That is not a hypothetical. It is happening right now, at a scale that demands the United States treat it not as a consumer fraud problem, but as a national security emergency.

The Scale of the Problem

In 2025, the FBI’s Internet Crime Complaint Center (IC3) documented a record-breaking $20.9 billion in reported cybercrime losses by Americans.

But here is the critical caveat: these are only reported losses. Research consistently shows that approximately 80–90% of fraud victims never file a complaint — out of embarrassment, hopelessness, or simply not knowing where to turn. When analysts attempt to account for systemic underreporting, estimated total scam losses to Americans in 2025 climb toward $120 billion or higher.

Globally, the picture is even more staggering. The Global Anti-Scam Alliance estimates total annual losses to cyber-enabled fraud exceed $1 trillion worldwide.

What Are Scam Centers?

Scam centers, also called scam compounds or cyber-fraud factories, are physical industrial facilities: fortified compounds staffed by hundreds or thousands of workers.

These operations run what intelligence analysts call a “dual-victim” model. On one side are the fraud targets, ordinary Americans, Europeans, and citizens of developed Asian economies, who are systematically deceived out of their life savings. On the other side are the compound workers themselves, many of whom were trafficked into forced labor through fake job advertisements, lured by promises of legitimate employment abroad.

The UN Office of Human Rights estimates that more than 300,000 people are held in forced labor inside scam compounds globally, drawn from at least 66 countries of origin. Workers inside face shift schedules of up to 19 hours per day, electric shock punishment, confinement in what survivors describe as “dark rooms” and “water prisons,” and systematic debt bondage.

These compounds operate highly structured scam portfolios spanning major fraud typologies including pig butchering crypto fraud, task scams, “asset recovery” scams, business email compromise, sextortion and more — increasingly powered by AI-generated personas, deepfake calls, and industrialized social-engineering playbooks.

Why This Is a National Security Threat

• Social Safety Net Burden: Large-scale scam losses increasingly push elderly Americans into financial collapse, shifting private fraud losses into long-term public welfare and healthcare costs.
• Funding Hostile State Actors: Laundering networks tied to global cyber-fraud syndicates have processed stolen funds directly into the military buildup, ballistic missiles, and weapons programs of hostile state adversaries.
• Expanding China’s Security Footprint: Beijing has leveraged anti-scam policing and regional instability to expand its law enforcement and security presence across Southeast Asia, Africa, and the Pacific.
• Counterintelligence Risks: Raids on scam compounds routinely uncover massive volumes of American personal and financial data that may become accessible to Chinese state authorities.
• AI-Powered Cognitive Warfare: Scam syndicates now deploy AI-generated personas, deepfake video, voice cloning, and automated social engineering systems that can also be repurposed for espionage and influence operations.

The Trust & Safety Blindspot: The Context Gap

The fundamental limitation in modern Trust & Safety is not a lack of data, but a lack of contextual correlation. Platforms possess highly sophisticated tools to identify localized anomalies: a suspicious advertisement, an erratic cryptocurrency promoter, or a cluster of coordinated bot accounts. However, these indicators are almost always evaluated in isolation.

Under current paradigms, platforms can flag what is happening on their network, but they rarely know who is behind it. They operate without the systemic visibility required to confidently tie a single malicious account to an industrialized, multi-layered scam network operating out of a physical compound. Because defense remains siloed, enforcement is inherently reactive — treating systemic, state-protected criminal enterprises as disconnected, low-level terms-of-service violations.

Mapping and Disrupting Syndicated Fraud Networks

The operational response is clear: platforms and law enforcement must move beyond isolated account enforcement and adopt network-level disruption.

The fundamental challenge is that platforms typically evaluate abuse through the narrow lens of activity occurring within their own ecosystems, while modern scam operations span numerous digital touchpoints across social media platforms, messaging applications, email providers, domains, cryptocurrency wallets, payment services, recruitment channels, and dark web infrastructure. A single scam may involve dozens of interconnected online entities, each generating fragmented signals that appear benign or low-risk when viewed in isolation. No individual platform possesses sufficient visibility to understand the full scope of the threat.

Effective enforcement therefore requires collaboration across platforms and with trusted intelligence partners capable of correlating signals across the clear web, deep web, and dark web to reconstruct the broader operational network behind the fraud.

