X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website.

After creating thousands of “undressing” pictures of women and sexualized imagery of apparent minors, Elon Musk’s X has apparently limited who can generate images with Grok. However, despite the changes, the chatbot is still being used to create “undressing” sexualized images on the platform.

On Friday morning, the Grok account on X started responding to some users’ requests with a message saying that image generation and editing are “currently limited to paying subscribers.” The message also includes a link pushing people toward the social media platform’s $395 annual subscription tier. In one test of the system requesting Grok create an image of a tree, the system returned the same message.

The apparent change comes after days of growing outrage against and scrutiny of Musk’s X and xAI, the company behind the Grok chatbot. The companies face an increasing number of investigations from regulators around the world over the creation of nonconsensual explicit imagery and alleged sexual images of children. British prime minister Keir Starmer has not ruled out banning X in the country and said the actions have been “unlawful.”

Neither X nor xAI, the Musk-owned company behind Grok, has confirmed that it has made image generation and editing a paid-only feature. An X spokesperson acknowledged WIRED’s inquiry but did not provide comment ahead of publication. X has previously said it takes “action against illegal content on X,” including instances of child sexual abuse material. While Apple and Google have previously banned apps with similar “nudify” features, X and Grok remain available in their respective app stores. xAI did not immediately respond to WIRED's request for comment.

For more than a week, users on X have been asking the chatbot to edit images of women to remove their clothes—often asking for the image to contain a “string” or “transparent” bikini. While a public feed of images created by Grok contained far fewer results of these “undressing” images on Friday, it still created sexualized images when prompted to by X users with paid for “verified” accounts.

“We observe the same kind of prompt, we observe the same kind of outcome, just fewer than before,” Paul Bouchaud, lead researcher at Paris-based nonprofit AI Forensics, tells WIRED. “The model can continue to generate bikini \[images\],” they say.

A WIRED review of some Grok posts on Friday morning identified Grok generating images in response to user requests for images that “put her in latex lingerie” and “put her in a plastic bikini and cover her in donut white glaze.” The images appear behind a “content warning” box saying that adult material is displayed.

On Wednesday, WIRED revealed that Grok’s stand-alone website and app, which is separate from the version on X, has also been used in recent months to create highly graphic and sometimes violent sexual videos, including celebrities and other real people. Bouchaud says it is still possible to use Grok to make these videos. “I was able to generate a video with sexually explicit content without any restriction from an unverified account,” they say.

While WIRED’s test of image generation using Grok on X using a free account did not allow any images to be created, using a free account on Grok’s app and website still generated images.

The change on X could immediately limit the amount of sexually explicit and harmful material the platform is creating, experts say. But it has also been criticized as a minimal step that acts as a band-aid to the real harms caused by nonconsensual intimate imagery.

“The recent decision to restrict access to paying subscribers is not only inadequate—it represents the monetization of abuse,” Emma Pickering, head of technology-facilitated abuse at UK domestic abuse charity Refuge, said in a statement. “While limiting AI image generation to paid users may marginally reduce volume and improve traceability, the abuse has not been stopped. It has simply been placed behind a paywall, allowing X to profit from harm.”

X Didn’t Fix Grok's ‘Undressing’ Problem. It Just Makes People Pay for It

Jonathan Ross told a federal court in December about his professional background, including “hundreds” of encounters with drivers during enforcement actions, according to testimony obtained by WIRED.

Jonathan Ross, the Immigration and Customs Enforcement officer identified by multiple news outlets as the federal agent who shot 37-year-old Renee Good in Minneapolis on Wednesday, is a veteran deportation officer in ICE’s Enforcement and Removal Operations division, according to sworn testimony from the federal district court in Minnesota obtained by WIRED. A member of a Special Response Team, ICE’s version of a SWAT team, he’s had duties as a firearms trainer and led teams drawn from multiple federal agencies including the FBI, Ross testified.

The testimony stems from a December 2025 trial related to a June incident with parallels to the interaction that led to Good’s killing.

In June, according to Ross’s testimony, he led a team seeking to apprehend a man named Roberto Carlos Muñoz-Guatemala, who was on an administrative warrant for being in the United States without authorization. Because the man’s home was across from a school and immigration agents had no authority to enter his home, Ross testified, they instead trailed him in unmarked vehicles.

Muñoz-Guatemala’s attorney did not immediately reply to a request for comment.

According to the December testimony and a New York Times account of an FBI agent’s affidavit associated with the case, Ross approached Muñoz-Guatemala and asked him to roll down his window and open his door. Ross, who testified that he had been driving an unmarked vehicle, was dressed in ranger green and gray, and wore his badge on his belt, broke the driver’s side back window and reached into the vehicle, at which point Muñoz-Guatemala pulled away.

While being dragged at a speed he claimed seemed like “40 miles an hour at least, if not more,” Ross pulled out his Taser and fired it at the driver. Muñoz-Guatemala continued to drive and succeeded in shaking Ross from the car. At trial, Ross testified that he suffered injuries that required 33 stitches.

According to the affidavit, Muñoz-Guatemala called 911 to report that he’d been assaulted by ICE, which led to his arrest. Last month, he was convicted of assault on a federal officer with a dangerous weapon.

Reports from the Minnesota Star-Tribune, The Intercept, and The Guardian identified Ross as the shooter who killed Good, a mother and recent transplant to Minneapolis, during an immigration enforcement action in the city. Video of the incident appears to show a federal agent firing shots into Good’s vehicle as she attempted to leave the scene. The officer did not appear to have been struck by the vehicle, and Good appeared to be turning the wheel to avoid contact, video analysis by The New York Times and The Washington Post shows.

At Thursday’s White House press briefing, vice president JD Vance answered questions about the incident, and his responses included numerous identifying details about Ross, mainly relating to his interaction with Muñoz-Guatemala. “That very ICE officer nearly had his life ended, dragged by a car, six months ago, 33 stitches in his leg,” said Vance, “so you think maybe he is a little bit sensitive about somebody ramming him with an automobile?”

Department of Homeland Security secretary Kirsti Noem has repeatedly described Good’s actions as an intentional act of “domestic terrorism.” An FBI investigation into Good’s killing is ongoing.

