Yes, OpenAI’s internal abuse-detection systems flagged and banned the ChatGPT account belonging to Jesse Van Rootselaar roughly eight months before she carried out the deadliest school shooting in Canadian history — and the company never alerted law enforcement. In June 2025, OpenAI identified violent content in Van Rootselaar’s chat logs and suspended her account, but determined the material did not meet its threshold for referral to police because there was no “credible and imminent” plan for serious physical harm. Eight months later, on February 10, 2026, the 18-year-old killed eight people in Tumbler Ridge, British Columbia, including five students between the ages of 12 and 13, an educational assistant, her own mother, and her 11-year-old half-brother.
The case has become a flashpoint in the debate over what responsibility AI companies bear when their platforms surface clear warning signs of violence. After the ban, Van Rootselaar simply created a second ChatGPT account that went undetected until police publicly identified her as the suspect. A lawsuit filed by the family of one of the wounded children alleges OpenAI functionally served as the shooter’s planning tool and confidante. This article examines what OpenAI knew and when, the legal fallout, the gaps in the company’s safety protocols, and what it all means for the broader question of AI accountability.
Table of Contents
- What Did OpenAI Know About the Mass Shooter’s ChatGPT Account Before the Shooting?
- How Did the Shooter Evade OpenAI’s Ban and Create a Second Account?
- The Lawsuit Against OpenAI — What Are the Legal Claims?
- OpenAI’s Meeting With B.C. Officials and the Disclosure Failure
- The “Credible and Imminent” Standard and Its Limitations
- Age Verification and the Gap in OpenAI’s Safety Policies
- What Comes Next for AI Safety and Accountability
- Conclusion
- Frequently Asked Questions
What Did OpenAI Know About the Mass Shooter’s ChatGPT Account Before the Shooting?
OpenAI’s own systems did what they were designed to do — at least partially. Sometime in June 2025, automated abuse-detection tools flagged Van Rootselaar’s account for violent content. The company reviewed the flagged material and made a judgment call: ban the account, but do not contact the Royal Canadian Mounted Police. OpenAI’s stated reasoning was that the content did not reflect a “credible and imminent” plan to cause serious physical harm. That language mirrors the legal standard many U.S. tech companies use internally, borrowed loosely from First Amendment jurisprudence and threat assessment frameworks. But the tumbler Ridge shooting unfolded in Canada, where the legal landscape around duty to warn is different, and where the RCMP — not local police departments — handles rural law enforcement.
The distinction matters. A “credible and imminent” standard is designed to avoid false positives, to keep companies from flooding law enforcement with every edgy conversation on their platforms. But it also creates a gap wide enough for a determined actor to slip through. Van Rootselaar had dropped out of school approximately four years before the shooting. She was socially isolated. The content she produced was violent enough to trigger a ban. Whether any reasonable reading of those chat logs should have prompted a call to police is now a question for the courts. By comparison, social media companies like Meta and Snap have faced similar scrutiny, but the OpenAI case is distinct because the interaction was conversational — the AI was not a passive feed but an active participant generating responses to the user’s prompts.
How Did the Shooter Evade OpenAI’s Ban and Create a Second Account?
After OpenAI banned Van Rootselaar’s first account, she created a second one. That account was not flagged. OpenAI has acknowledged this fact but has offered limited public explanation of how it happened. The most straightforward answer is that OpenAI’s identity verification at the time was minimal — an email address and, in some cases, a phone number. There was no robust system to prevent a banned user from signing up again with different credentials.
This is not unique to OpenAI; most consumer internet platforms face the same problem. But the stakes here were categorically different from someone evading a ban on a gaming forum. The second account was only discovered after police publicly named Van Rootselaar as the suspect in the shooting, at which point OpenAI could retroactively search its records. This timeline raises an uncomfortable question: if the company had implemented stricter identity verification or cross-referencing after the first ban, would the second account have been caught? There is no guarantee. However, the absence of even basic re-registration safeguards — such as device fingerprinting or more rigorous phone verification — suggests that the ban was more of a symbolic gesture than a functional security measure. For users who present genuine safety risks, a ban that can be circumvented in minutes with a new email address is not meaningfully protective.