Once scam infrastructure is mapped through victim intelligence, threat intelligence, asset investigations, and technical correlation, platforms can identify and remove not only individual fraudulent accounts but the broader clusters, recruitment channels, payment rails, domains, and communication assets connected to the same criminal enterprise. Law enforcement agencies can leverage the same intelligence to prioritize high-value targets, coordinate cross-border investigations, seize infrastructure, sanction facilitators, and disrupt the financial networks that enable these operations to scale.

Rather than treating scams as millions of unrelated incidents, enforcement must focus on attributing activity to the underlying syndicates that orchestrate it. By combining continuous intelligence collection, graph-based network analysis, and real-time information sharing between platforms, financial institutions, intelligence providers, and government agencies, defenders can shift from reactive moderation to proactive disruption — raising operational costs, reducing victimization, and systematically dismantling the digital infrastructure that powers industrialized fraud.

At the geopolitical level, the United States should treat large-scale scam compounds as a transnational security threat rather than solely a criminal justice issue. This requires integrating anti-scam operations into broader foreign policy, intelligence, sanctions, and regional security strategies. The U.S. should work with allies and partner governments to map the ownership structures, financial facilitators, and protection networks that enable scam compounds to operate, while imposing targeted sanctions on individuals, companies, and organizations that knowingly profit from or support these enterprises. Diplomatic pressure, intelligence sharing, capacity building for regional law enforcement, and coordinated actions against money laundering networks should become core components of U.S. engagement in affected regions. At the same time, scam compounds should be incorporated into broader assessments of strategic competition, particularly where criminal networks intersect with hostile state interests, illicit finance, forced labor, and influence operations. The objective is not simply to arrest individual scammers, but to deny criminal syndicates and their enablers the permissive environments, financial infrastructure, and geopolitical space that allow this industry to thrive.

Conclusion: Naming the Threat for What It Is

The United States has spent years treating large-scale online fraud as a consumer protection issue, but the evidence increasingly points to something far more consequential. Scam compounds have evolved into industrialized transnational enterprises that extract tens of billions of dollars from American households, exploit hundreds of thousands of trafficking victims, generate vast repositories of sensitive personal data, and intersect with broader geopolitical and security challenges. The response must therefore extend beyond victim awareness campaigns and isolated account takedowns.

By combining network-level enforcement, cross-platform intelligence sharing, international cooperation, financial disruption, and sustained diplomatic pressure, the United States can begin to impose meaningful costs on the organizations behind this industry. The first step, however, is recognizing the threat for what it is: not merely fraud at scale, but a persistent national security challenge that demands a coordinated national response.

To learn more about how Alice leverages intelligence to combat these complex ecosystems, visit Alice.io or speak to one of our experts.

Are Scam Centers a National Security Threat to the United States? was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Cassidy Gibson shares Alice’s analysis of 300+ websites hosting NCII to examine their financial architecture.

Discussions around curbing Non-Consensual Intimate Imagery (NCII) typically center on content moderation. But what if we could disrupt this ecosystem before the content ever reaches a platform?

To do that, we have to look at the financial infrastructure of explicit NCII hosting and generation platforms to manage payments and generate revenue. Examining how these platforms keep their digital lights on presents a vital avenue of attack. Historically, cutting off financial rails has proven highly effective at dismantling violative networks, largely because financial profit remains a core driving motivation behind the proliferation of image-based sexual abuse and explicit marketplaces.

For this analysis, we analyzed 303 websites that either explicitly host NCII (such as voyeur forums or mega-hosting networks) or are built specifically to create it (such as AI “undressing” sites used for sexual deepfakes). The resulting data reveals a highly fragmented, adaptive financial ecosystem that relies heavily on alternative digital spaces and deliberate obfuscation to survive.

High Level Monetization Breakdown

When analyzing the 303 websites, we observed a diverse spectrum of payment options. While broad categories like credit cards and cryptocurrency appeared in the highest overall quantities, PayPal emerged with the highest number of explicit brand mentions.

To understand how cryptocurrency intersects with traditional fiat in this ecosystem, Alice analyzed how these payment rails overlap. Findings reveal that while the majority of platforms rely exclusively on either card-only or crypto-only options, a notable subset of instances offered both paths to their users.