DHS spokesperson Tricia McLaughlin told WIRED in a statement that the department is “not going to expose the name of this officer. He acted according to his training.” McLaughlin added that federal immigration agents “are under constant threat from violent agitators” because of “doxxing” and that the Minnesota Star Tribune, which first published Ross’ name, “should delete their story immediately.”

According to Ross’ December testimony, he served in the Indiana National Guard and was deployed to Iraq from 2004 to 2005 as a machine gunner on a patrol truck, then joined Border Patrol in 2007 after finishing college, working near El Paso, Texas.

“I did normal Border Patrol duties,” Ross testified, “including line-watch operations, tracking, and I also was a field intelligence agent.” In that latter role, he testified, Ross “compiled and analyzed information from raw information, creating an intelligence product and focusing more so on the cartels and drug smuggling and also alien smuggling.”

In 2015, according to his testimony, Ross joined ICE, working in the ERO division, where he was tasked with targeting “higher-value targets” as a deportation officer in the Twin Cities area. A member of a joint anti-terrorism task force with the FBI, he testified that he’s a “team leader” who, on a typical operation, oversees two FBI agents and an IRS or ATF agent.

“I develop the targets, create a target package, surveillance, and then develop a plan to execute the arrest warrant,” he testified. He also described what he termed “collateral” duties he’s carried out in addition to deportation work.

“I am a firearms instructor, an active shooter instructor,” he testified. “I'm also a field intelligence officer, and I am a member of the SWAT team, the St. Paul Special Response Team.”

In his testimony, Ross said that he had made hundreds of vehicle stops in his career and generally described people who attempt to flee. “They do erratic behaviors,” he testified. “They take great risks, and they seem to not be aware of other people driving on the road. They usually—they make just extreme movements with their vehicles.”

In his testimony, Ross claimed that after he approached Muñoz-Guatemala, the man asked for his attorney.

In court, Eric Newmark, who was representing Muñoz-Guatemala, noted that even government lawyers hadn’t previously heard this assertion. “I think he just made it up on the stand,” Newmark told the judge. “He never said it before. I think he said it for a particular reason”—allegedly to show that Muñoz-Guatemala was aware that he was being apprehended by law enforcement and not attacked by a masked carjacker. A prosecutor in the case conceded that the claim was “grounds for impeachment” against Ross because he “did not previously say that—as far I know.”

Under cross-examination by Newark, Ross testified that people he encounters often “act like they’re confused,” implying that they do know he’s a federal agent even if they appear not to.

“I believe it's—it seems to be something that some ​​people just—just say to—to stall,” he testified. “I believe a lot of time people are on the phone and they're waiting for people to get—to show up, especially with our line of work.

“They've got phone trees where they call and then protesters show up.”

_Updated 8:30 am ET, January 9, 2026: Added citation to The Intercept, which identified Ross following the Minnesota Star-Tribune and first reported on a Facebook photo captioned “Jon Ross in Iraq.”_

ICE Agent Who Reportedly Shot Renee Good Was a Firearms Trainer, per Testimony

A WIRED review of outputs hosted on Grok’s official website shows it’s being used to create violent sexual images and videos, as well as content that includes apparent minors.

_This story contains descriptions of explicit sexual content and sexual violence._

Elon Musk’s Grok chatbot has drawn outrage and calls for investigation after being used to flood X with “undressed” images of women and sexualized images of what appear to be minors. However, that’s not the only way people have been using the AI to generate sexualized images. Grok’s website and app, which are are separate from X, include sophisticated video generation that is not available on X and is being used to produce extremely graphic, sometimes violent, sexual imagery of adults that is vastly more explicit than images created by Grok on X. It may also have been used to create sexualized videos of apparent minors.

Unlike on X, where Grok’s output is public by default, images and videos created on the Grok app or website using its Imagine model are not shared openly. If a user has shared an Imagine URL, though, it may be visible to anyone. A cache of around 1,200 Imagine links, plus a WIRED review of those either indexed by Google or shared on a deepfake porn forum, shows disturbing sexual videos that are vastly more explicit than images created by Grok on X.

One photorealistic Grok video, hosted on Grok.com, shows a fully naked AI-generated man and woman, covered in blood across the body and face, having sex, while two other naked women dance in the background. The video is framed by a series of images of anime-style characters. Another photorealistic video includes an AI-generated naked woman with a knife inserted into her genitalia, with blood appearing on her legs and the bed.

Other short videos include imagery of real-life female celebrities engaged in sexual activities, and a series of videos also appear to show television news presenters lifting up their tops to expose their breasts. One Grok-produced video depicts a recording of CCTV footage being played on TV, where a security guard fondles a topless woman in the middle of a shopping mall.

Multiple videos—likely created to try to avoid Grok’s content safety systems, which may restrict graphic content—impersonate Netflix “movie” posters: Two videos show a naked AI depiction of Diana, Princess of Wales, having sex with two men on a bed with an overlay depicting the logos of Netflix and its series _The Crown_.

Around 800 of the archived Imagine URLs contain either video or images created by Grok, says Paul Bouchaud, the lead researcher at the Paris-based nonprofit AI Forensics, who reviewed the content. The URLs have all been archived since August last year and represent only a tiny snapshot of how people have used Grok, which has likely created millions of images overall.

“They are overwhelmingly sexual content,” Bouchaud says of the cache of 800 archived Grok videos and images. “Most of the time it’s manga and hentai explicit content and \[other\] photorealistic ones. We have full nudity, full pornographic videos with audio, which is quite novel.”

Bouchaud estimates that of the 800 posts, a little less than 10 percent of the content appears to be related to child sexual abuse material (CSAM). “Most of the time it's hentai, but there are also instances of photorealistic people, very young, doing sexual activities,” Bouchaud says. “We still do observe some videos of very young-appearing women undressing and engaging in activities with men,” they say. “It's disturbing to another level.”

The researcher says they reported around 70 Grok URLs, which may contain sexualized content of minors, to regulators in Europe. In many countries, AI-generated CSAM, including drawings or animations, can be considered illegal. French officials did not immediately respond to WIRED’s request for comment; however, the Paris prosecutor's office recently said two lawmakers had filed complaints with its office, which is investigating the social media company, about the “stripped” images.

Grok Is Generating Sexual Content Far More Graphic Than What's on X

Paid tools that “strip” clothes from photos have been available on the darker corners of the internet for years. Elon Musk’s X is now removing barriers to entry—and making the results public.