The Lawsuit Against OpenAI — What Are the Legal Claims?
On March 10, 2026, Cia Edmonds filed a civil lawsuit against OpenAI. Her 12-year-old daughter, Maya Gebala, was shot three times during the attack at Tumbler Ridge Secondary School. The lawsuit makes several specific allegations. First, it claims that Van Rootselaar used ChatGPT to help plan the attack, describing the chatbot as having served as a “counsellor, pseudo-therapist, trusted confidante, friend, and ally” to the shooter. Second, it alleges that OpenAI knew or should have known, based on the prompts submitted to the flagged account, that Van Rootselaar was planning a mass casualty event. Third, the suit claims OpenAI failed to implement age verification or parental consent procedures, despite the company’s own policies requiring consent for users between the ages of 13 and 18.
The Edmonds lawsuit is not the only one. Multiple families of victims are pursuing legal action against AI companies in connection with the shooting. These cases will likely test novel legal theories about product liability, negligence, and the duty of care that AI companies owe to the public. The comparison to lawsuits against gun manufacturers and social media platforms is inevitable but imperfect. Gun manufacturers argue they produce a legal product; social media companies argue they are platforms, not publishers. OpenAI occupies a stranger middle ground — its product actively generated text in response to the shooter’s queries, making the “passive platform” defense harder to sustain. Whether courts will agree remains to be seen, but the factual record — a flagged account, a known ban, no law enforcement notification — gives plaintiffs a stronger foundation than many prior tech liability cases have had.
OpenAI’s Meeting With B.C. Officials and the Disclosure Failure
The day after the shooting, OpenAI met with British Columbia officials. According to reporting from the Globe and Mail, the company did not mention during that meeting that the shooter’s account had been previously flagged and banned. This omission is difficult to explain charitably. By the time of the meeting, the shooter had been publicly identified. OpenAI’s own records would have shown the prior flag.
Whether the omission was a deliberate legal strategy — say nothing that could be used against the company in court — or a failure of internal communication is unclear. Either explanation is damaging. If OpenAI’s legal team advised against disclosure, it suggests the company prioritized liability management over transparency with government officials who were actively responding to a mass casualty event involving children. If the omission was accidental — if the people in the meeting genuinely did not know about the flagged account — it points to a breakdown in internal processes so severe that the company’s safety infrastructure is effectively decorative. The tradeoff between legal caution and public accountability is real, but in the immediate aftermath of a school shooting, most people would expect a company sitting on directly relevant information to share it with the authorities trying to understand what happened.
The “Credible and Imminent” Standard and Its Limitations
OpenAI’s decision not to refer Van Rootselaar’s flagged content to law enforcement hinged on a specific internal standard: the content did not reflect a “credible and imminent” plan for serious physical harm. This language is borrowed from frameworks used in clinical psychology and law enforcement threat assessment, where professionals must decide when a person’s statements cross the line from disturbing to actionable. In clinical settings, the standard has decades of case law and professional guidelines behind it. Applied by a technology company reviewing chat logs with an AI, it carries far less rigor. The core limitation is that the “credible and imminent” standard was designed for human professionals who can interview a subject, assess their mental state, and evaluate context that extends beyond the words on a page.
OpenAI’s reviewers were working from chat transcripts with a bot. They had no access to Van Rootselaar’s history, her home environment, her access to weapons, or any of the other factors that threat assessment professionals consider essential. The standard, in this context, functioned less as a careful evaluation framework and more as a reason not to act. OpenAI has since stated that it has adjusted its internal thresholds so that cases like this would now trigger referrals to law enforcement. Whether that adjustment is meaningful or merely cosmetic will only become clear over time — and possibly only after another incident.