The “Generic” Card Strategy

While Credit/Debit Cards represent the largest volume share in the dataset, uncovering exactly who is processing those cards is a game of hide-and-seek. This is an intentional defense mechanism used by malicious actors to avoid financial de-platforming.

Our analysis shows that card acceptance is broadly supported, but specific card-brand mentions are incredibly sparse.

Instead of displaying the familiar, trust-building logos of major card networks, checkout pages heavily favor generic labels like “Cards” or “Credit or Debit Card.” By masking the underlying merchant network, operators shield their merchant accounts and payment processors from immediate exposure and public compliance tracking, and can easily change between payment processors without changing their website too much.

This is much the case for cryptocurrency as well.

Cryptocurrency is frequently positioned as the ultimate censorship-resistant fallback for illicit platforms, racking up over 100 mentions in our dataset. However, looking closer at the technical attribution reveals a surprising reality: named crypto gateways are practically non-existent.

• Sellix was the only named crypto processor mentioned in the data
• There were zero confirmed counts for industry-standard institutional crypto gateways like Coinbase Commerce, NOWPayments, CoinPayments, BitPay, CoinGate, BTCPay, or Binance Pay.

Instead of integrating automated checkouts, crypto paths usually manifest as generic text prompts stating “crypto accepted” or highlighting specific token tickers like BTC, ETH, or USDT.

Where the Payment Processors Emerge

The cleanest, most definitive corporate attribution comes from traditional web billing pages. When platforms move away from enclosed app ecosystems or manual cryptocurrency workarounds to use standard checkouts or detailed help and billing pages, specific high-risk and mainstream processors finally become visible on the rails.

However, mapping these connection points is rarely static. Drawing from Alice experience analyzing these platforms, the compliance landscape can operate much like a financial game of whack-a-mole.

The payment processors offered on a website’s checkout page can frequently shift from month to month as merchant accounts are flagged, shut down, and quietly replaced.

Despite this fluid environment, a snapshot of the current findings highlights a handful of prominent processors keeping these open-web checkouts active.

Summary: A Blueprint for Monetization Analysis

Ultimately, this dataset demonstrates that tracking NCII monetization requires a broader forensic lens than simply hunting for a traditional checkout endpoint. Many entries in our dataset were not true checkout paths at all; they consisted of promotional or news channels, asset hosts, free ad-supported galleries, or manual-contact profiles.

To dismantle the economic incentives behind NCII creation and distribution, systemic defenses must target the ecosystem workarounds like closed app credits and manual peer-to-peer crypto loops where the traditional banking sector’s visibility fades.

To learn more about how Alice leverages intelligence to combat these complex ecosystems, visit Alice.io or speak to one of our experts.

The Financial Underground: Inside the Payment Infrastructure of Non-Consensual Imagery Sites was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Rosanna Langan shares Alice’s recent findings on how how generative AI is reshaping coercion, trust, and exploitation across the sextortion ecosystem

Introduction

Sextortion is not a new threat, but the conditions that enable it, and the way it impacts minors, are changing rapidly; particularly its rapid evolution within the NCII threat landscape.

Minor-targeting sextortion takes many forms and is perpetrated by a wide range of offenders driven by different motives, all targeting an increasing number of underage victims with devastating consequences.

AI is accelerating that evolution, making sextortion easier to launch, harder to detect, and far more psychologically powerful.

Recent reporting from Europol, NCMEC, and the NSPCC aligns with Alice’s assessment of a continued rise in sextortion cases involving minors, including incidents where AI tools are used to generate synthetic explicit imagery from ordinary photos shared online.

Capabilities that once required technical sophistication are now becoming increasingly accessible to everyday threat actors. The result is a blurring of the traditional abuse categories, creating new challenges for platform defenses and child safety responses.

Content Sextortion vs Financial Sextortion

Historically, sextortion targeting minors has largely fallen into two categories: content sextortion, where offenders seek additional abusive material or ongoing control over victims, and financial sextortion, where the primary objective is monetary gain.

While the tactics of exploitation have traditionally differed between the two, the growing adoption of AI tools is beginning to blur those distinctions. Across both categories, offenders are increasingly leveraging the same AI-enabled capabilities to groom, manipulate, and coerce victims.