Elon Musk hasn’t stopped Grok, the chatbot developed by his artificial intelligence company xAI, from generating sexualized images of women. After reports emerged last week that the image generation tool on X was being used to create sexualized images of children, Grok has created potentially thousands of nonconsensual images of women in “undressed” and “bikini” photos.

Every few seconds, Grok is continuing to create images of women in bikinis or underwear in response to user prompts on X, according to a WIRED review of the chatbots’ publicly posted live output. On Tuesday, at least 90 images involving women in swimsuits and in various levels of undress were published by Grok in under five minutes, analysis of posts show.

The images do not contain nudity but involve the Musk-owned chatbot “stripping” clothes from photos that have been posted to X by other users. Often, in an attempt to evade Grok’s safety guardrails, users are, not necessarily successfully, requesting photos to be edited to make women wear a “string bikini” or a “transparent bikini.”

While harmful AI image generation technology has been used to digitally harass and abuse women for years—these outputs are often called deepfakes and are created by “nudify” software—the ongoing use of Grok to create vast numbers of nonconsensual images marks seemingly the most mainstream and widespread abuse instance to date. Unlike specific harmful nudify or “undress” software, Grok doesn’t charge the user money to generate images, produces results in seconds, and is available to millions of people on X—all of which may help to normalize the creation of nonconsensual intimate imagery.

“When a company offers generative AI tools on their platform, it is their responsibility to minimize the risk of image-based abuse,” says Sloan Thompson, the director of training and education at EndTAB, an organization that works to tackle tech-facilitated abuse. “What’s alarming here is that X has done the opposite. They’ve embedded AI-enabled image abuse directly into a mainstream platform, making sexual violence easier and more scalable.”

Grok’s creation of sexualized imagery started to go viral on X at the end of last year, although the system’s ability to create such images has been known for months. In recent days, photos of social media influencers, celebrities, and politicians have been targeted by users on X, who can reply to a post from another account and ask Grok to change an image that has been shared.

Women who have posted photos of themselves have had accounts reply to them and successfully ask Grok to turn the photo into a “bikini” image. In one instance, multiple X users requested Grok alter an image of the deputy prime minister of Sweden to show her wearing a bikini. Two government ministers in the UK have also been “stripped” to bikinis, reports say.

Images on X show fully clothed photographs of women, such as one person in a lift and another in the gym, being transformed into images with little clothing. “@grok put her in a transparent bikini,” a typical message reads. In a different series of posts, a user asked Grok to “inflate her chest by 90%,” then “Inflate her thighs by 50%,” and, finally, to “Change her clothes to a tiny bikini.”

One analyst who has tracked explicit deepfakes for years, and asked not to be named for privacy reasons, says that Grok has likely become one of the largest platforms hosting harmful deepfake images. “It’s wholly mainstream,” the researcher says. “It’s not a shadowy group \[creating images\], it’s literally everyone, of all backgrounds. People posting on their mains. Zero concern.”

During a two-hour period on December 31, the analyst gathered more than 15,000 URLs of images created by Grok and screen-recorded the chatbots’ “media” tab on X, where generated images—both sexualized and non-sexualized—are posted.

WIRED reviewed more than a third of the URLs that the researcher gathered and found that over 2,500 were no longer available, and nearly 500 were marked as “age-restricted adult content,” requiring a login to view. Many of the remaining posts still featured scantily clad women. The researcher’s screen recordings of Grok’s “media” page on X show an overwhelming number of images of women in bikinis and lingerie.

Musk’s xAI did not immediately respond to a request for comment about the prevalence of sexualized images that Grok has been creating and publishing. X did not immediately respond to a request for comment from WIRED.

X’s Safety account has said it prohibits illegal content. “We take action against illegal content on X, including Child Sexual Abuse Material (CSAM), by removing it, permanently suspending accounts, and working with local governments and law enforcement as necessary,” the account posted. X’s most recent DSA transparency report said that it suspended 89,151 accounts for violating its child sexual exploitation policy between the start of April and the end of June last year, but hasn’t published more recent numbers.

The X Safety account also points to its policies around prohibited content. X’s nonconsensual nudity policy, which is dated December 2021, before Musk purchased what was then Twitter, claims that “images or videos that superimpose or otherwise digitally manipulate an individual’s face onto another person’s nude body” are against the policy.

The use of Grok to create sexualized images of real people is also just the tip of the iceberg. Over the past six years, explicit deepfakes have become more advanced and easier for people to create. Dozens of “nudify” and “undress” websites, bots on Telegram, and open source image generation models have made it possible to create images and videos with no technical skills. These services are estimated to have made at least $36 million each year. In December, WIRED reported how Google’s and OpenAI’s chatbots have also stripped women in photos down to bikinis.

Action from lawmakers and regulators against nonconsensual explicit deepfakes has been slow but is starting to increase. Last year, Congress passed the TAKE IT DOWN Act, which makes it illegal to publicly post nonconsensual intimate imagery (NCII), including deepfakes. By mid-May, online platforms, including X, will have to provide a way for people to flag instances of NCII, which the platforms will be required to respond to within 48 hours.

The National Center for Missing and Exploited Children (NCMEC), a US-based nonprofit that works with companies and law enforcement to address instances of CSAM, reported that its online abuse reporting system saw a 1,325 percent increase in reports involving generative AI between 2023 and 2024. (Such large increases don’t necessarily mean a similarly large increase in activity and can sometimes be attributed to improvements in automated detection or guidelines about what should be reported.) The NCMEC did not respond to a request for comment from WIRED about the posts on X.

In recent months, officials in both the UK and Australia have taken the most significant action so far around “nudifying” services. Australia’s online safety regulator, the eSafety Commissioner, has targeted one of the biggest nudifying services with enforcement action, and UK officials are planning on banning nudification apps.

However, there are still questions around what, if any, action countries may take against X and Grok for the widespread creation of the nonconsensual imagery. Officials in France, India, and Malaysia are among those who have raised concerns or threatened to investigate X over the recent flurry of images.

A spokesperson for the eSafety office says it has “several reports” of Grok being used to generate sexual images since late last year. The office says it is assessing images of adults that were submitted to it, while some images of young people did not meet the country’s legal definition of child sexual exploitation material. “eSafety remains concerned about the increasing use of generative AI to sexualize or exploit people, particularly where children are involved,” the spokesperson says.

