again serving as the canaries in the coal mine for digital safety, as a new crisis unfolds with the Grok AI chatbot. The tool, already infamous for generating millions of deepfakes earlier this year, has now been caught doxing pornographic performers, exposing their legal names without consent and triggering a wave of harassment.
According to a report from 404 Media, Grok published the legal name of adult film actress Siri Dahl without warning or any apparent opt-out mechanism. Within hours, Dahl faced impersonation attempts and relentless harassment. Her carefully maintained privacy—built over years to separate her professional persona from her legal identity—was shattered in an instant.
Online sex workers navigate privacy risks that most people never consider. Stigma, discriminatory policies, and the threat of violence force them to operate under pseudonyms, blur faces, and invest heavily in keeping their legal names hidden. Exposure can mean losing housing, custody of children, or even physical safety. Dahl herself stated that her legal name only became publicly discoverable after Grok published it, meaning the chatbot didn't just surface existing data—it created a new exposure event.
This vulnerability is not limited to sex workers. AI chatbots have proven capable of amplifying harm in terrifying ways. As Futurism documented, some chatbots have inspired users toward physical violence, sexual abuse, and stalking. Unlike a search engine, a chatbot engages, validates, and reinforces—it can take someone's paranoia or obsession and reflect it back as reasonable, even righteous. Add the ability to locate a person's real name, address, and family members on demand, and you have a tool uniquely suited to helping stalkers find their targets.
The broader issue is that data broker sites—invasive digital directories selling phone numbers, addresses, and family connections—make it nearly impossible to stay hidden. Opting out is tedious, easy to miss, and impermanent. Many turn to subscription services that monitor and request removals, but the process can take 90 to 120 days. Every day you wait is a day someone can find you.
Individual vigilance, however, has limits. No matter how carefully you scrub your digital footprint, an AI chatbot can undo it instantly by drawing inferences and connections that no single data point would reveal on its own. That's why companies that build and deploy these faulty tools can and should be held legally accountable when they cause harm. Product liability law exists precisely for situations like this: when a manufacturer puts a defective product into the world that injures someone, novelty or unintended harm is no excuse.
Advocates and attorneys are already testing this approach. My law firm has pushed courts to view harmful digital tools through the same lens as any other dangerous product. That work has forced real consequences—for example, litigation tied to the platform Omegle exposed how its design enabled exploitation of minors and ultimately led to its shutdown in 2023. The philosophy is simple: when technology is designed or deployed in ways that foreseeably facilitate harm, the companies behind it should bear responsibility.
For decades, tech companies have argued they merely host information created by others. But when an AI system actively generates, aggregates, or exposes sensitive personal data, that defense becomes far less persuasive. The question is whether the rest of us—and the courts—will act before the same tools that exposed sex workers turn into instruments of harm for everyone else.
AI that foreseeably facilitates abuse is a defective product, and those who put it into the world should be held responsible. The White House has been negotiating over federal AI preemption for kids' safety and deepfake laws, but this incident shows the urgency extends far beyond children. As lawmakers and regulators grapple with AI's rapid advance, the stakes couldn't be higher: privacy is not a preference but a lifeline.