Pedophilic Predators

Primary Motivation: Sexual gratification, fantasy fulfilment

Typical Victim Profile: Minors aged 13–15

Typical Offender Profile: Adult male

Coercion Methods: Gaining trust, flattery and gifts, isolation from family and friends, escalation into blackmail

Real-world Overlap: Contact sexual abuse, child sex trafficking

Geographic Scope: Often local/national

AI-facilitated exploitation: Manipulation of public images to generate synthetic CSAM, use of AI photo, video and voice cloning tools to support grooming and coercion

Financial Sextortionists

Primary Motivation: Monetary gain

Typical Victim Profile: Male minors aged 13–17

Typical Offender Profile: Adult male

Coercion Methods: Blackmail using authentic and synthetic CSAM

Real-world Overlap: Emotional trauma leading to suicide

Geographic Scope: Strong presence in West Africa and SE Asia, with victims in US/UK/Canada/Australia/Western Europe

AI-facilitated exploitation: Manipulation of public images to generate synthetic CSAM, use of AI photo, video and voice cloning tools to support grooming and coercion, exploitation of AI to harness data on minor profiles at scale

What AI Changes: The End of Content Dependency

One of the most significant consequences of generative AI in the sextortion ecosystem is that offenders no longer need the same level of access to begin exploiting a child. Public photos, profile details, usernames, visible social connections, and fragments of personal information can now be enough to fabricate sexualized imagery or construct threats that feel highly credible.

In practice, this lowers the barrier to entry for abuse and dramatically expands the pool of potential victims. The core shift is simple but profound: leverage no longer depends solely on possession. It increasingly depends on believability.

For minors, that distinction is critical. In a moment of panic, the central question is rarely whether an image is technically authentic. It is whether other people will think it is. That makes synthetic content a powerful coercive tool even when it is entirely fabricated.

Uncertainty as leverage

This same collapse in certainty is also beginning to shape how some victims respond to sextortion threats. We frequently observe testimonies from minors discussing the idea of attributing compromising material to AI manipulation or using synthetic imagery in an attempt to reduce an offender’s leverage. If their content is exposed, who’s to say it’s real? If perpetrators demand more material, why not send AI-generated images instead of authentic ones?

While the insights from these testimonies do not undo the harm of abuse, nor do they erase the trauma or risk of either real or inauthentic CSAM circulating online, they do demonstrate that evolutions in AI are also offering victims a fragile form of regained agency, a way to disrupt an offender’s leverage, reduce the perceived power of “proof,” or create distance between themselves and the material being weaponized against them.

Nonetheless, this dynamic clearly points to a broader and deeply destabilizing consequence of generative AI: as synthetic media becomes more realistic, the line between what is real and what is fake grows harder to defend. In that environment, victims may find new tools for resistance, but we are all still left confronting the same unsettling question: what happens when we can no longer trust the evidence of our own eyes?

Deception to synthetic trust

Sextortion has always relied on deception. Offenders pose as trusted peers, romantic interests, or sympathetic confidants in order to lower suspicion and move targets into private conversations. What AI adds is realism, speed, and scale.

Our research identified threat actors discussing and sharing AI-enabled tools that improve scam personas and accelerate trust-building. These include voice cloning technologies, synthetic profile generation, AI-generated avatars, and increasingly sophisticated video tools.

This matters because synthetic trust is significantly harder for young users to identify.

A convincing voice note, realistic avatar, or AI-generated video can make a fake identity feel authentic enough to move a child from curiosity to emotional investment, and from there into coercion.

A hybrid threat is emerging

Offenders are also increasingly using AI to make sextortion faster, cheaper, and far more convincing. Public profiles, friend lists, tagged photos, usernames, and other fragments of a minor’s digital footprint can now be turned into actionable intelligence in minutes, helping perpetrators identify vulnerable targets and craft threats that feel personal and credible.

Taken together, these dynamics point to a new hybrid model of sextortion. It combines the emotional manipulation historically associated with content sextortion and the scale, repeatability, and efficiency more common in financially motivated schemes.

The same AI tools that help create fake personas can also generate synthetic “evidence,” personalize threats, and support extortion at scale. The result is an abuse ecosystem that is more adaptive, more persuasive, and harder to disrupt using legacy assumptions.