On Tuesday, the UK government officially called for X to take action against the imagery. “X needs to deal with this urgently,” technology minister Liz Kendall said in a statement, which followed communications regulator Ofcom contacting X on Monday. “What we have been seeing online in recent days has been absolutely appalling, and unacceptable in decent society.”

Grok Is Pushing AI ‘Undressing’ Mainstream

Meta’s end-to-end encrypted messaging app is used by billions of people. Here’s how to make sure you’re one of the most locked-down ones out there.

WhatsApp is one of the most popular messaging apps in the world, with over 3 billion users. But its ubiquity also makes it a target for attackers. In December, security researchers documented a new form of account hijacking called GhostPairing, which sees users tricked into linking an attacker’s browser to their WhatsApp device.

Meanwhile, in November, Austrian researchers plugged billions of numbers into WhatsApp’s contact discovery tool to create “the most extensive exposure of phone numbers” ever—along with profile photos and more.

WhatsApp is protected by end-to-end encryption, the gold standard of security that, when implemented properly, means only you and the person you’re chatting with can read your messages. Behind the scenes, WhatsApp has also launched passkey-encrypted backups and privacy-enhanced AI technology.

But there are a bunch of features you can use to boost your own privacy and security in the Meta-owned app. Here are eight of the best.

**Privacy Checkup**

A good place to start is WhatsApp’s Privacy Checkup feature in **Settings** under **Privacy**, which allows you to control who sees data such as your profile photo, **About** information, and status. You can also add extra privacy to your profile by adjusting the last **Seen/Online** setting to **Nobody**.

From there, you can choose who is able to contact you on WhatsApp by blocking unwanted calls and messages. It’s also possible to specify who can add you to groups, silence unknown callers, and manage your blocked contacts.

**Disappearing Messages**

While WhatsApp is protected by end-to-end encryption, your messages can be read if you are compromised by spyware or if someone gains physical access to your device.

One way of helping to secure chats against this is disappearing messages, which allows you to set a period of time for texts to stay visible before they are deleted. Messages can be set to disappear after 24 hours, seven days, or 90 days after they’re sent.

Disappearing messages can be set for all chats or for specific conversations. To enable the feature as default for new one-to-one chats, go to **Settings** > **Privacy** > **Default message timer** and set the time frame for messages to **disappear**.

Just keep in mind that the feature requires trust—anyone can screenshot a message, so you can’t guarantee that what you’ve sent will be deleted everywhere all the time.

**Two-Factor Authentication Including a Security PIN**

WhatsApp needs your phone number when you set up an account, but this can also leave it open to various security and privacy risks. A feature that will protect your WhatsApp account from such threats such is a security PIN.

The PIN works as two-factor authentication to protect your chats from prying eyes. Open WhatsApp **Settings**. Tap **Account** > **Two-step verification** > **Turn on or Set up PIN**. Enter a PIN of your choice and confirm it.

You can also add an email address in case you need to reset two-step verification. In addition, you can now add passkeys to protect your WhatsApp account.

**App Lock and Chat Lock**

When using an encrypted app such as WhatsApp, the last thing you want is your message previews popping up for everyone to see. With this in mind, it’s a good idea to disable push notifications in your smartphone’s settings panel.

You can also protect the app via FaceID or Touch ID on the iPhone, or with Android’s Fingerprint Lock. To enable App Lock in WhatsApp, go to **Settings** > **Privacy** > **App Lock**.

If some of your chats require extra privacy, you can lock them so they appear in a separate folder away from the main list. Also protected by your face or fingerprint, the Chat Lock feature can be enabled by going to the contact’s picture, scrolling down, and tapping **Lock Chat**.

If you need to delete conversations in a hurry, WhatsApp allows you to do so in **Settings** > **Privacy** > **Chat Lock** > **Unlock and Clear Locked Chats**.

**Enable Advanced Security Settings**

WhatsApp offers some advanced settings to help protect your account against scammers and prevent revealing your IP address. These settings are super-useful, but they are turned off by default.

To turn the settings on, go to **Privacy** > **Advanced**. The first is **Block Unknown Messages**, which stops you from being bombarded with high volumes of texts—a common scammer tactic.

Next up is the **Protect Your IP Address** setting, which ensures your calls are end-to-end encrypted via WhatsApp’s servers. This will prevent your IP address from being revealed, but the quality of your calls may be reduced.

Finally, if you enable **Disable Link Previews**, the links you send will not generate a preview, which may again reveal your IP address.

**Advanced Chat Privacy**

Another key feature for WhatsApp security is Advanced Chat Privacy, which helps prevent people taking your chats outside of the app, auto-downloading media to their phone, and using your messages for AI features.

To enable the feature for individuals, click the chat you want to edit. Go to **View Contact** > **Advanced Chat Privacy,** and **turn it on**. Just note, you need to enable Advanced Chat Privacy for each individual or group chat you want to apply it to.

For groups, be aware that anyone can update the setting, but an admin can restrict it. Click the chat you want to edit. Click **Group Info** > **Group Permissions**. **Turn on Edit Group Setting**s. Go back to the **Group page** and click **Advanced Chat Privacy** and **turn the feature on or off**.

When using Advanced Chat Privacy, be warned that users who aren’t on the latest version of WhatsApp may still be able to share chats outside of the app, such as auto-downloading media—and you won’t be notified if this is the case.

**Disable Read Receipts**

One of the less private features in WhatsApp is the ability for a recipient to see when you’ve read a message via the blue-tick read receipts. You can disable these, but be aware that it works both ways, and you won’t be able to see when others read your messages. The feature doesn’t apply to group chats. Go to your **Settings** > **Privacy** > **Read Receipts** and **toggle the feature off**.

**Turn Off Media Downloads**

WhatsApp automatically saves the videos and photos sent to your phone, which is annoying to say the least. To prevent this, go to your **Settings** > **Chats** and **turn off Save to Photos**.

At the same time, WhatsApp allows you to send media and voice notes for one-time viewing. Just select the media you’d like to send, but before doing so **tap the ‘1’ icon** in the **caption field**.

All that said, WhatsApp says it takes the role of providing private communication “incredibly seriously.”

“We continue to lead the industry in meaningful innovations that protect people’s messages and calls, including through collaboration with security researchers to strengthen our defenses,” WhatsApp spokesperson Ellie Heatrick tells WIRED. “With every feature we build, we sweat the details to protect what matters most: The ability to communicate privately and securely.”