Age Verification and the Gap in OpenAI’s Safety Policies
One of the more concrete allegations in the Edmonds lawsuit is that OpenAI failed to enforce its own age-related policies. The company’s terms of service require parental consent for users between 13 and 18. In practice, this requirement has been largely unenforceable.
Most AI platforms, like most internet services, rely on self-reported birthdates — a system that has never meaningfully prevented minors from accessing age-restricted content. Van Rootselaar was 18 at the time of the shooting, so age verification alone would not have stopped her. But the broader point is that OpenAI’s safety policies existed primarily on paper. The company had rules about violent content, rules about minors, and rules about account bans, and none of them prevented a flagged user from continuing to use the platform to engage with content related to violence.
What Comes Next for AI Safety and Accountability
The Tumbler Ridge shooting and the subsequent lawsuits against OpenAI will likely shape AI safety regulation for years. Canadian lawmakers are already considering legislation that would impose reporting obligations on AI companies when their systems flag potential threats, similar to the mandatory reporting requirements that apply to teachers, doctors, and social workers. In the United States, where most major AI companies are headquartered, the regulatory landscape remains more fragmented, though several state legislatures have introduced bills addressing AI and public safety. The deeper question is whether the AI industry will treat this case as a genuine inflection point or as a public relations problem to be managed.
OpenAI’s post-shooting statement that it has adjusted its referral thresholds is a start, but thresholds are only as good as the people and systems applying them. The families in Tumbler Ridge are not asking for better thresholds. They are asking why a company that knew enough to ban an account did not know enough to pick up the phone. That question does not have a technical answer.
Conclusion
The Tumbler Ridge shooting laid bare a specific and damning failure: OpenAI’s systems detected a threat, the company acted on that detection by banning the account, and then it stopped. No call to law enforcement. No safeguard against re-registration. No disclosure to government officials even after the shooting occurred. Eight people are dead, 27 others were injured, and the company that flagged the shooter’s violent content eight months earlier is now facing lawsuits that could redefine the legal obligations of AI platforms.
The case is not just about OpenAI. It is about the gap between what AI companies can detect and what they are willing to do with that information. Every major AI platform will eventually face a version of this question. The families pursuing legal action in Tumbler Ridge are forcing the issue into courtrooms where “we didn’t think it was imminent enough” will have to stand up to cross-examination. For consumers, policymakers, and the AI industry itself, the lesson is blunt: detection without action is not safety. It is documentation of failure.
Frequently Asked Questions
Did OpenAI report the shooter’s flagged content to law enforcement before the shooting?
No. OpenAI banned the account in June 2025 but did not alert the RCMP or any law enforcement agency. The company stated the content did not meet its internal threshold for referral, which required a “credible and imminent” plan for serious physical harm.
How did the shooter continue using ChatGPT after being banned?
Van Rootselaar created a second ChatGPT account that evaded OpenAI’s detection. The second account was only discovered after police publicly named her as the suspect following the February 10, 2026 shooting.
Who is suing OpenAI over the Tumbler Ridge shooting?
Cia Edmonds, whose 12-year-old daughter Maya Gebala was shot three times, filed a civil lawsuit against OpenAI on March 10, 2026. Multiple other families of victims are also pursuing lawsuits against AI companies.
What does the lawsuit allege about ChatGPT’s role in the shooting?
The lawsuit alleges that Van Rootselaar used ChatGPT to help plan the attack, with the chatbot functioning as a “counsellor, pseudo-therapist, trusted confidante, friend, and ally.” It also alleges OpenAI failed to implement age verification and parental consent procedures required by its own policies.
Has OpenAI changed its policies since the shooting?
OpenAI has stated it adjusted its internal thresholds so that cases like the Tumbler Ridge shooter’s flagged content would now trigger referrals to law enforcement. The company has not publicly detailed the specifics of those changes.
How many people were killed and injured in the Tumbler Ridge shooting?
Eight people were killed, including five students aged 12 to 13, an educational assistant, the shooter’s mother, and her 11-year-old half-brother. Twenty-seven others were injured. The shooter died by suicide at the scene.