A new report from the Tech Transparency Project puts X’s paid account system and Grok summaries under a sharper spotlight. The report says accounts likely linked to US-sanctioned terrorists appear to have used premium features on X, including tools that can expand reach, collect money, and shape how profiles are presented to users.
The findings center on a basic platform-safety question: what happens when paid verification, monetization tools, and AI-generated summaries are available to accounts that may be connected to sanctioned individuals or groups?
What the report says X enabled
The Tech Transparency Project, or TTP, said it flagged popular accounts likely linked to US-sanctioned terrorists. The groups seemingly benefiting from X included Houthi rebels, Hezbollah, and Hamas, along with groups from Syria, Kuwait, and Iran.
Some of the accounts had hundreds of thousands of followers. Some also had “ID verified” badges, which the report said suggested X may have allowed accounts tied to sanctioned terrorists to benefit from paid platform services despite policies that ban sanctioned terrorists from doing so.
The report’s concern is not limited to visibility. TTP said “several made use of revenue-generating features offered by X, including a button for tips.” That matters because X’s paid products do more than mark an account with a badge. They can unlock additional ways to publish, organize supporters, and receive money.
According to the source article, X Premium subscribers pay $8 monthly or $84 annually, while Premium+ subscribers pay $40 monthly or $395 annually. Verified organizations pay X between $200 and $1,000 monthly, or up to $10,000 annually for access to Premium+.
Those subscriptions can include perks that let accounts share longer text and video posts, offer paid content to subscribers, create communities, accept gifts, and amplify propaganda. In the report’s framing, that turns paid access into a practical advantage for accounts that should face strict limits if they are tied to sanctioned people or entities.
Why Grok became part of the issue
The report also focused on Grok, X’s chatbot. TTP said Grok appeared to help “whitewash” some accounts linked to sanctioned terrorists by producing favorable profile summaries.
One example involved the handle “hasmokaled,” which the report said apparently belongs to “a key Hezbollah money exchanger,” Hassan Moukalled. The source article says the account at one point had a blue checkmark and 60,000 followers.
The Treasury Department has sanctioned Moukalled for propping up efforts “to continue to exploit and exacerbate Lebanon’s economic crisis.” But when the Grok AI profile summary button was used, the generated summary appeared to rely on Moukalled’s own posts and his followers’ impressions of those posts.
Ars said it was able to replicate a summary that described Moukalled as “a fierce Lebanese economist and journalist” who “champions resistance against Israeli aggression, exposing economic fallout and rallying for Palestine and Lebanon’s sovereignty from Moscow’s airwaves.” The summary also praised him as someone the X community relies on for “economic insights,” who “passionately champions resistance, critiques foreign influence in Lebanon, and honors martyrs with fiery posts.”
Katie Paul, TTP’s director, told Ars that the group found several accounts where Grok gave a positive and sometimes poetic spin while describing sanctioned terrorists. Ars said its review of other flagged profiles confirmed the pattern.
The implication from that review is narrow but important: Grok’s profile summaries may not be checking enough outside context when it describes high-risk accounts. The source article says the pattern suggests X does not reference data outside of X when summarizing profiles of known terrorists and possibly not even critical data on its own platform.
The sanctions question
TTP’s core claim is that the paid features could create a sanctions problem. According to the report, “X appears to be violating sanctions that bar US companies from transacting or dealing with sanctioned individuals and entities” by giving these accounts paid blue checkmarks.
The issue becomes more complicated when an account is not operated directly by a sanctioned person, or when aides or colleagues may be involved. TTP suggested that providing services “for the benefit of any blocked person” could still be considered a US national security risk and a sanctions violation, even “where aides or colleagues are running a premium account in the name of a sanctioned person.”
That distinction matters because platform accounts can serve more than one function. An account can be a public identity, a fundraising channel, a propaganda outlet, and a paid customer relationship at the same time. If the account benefits a blocked person or organization, TTP argues that the risk does not disappear simply because the operator is unclear.
How X has responded so far
It remains unclear what X will do next. Paul told Ars that X acknowledged the report but had not commented on it at the time covered by the source article. X also did not immediately respond to Ars’ request for comment.
Earlier this year, after TTP flagged other suspected terrorist accounts, X responded within hours and said it had “a robust and secure approach” to block sanctioned terrorists from accessing monetization features. X also said some suspected terrorists flagged at the time were not directly named on sanctions lists, while “others may have visible account check marks without receiving any services that would be subject to sanctions.”
TTP said X suspended some accounts after the earlier report, but described the clean-up effort as “short-lived.” According to TTP, some accounts came back under new names or simply resubscribed to X Premium when the option became available.
Grok itself also generated a response when an X user asked about the TTP report. The response said reports suggested X had allowed accounts linked to sanctioned terrorists, including Hezbollah leaders, to buy blue checkmarks, potentially violating US sanctions. It also said the issue was unresolved and raised concerns about platform safety.
What the case reveals about AI and paid reach
The report shows how several platform systems can overlap in ways that raise risk. Paid subscriptions can make accounts more visible and useful. Monetization tools can create financial pathways. AI summaries can frame an account for users who may not know the outside context.
None of those systems is new on its own. The concern is what happens when they operate together around accounts that watchdogs say are likely tied to sanctioned terrorists.
Paul told Ars that TTP will continue monitoring suspected terrorist activity that violates US sanctions on X. She said that if Musk is “actively profiting from Houthi accounts and helping them fundraise,” that would be notable from a national security standpoint, especially given the source article’s reference to a recent Houthi warning during Donald Trump’s Middle East visit.
For X, the report leaves a direct question hanging over its paid verification and AI products: whether the company can reliably prevent sanctioned terrorists and related accounts from using tools that increase reach, raise funds, and shape public perception.