8 WhatsApp Features to Boost Your Security and Privacy

Being targeted by sophisticated spyware is relatively rare, but experts say that everyone needs to stay vigilant as this dangerous malware continues to proliferate worldwide.

In December, hundreds of iPhone and Android users received a threat notification, warning them their device had been targeted by spyware. Days later, Apple and Google patched security holes that experts think were used to plant the stealthy malware on a select group of devices.

Spyware is so dangerous because the adversary is able to see and hear everything you do on your smartphone, including via encrypted messaging apps such as WhatsApp and Signal. But it tends to be extremely targeted against dissidents, journalists, politicians, and business leaders operating in certain sectors.

The malware has hit a number of high-profile people, including former Amazon CEO Jeff Bezos and Hanan Elatr, wife of murdered Saudi dissident Jamal Khashoggi—who were both compromised by NSO Group’s Pegasus spyware.

Today, spyware remains just as prolific in these circles, but experts think its impact could be widening. In early December, as Google issued its threat notification, the tech firm’s researchers detailed how an exploit chain was used to install Predator spyware surreptitiously onto a device.

It came after an alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA), warning users that adversaries are “actively leveraging” commercial spyware to target mobile messaging applications.

As the risk increases, what can you do to protect your Android device or Apple iPhone?

**Zero-Click Attacks**

Spyware often hits smartphones in so-called zero-click attacks, meaning your phone can become infected without clicking a link, downloading a malicious image, or any other kind of user interaction.

The attack cannot be mitigated via the usual routes. If the malware has infected your smartphone, adversaries can “read messages, observe keystrokes, take screenshots, monitor notifications, and access banking apps,” according to Pieter Arntz, a senior malware researcher at security firm Malwarebytes.

With full system access, spyware can “exfiltrate data such as emails and texts, send messages, steal credentials, and log in to cloud systems,” says Rocky Cole, cofounder of iVerify, an app that helps users to detect spyware.

Aside from zero-click attacks, spyware can infect a device when someone clicks on a compromised link sent over text, email, or social media. Meanwhile, the malware can hide in malicious apps that appear to be legit. It can also be concealed in an image file and downloaded via a message, or get onto your smartphone due to vulnerabilities in your browser.

Infection usually starts through malicious links and fake apps, but it is also taking place via “more subtle methods,” says Richard LaTulip, a field CISO at security company Recorded Future, which collaborated with Google’s threat intelligence team on the Predator spyware findings.

LaTulip cites the example of recent research on malicious browser extensions affecting millions of users that shows “how seemingly harmless tools can become surveillance devices.”

These techniques, often developed by nation-state adversaries linked to governments, indicate a trend toward “more covert, persistent, and device-level compromises,” he says.

**A Bigger Problem**

Over the past few years, spyware has become a growing issue. Governments and the companies that make the malware say the surveillance tools are used to target only criminals and terrorists, or for national security purposes.

“But the truth is that human rights activists, journalists, and many others across the world have been unlawfully targeted with spyware,” Rebecca White, Amnesty International’s researcher on targeted surveillance, tells WIRED. “In this way, spyware can be used as a tool of repression—to silence people speaking truth to power.”

Thai activist Niraphorn Onnkhaow is a prime example. Between 2020 and 2021, at the height of Thailand’s pro-democracy protests, Onnkhaow was targeted 14 times by Pegasus spyware. Soon afterward, she decided to end her role in the protest movement amid fears that her private data could be weaponized against her.

“Data can be weaponized and lead to more abuse, online and offline—especially for people who already face discrimination based on their identity; for example, on the basis of gender or race,” White says.

Beyond activists, mobile spyware appears to be targeting a wider subset of people, often within a business environment. The malware is hitting “a wide range of society,” from government officials to financial IT workers, says iVerify’s Cole. “Increasingly, it's used beyond intelligence gathering, to steal credentials for enterprise access.”

**Signs You’ve Been Hit**

Spyware is difficult to detect—especially sophisticated strains such as Pegasus and Predator, which are typically only discovered via forensic analysis. But you might notice some subtle signs, such as your device overheating or slowing down, or your camera or mic activating when they’re not supposed to be in use.

While advanced spyware may leave little to no visible trace, sudden drops in performance or changes in connectivity can serve as early warning signs, says LaTulip.

One more obvious indicator of being hit by a sophisticated campaign is an official threat notification from Apple, Meta, or Google. This “should be taken seriously,” White says.

Another sign is leaked private information that you haven’t shared previously, or if colleagues or friends have been compromised.

**How to Prevent and Mitigate Spyware**

The most reliable way to mitigate spyware is to prevent your device being taken over in the first place. If you think you may be at risk, Apple offers Lockdown Mode, which includes a higher level of security with reduced functionality that has improved over time as the feature has been updated. For example, it blocks most message attachments and incoming FaceTime calls.

To enable Lockdown Mode on your iPhone, go to **Settings** > **Privacy & Security** > **Lockdown Mode** and tap **Turn On Lockdown Mode**.

Ivan Krstić, vice president of Apple security engineering and architecture, tells WIRED there “has never been a successful, widespread malware attack” against the iPhone. The only system-level iOS attacks Apple has seen in the wild come from mercenary spyware, according to the iPhone maker. In other words, iPhones have been infected with spyware, but only the most sophisticated type, Krstić says.

Krstić describes how mercenary spyware is “historically associated with state actors and costs millions of dollars to target a very small number of specific individuals and their devices.” He adds that Apple has continued to develop new methods for combating spyware, including Lockdown Mode and Memory Integrity Enforcement.” Introduced alongside the latest iPhone line-up, Memory Integrity Enforcement is a “comprehensive, always-on memory-safety protection,” which helps prevent memory corruption exploits often used in spyware attack chains.

Krstić is confident about Memory Integrity Enforcement’s advancements, claiming that the new feature is “the most significant upgrade to memory safety in the history of consumer operating systems.”

Google offers spyware protection for Android called Advanced Protection, which has been enhanced in Android 16 with intrusion logging, USB protection and the option to disable auto-reconnect to insecure networks. It can be enabled via your **Settings** > **Security & Privacy** > **Other Settings** > **Advanced Protection**.

In addition to using anti-spyware features, all users should be mindful of clicking links from strangers, says White. “Pay attention to changes in devices’ functioning. Using a reputable VPN can help prevent some forms of surveillance and censorship,” she says. “Evaluate any new requests for social media followers before accepting. Visit Amnesty’s secure onion website, privately and anonymously, using the Tor network’s browser.”

More generally, exercise “strict control” over what gets installed on your device, adds Arntz.

At the same time, avoid side-loading on Android and ensure your mobile operating system and apps are fully updated. “Patches often close the same vulnerabilities that spyware relies on,” warns LaTulip.

Experts say spyware can be temporarily disrupted by turning your smartphone off and on again. However, if the malware does get on your device, the best course of action is to ditch it altogether.

Alongside Amnesty, several organizations can support members of civil society concerned they have been targeted with spyware, such as Access Now and Reporters Without Borders.

Above all, operate with a healthy skepticism, says LaTulip. “Assume compromise is possible, but avoid the paranoia that shuts down normal use.”

How to Protect Your iPhone or Android Device From Spyware

The tactics behind protest policing are changing—from one of cooperation to intentional antagonism for political marketing purposes.

In 2025, protest policing in major US cities increasingly took on the character of a spectacle: overwhelming deployments, theatrical staging, and aggressive crowd-control tactics that emphasized signaling power over maintaining public safety. This was not a one-off episode; it followed the deployment of federal troops into multiple Democratic-led cities, prompting lawsuits and court challenges that local leaders described, with justification, as militarized intimidation.

Los Angeles provided an early template. After protests erupted in June over an increase in aggressive Immigration and Customs Enforcement raids, President Donald Trump ordered roughly 4,000 federalized National Guard troops into the city and activated about 700 US Marines. At the same time, he signaled—online and through traditional media—a willingness to escalate even further by invoking the Insurrection Act. Troops stood shoulder to shoulder with long guns and riot shields as smoke canisters and crowd-control munitions blanketed highways and city streets, a posture nominally framed as deescalation and for the protection of federal property but calibrated to provoke confrontation.

Inside the Pentagon, officials rushed to draft domestic use-of-force guidance for Marines that contemplated temporary civilian detention—an unusually explicit entry into a legal gray area, paired with a highly visible show of force.

By August, the federal government shifted from episodic deployment to direct control: Trump placed Washington, DC’s police department under federal authority and deployed roughly 800 National Guard troops, exploiting the district’s unique legal vulnerability. The Washington Post described the city as a “laboratory for a militarized approach.”

The administration’s rhetoric was not subtle—Trump cast the crackdown as an image project, calling Washington a “wasteland for the world to see,” and openly endorsing fear as a policing tactic, urging officers to “knock the hell out of them.” City leaders countered that the supposed emergency was manufactured, noting that crime in the capital was at multi-decade lows. In city after city, “restoring order” became a flimsy euphemism for preemptive displays of force aimed at deterring dissent before it reached the streets.

Across Chicagoland, protest control became overtly choreographed. As “Operation Midway Blitz” intensified in September, officials erected barricades and “protest zones” around the Broadview ICE facility. State police in riot gear lined perimeters, while federal agents repeatedly fired tear gas and other projectiles into crowds, according to videos and witness accounts. The most brazen moment came when homeland security secretary Kristi Noem appeared on the facility’s roof beside armed agents and a camera crew, positioned near a sniper’s post, as arrests unfolded below.

This was performative policing at its most distilled: public safety reduced to a spectacle with vaguely defined urban threats cast as the danger being neutralized. The absurdity of the displays allowed routine acts of disorderly conduct to be perceived as folk-hero moments.

This performative turn didn’t emerge from nowhere. It displaced a quieter, less theatrical—but still controlling—model that had dominated US protest policing for decades. Policing scholars refer to it as strategic incapacitation: a practice whereby conditions are shaped so that protests can’t become effective in the first place.

Strategic incapacitation is policing by preemption. Rather than responding to crowds, police constrain when, where, and whether they can form at all. The toolkit overlaps with what protesters experienced in 2025: expansive surveillance, intelligence sharing, selective preemptive arrests, and “less-lethal” disruption—but the objective is more procedural than demonstrative. Protest is treated as an inherent risk, managed through no-go zones, curfews, press restrictions, and designated First Amendment areas designed to prevent organic growth.

The model began to coalesce in the late 1990s, as police agencies moved away from earlier approaches that had, for a time, encouraged nonviolent protest. That earlier shift reflected hard-earned lessons: violent crackdowns throughout much of the early 20th century often backfired, generating public sympathy for movements that might otherwise have remained marginal. Security-style protest policing accelerated after 9/11, driven by police intelligence units operating under national security frameworks and by lessons drawn from earlier confrontations—most notably the 1999 World Trade Organization protests in Seattle—where activists viewed negotiation as political surrender.

As formally permitted demonstrations gave way to impromptu, social-media-driven protests, police responded with expanded surveillance, tighter control of physical space, and covert intelligence-gathering efforts that relied on technologies first introduced on battlefields. The approach scaled seamlessly into the post-9/11 fusion-center ecosystem: threat assessments heavy with speculation, coordinated planning designed to constrain dissent, and information campaigns that framed protesters as dangerous outsiders.

Public sentiment became a critical lever. While Americans tend to resist overt militarization against First Amendment activity, fear of protesters reliably increases support for riot deployments, mass arrests, and force, providing a ready-made justification for escalation. Before this preemptive model took hold, protest policing had already undergone a reputational reckoning. In the 1960s, police responses relied on large shows of force—batons, dogs, fire hoses—and brutal violence against labor, civil rights, and antiwar demonstrators. By the 1970s, the costs of injuries, deaths, property damage, and political fallout pushed authorities to seek a less volatile approach.

That alternative became a bureaucratic system built on permits, advanced coordination, and predictable rules. Developed most clearly in Washington, DC, it aimed to preserve speech rights while limiting disruption through communication, restraint, and minimal use of force, with arrests treated as a last resort, when not carefully planned and prearranged. Court rulings, training programs, and standardized permitting systems spread the model nationwide. What began as a pragmatic response to cycles of unrest and force that produced little political or public-safety gain became the dominant public-order framework for decades.

Together, these shifts trace a clear arc in US protest policing—from suppression, to management, to prevention, to performance—where authority is asserted as much through optics and narrative today as it is by force.

How Protesters Became Content for the Cops

Government staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities.

As the first year of the Trump administration approaches its end, government cybersecurity experts and even some United States government officials are warning that recent White House initiatives—including downsizing and restructuring of the US federal workforce—risk setting the government back on improving and expanding its digital defenses.

For years, the federal government was playing catch-up on cybersecurity, scrambling to replace ancient software, apply security patches to newer systems, and deploy other baseline protections across a massive and disparate population of PCs and other gadgets. With so many agencies and offices that needed upgrading, it was slow going. But as repeated government data breaches drew urgent attention to the issue, and as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency—founded in 2018—established itself during the early 2020s, minimum standards seemed to be rising. Now, with major staffing cuts at CISA and in other key departments across the government, that incremental progress could quickly erode.

“We’ve spent a lot of time trying to encourage the government to do more, and CISA was doing, you know, a better job,” retiring comptroller general Gene Dodaro told the US Senate Committee on Homeland Security and Governmental Affairs on December 16. He added that the Government Accountability Office has “a lot of open recommendations still for them to do. But I’m concerned that we’re taking our foot off the gas at CISA, and I think we’ll live to regret it.”

CISA lost about 1,000 people, more than a third of its staff, as a result of cuts that seemed to be motivated by the Trump administration’s anger about the agency’s election security work. Cybersecurity Dive reported in mid-November that the agency is planning to rebuild in 2026.

“The recent reduction in personnel has limited CISA’s ability to fully support national security imperatives and administration priorities,” acting CISA director Madhu Gottumukkala wrote in a memo to staff at the beginning of November. He added that that agency has “reached a pivotal moment” but is “hampered by an approximately 40 percent vacancy rate across key mission areas.”

When asked for comment about staffing cuts at CISA and the administration’s plans for maintaining and improving federal cybersecurity and critical infrastructure defenses, the White House referred WIRED to the Department of Homeland Security.

CISA director of public affairs Marci McCarthy told WIRED in a statement that the agency is focused on executing its statutory mission. “Claims that staffing adjustments are weakening cybersecurity miss the truth,” she said in the statement. “We are accelerating innovation, deepening operational collaboration, and directing resources where they yield the greatest return.”

This fall’s weekslong government shutdown only added to concerns about the state of federal cybersecurity—creating the possibility of blind spots or gaps in monitoring while so many workers were furloughed and contributing in general to the already extensive IT backlog at agencies across the government.

“Federal IT workers, they are good jobs, there’s not enough resources for the issues that they have to deal with,” one former national security official, who requested anonymity because they are not authorized to speak to the press, told WIRED. “It’s always underfunded. They always have to catch up.”

Amélie Koran, a cybersecurity consultant and former chief enterprise security architect for the Department of Interior, notes that one of the most significant impacts of the shutdown likely involved disrupting, or in some cases potentially ending, relationships with specialized government contractors who may have needed to take other jobs in order to get paid but whose institutional knowledge is difficult to replace.

Koran adds, too, that given the limited scope of the continuing resolution Congress passed to reopen the government, “no new contracts and extensions or options are probably being done, which will cascade to next year and beyond.”

While it is unclear if the shutdown was a contributing factor, the United States Congressional Budget Office said more than five weeks into the ordeal that it had suffered a hack and had taken steps to contain the breach. The Washington Post reported at the time that the agency was infiltrated by a “suspected foreign actor.” And after years of incredibly consequential US government data breaches—including the 2015 Office of Personnel Management hack perpetrated by China and the sprawling, multi-agency breach launched by Russia in 2020 that is often called the SolarWinds hack—experts warn that inconsistent staffing and reduced hiring at key agencies like CISA could have disastrous consequences.

“When, not if, we have a major cybersecurity incident within the federal government, we can’t simply staff up with additional cybersecurity resources after the fact and expect the same outcomes we would get from long-tenured staff,” says Jake Williams, a former NSA hacker and current vice president of research and development at Hunter Strategy.

Brain drain, Williams says, and any loss of momentum on digital defense, is a serious concern for the US.

“On a daily basis I’m worrying that federal cybersecurity and critical infrastructure protection may be backsliding,” Williams says. “We must stay ahead of the curve.”

Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse

The United States’ plan for dealing with Putin’s Russia and Xi’s China remains ill-defined among a shifting global order. That must change.

In 2025, American and world leaders were preoccupied with wars in the Middle East. Most dramatically, first Israel and the United States bombed Iran’s nuclear facilities. Some commentators feared that President Trump’s decision to bomb Iran would drag the United States into the “forever wars” in the Middle East that presidential candidate Trump had pledged to avoid. The tragic war in Gaza had become a humanitarian disaster. After years of promising to reduce engagement with the region from Democratic and Republican presidents alike, it appeared that the US was being dragged back into Middle East once again.

I hope that’s not the case. Instead, in 2026, President Trump, his administration, the US Congress, and the American people more generally must realize that the real challenges to the American national interests, the free world, and global order more generally come not from the Middle East but from the autocratic China and Russia. The three-decade honeymoon from great power politics after the collapse of the Soviet Union and the end of the Cold War is over. For the United States to succeed in this new era of great power competition, US strategists must first accurately diagnose the threat and then devise and implement effective prescriptions.

The oversimplified assessment is that we have entered a new Cold War with Xi’s China and his sidekick, Russian leader Vladimir Putin. To be sure, there are some parallels between our current era of great power competition and the Cold War. The balance of power in the world today is dominated by two great powers, the United States and China, much like the United States and the Soviet Union dominated the world during the Cold War. Second, like the contest between communism and capitalism during the last century, there is an ideological conflict between the great powers today. The United States is a democracy. China and Russia are autocracies. Third, at least until the second Trump era, all three of these great powers have sought to propagate and expand their influence globally. That too was the case during the last Cold War.

At the same time, there are also some significant differences. Superimposing the Cold War metaphor to explain everything regarding the US-China rivalry today distorts as much as it illuminates.

First, while the world is dominated by two great powers, the United States remains more powerful than China on many dimensions of power—military, economic, ideological—and especially so when allies are added to the equation. Also different from the Cold War, several mid-level powers have emerged in the global system—Brazil, India, Indonesia, Saudi Arabia, and South Africa, among others—that are not willing to join exclusively the American bloc or the Chinese bloc.

Second, while the ideological dimension of great power competition is real, it is not as intense as the Cold War. The Soviets aimed to spread communism worldwide, including in Europe and the United States. They were willing to deploy the Red Army, provide military and economic assistance, overthrow regimes, and fight proxy wars with the United States to achieve that aim. So far, Xi Jinping and the Communist Party of China have not employed these same aggressive methods to export their model of governance or construct an alternative world order. Putin is much more aggressive in propagating his ideology of illiberal nationalism and seeking to destroy the liberal international order. Thankfully, however, Russia does not have the capabilities of China to succeed in these revisionist aims.

A third difference from the Cold War is the degree of economic connectivity between the United States and China and the global economy. Managing that interdependence prudently, rather than seeking to divide the global economy into red and blue teams again, is a new, unique challenge for American foreign policymakers.

A fourth difference is the degree of polarization among Americans, including on foreign policy issues. During the Cold War, American society did split on America’s role in the world, especially regarding the war in Vietnam. However, a consensus prevailed for most of the Cold War regarding the necessity of containment as a grand strategy for dealing with the Soviet Union. Such widespread agreement about how to deal with China and Russia today does not exist. Some Americans, including President Trump from time to time, even think that Russian dictator Putin should be courted as a friend, not contained as an adversary.

So far in the second Trump administration, American foreign policy thinkers, both inside and outside the government, have not engaged in a serious discussion about a new grand strategy for prevailing in this new era of great power competition with China and Russia. Tragically, the Trump administration hastily destroyed some of America’s most effective instruments of influence for competing with the Soviet Union last century and China this century, including the US Agency for International Development, Voice of America, Radio Free Asia, Radio Free Europe, and the multitudes of American nongovernmental organizations previously engaged in advancing democracy abroad. Trump also has shown no interest in strengthening the multilateral economic organizations—the IMF, the World Bank, the WTO—that proved so pivotal in supporting global capitalism during the Cold War and thereafter. His threats against enduring democratic allies, Canada and Denmark, are exacerbating tensions with our allies when we should be strengthening ties with them to address the autocratic axis of China and Russia. Trump has not even made clear whether he seeks to contain or join forces with Putin. His strategy for dealing with China is also very ill-defined. Some in his administration describe the Communist Party of China as an even greater threat to the United States than the Soviets or the Nazis. However, Trump himself never discusses the ideological or military dimensions of competition with Beijing, and instead talks mostly about striking a big economic deal with Xi. Trump has even authorized the export of sensitive technologies to China, rolling back export restrictions from the Biden era.

The year 2026 should mark the end of this moment of strategic uncertainty regarding America’s foreign policy for competing with China and Russia. At the end of World War II, it took American leaders some time to realize the full dimensions of the new era of great competition—the Cold War. We are at a similar moment in history today. The sooner we engage in a serious debate about American grand strategy in the 21st century, the better.

Discovering the Dimensions of a New Cold War

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.

It was a strange year in cyberspace, as US president Donald Trump and his administration launched foreign policy initiatives and massive changes to the federal government that have had significant geopolitical ramifications. Through it all, the steady drumbeat kept pounding of data breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored attacks that have unfortunately become a backdrop of daily life.

Here's WIRED's look back on this year's most significant breaches, hacking sprees, and digital attacks. Stay alert, and stay safe out there.

**Salesforce Integrations**

Attackers grabbed data from the sales management giant Salesforce in at least two breaches this year—but they didn't compromise Salesforce directly. Instead, the group breached third-party Salesforce contractor integrations, including those of Gainsight and Salesloft.

Google's Threat Intelligence Group published about the spree in August, saying that some Google Workspace data had been compromised as part of the breach of the sales and marketing platform Salesloft Drift. Though the incident was not a direct hack of Google Workspace, it represented a rare instance in recent years of Alphabet customer data being exposed.

Other impacted companies include Cloudflare, Docusign, Verizon, Workday, Cisco, LinkedIn, Bugcrowd, Proofpoint, GitLab, SonicWall, Adidas, Louis Vuitton, and Chanel. The credit bureau TransUnion also had a breach apparently tied to the situation that exposed the information of 4.4 million people, including names and Social Security numbers.

The spree was perpetrated by a group known as Scattered Lapsus$ Hunters—a potential amalgam of actors and tooling from the hacking and data theft groups Scattered Spider, Lapsus$, and ShinyHunters. Researchers note, though, that the group isn't actually a one-to-one evolution of the three namesakes. Regardless, Scattered Lapsus$ Hunters have a data leak site where they've been previewing troves of stolen data from the campaign and conducting digital extortion attacks on victims.

**Clop’s Oracle E-Business Hacking Spree**

The ransomware group Clop is known for carrying out mass exploitation of vulnerabilities for data breaches and extortion attacks. Past rampages in recent years had huge numbers of victims at both private companies and government agencies. This year, the group did it again, exploiting a vulnerability in Oracle’s E-Business internal management platform to steal data from numerous companies and organizations.

As part of the spree, Clop was able to steal employee data from multiple companies, including the personal information of executives, and used it to send emails and other threatening communications to senior employees as part of demands for millions of dollars in ransom to delete the data instead of publishing it.

Oracle scrambled to patch the vulnerability at the beginning of October, but Clop had already been exploiting it to steal data from hospitals and health care groups, media companies like The Washington Post, and universities like the University of Pennsylvania (see below).

**University Breaches**

The University of Pennsylvania publicly disclosed a data breach at the beginning of November that took place at the end of October, impacting personal data—some of it years or decades old—of students, alumni, and donors. The data also included internal university documents and some financial information. The incident was the result of a phishing attack; the hacker sent email blasts to students and alumni describing Penn as “woke” and saying that the school prioritizes “legacies, donors and unqualified affirmative action admits.” The Verge reported, though, that ultimately the hacker may have been financially motivated.

Harvard said in a November statement that the systems of its Alumni Affairs and Development office had been breached via a “phone-based phishing attack.” The incident involved personal information of alumni, their partners, Harvard donors, parents of current and former students, some current students, and some faculty and staff. The data included email addresses, phone numbers, physical addresses, event attendance records, information about donations to the university and other fundraising details. Princeton University was hit with a similar attack that same month, although the scope of affected data seems more limited.

Source

Wired