Conclusion

Like many forms of online child exploitation, the harms of sextortion did not emerge with AI. But generative technologies are making those harms easier to execute, easier to scale, and more difficult to detect. The threat is no longer defined only by what offenders possess. It is increasingly defined by what they can fabricate, and what others might believe. For platforms and online safety teams, that shift demands earlier visibility, sharper intelligence, and a more proactive response.

Alice’s intelligence teams monitor emerging abuse ecosystems, adversarial tactics, and evolving threat actor behaviors to help organizations identify risks before they escalate. To learn more about how Alice supports platforms confronting AI-enabled abuse threats, visit Alice.io or contact our team.

The New Face of Sextortion: AI, Minors, and Synthetic Threats was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

TL;DR

Alice’s Emerging Trends Detection team analyzed four major US political violence incidents: the 2024 Trump assassination attempt in Butler, Pennsylvania; the 2025 killing of Charlie Kirk in Utah; the 2026 shootings at the White House Correspondents’ Dinner (WHCD) and a White House checkpoint, and found that the conspiracy narratives that follow are neither random nor spontaneous. Instead, they are highly structured and follow a repeatable set of tactics, techniques, and procedures (TTPs) that are deployed with increasing speed and sophistication across incidents.

Across all four cases, the same core narratives reappeared in a similar pattern, adapted to fit the details of each event. These claims were not created in response to the incidents themselves; rather, they were pre-existing conspiracy frameworks repurposed for new actors, locations, and political contexts.

This report applies the TTP framework to examine how these narratives are constructed, distributed, and amplified, and what those recurring patterns imply for Trust and Safety teams. The central implication is clear: future incidents are unlikely to generate entirely new forms of misinformation. Instead, they will reactivate and adapt an existing playbook that is already embedded within online conspiracy ecosystems.

Tactics: Template Narratives, Localized to Each Incident

The most prominent misinformation narratives that circulated in the aftermath of the four violent incidents were nearly identical. Each appeared to follow a common template that remained structurally consistent across cases, with only the actors and locations changed. The adaptability of these narratives contributes to their durability and speed of adoption. Because each is pre-constructed, it can be rapidly deployed into the information vacuum that emerges immediately after a major incident, shaping public interpretation before verified reporting has time to stabilize.

Key examples include claims framing events as hoaxes, alleging official complicity, or asserting foreign involvement, all without credible evidence.

• Template A: The Staged Event:

Each of the major incidents highlighted in this blog triggered claims that the attacks were fabricated, false flags designed to manufacture sympathy, shift political momentum, or distract from another story. The claim requires no evidence to launch. The absence of an immediate official explanation is itself often treated as proof of a conspiracy. At the Correspondents’ Dinner, staged-event claims were circulating within minutes of the attack, before a suspect had been named.

• Template B: Deep State or Agency Complicity:

Security failures are used as evidence of intention rather than error. This template is particularly effective because security lapses, usually present in chaotic events, provide genuine ambiguities for the narrative to attach to, lending it increased credibility.

• Template C: Foreign Orchestration:

Russia, Iran, Israel, and Ukraine are some of the same geopolitical actors that appeared in attribution narratives across all of the incidents. Foreign blame is not an incident-specific conclusion; it is a flexible slot in the template, filled with whichever actor best fits the political moment, geopolitical interest, and the target audience.

Techniques: AI-Generated Content as Early-Stage Seeding

AI-generated content is now deployed at the outset of an incident to seed narratives, before any verified account exists. Across all of the incidents reviewed, synthetic content appeared within hours of the events, shaping what people believed happened before facts were established.

Three broad content types recurred consistently:

• Fabricated media: AI-generated or manipulated images, video, and audio placing suspects in false contexts, impersonating public figures, or manufacturing visual evidence. For example, after the Kirk killing, AI tools produced false suspect identifications, one reshared by the Washington County Sheriff’s Office before a correction was issued.
• Unreliable AI fact-checks: People increasingly turn to AI chatbots to fact-check breaking news, but they can sometimes struggle to provide credible information during breaking news events. After Butler, major chatbots told users the assassination attempt had not occurred or called it fictional.
• Coordinated synthetic amplification: AI-generated accounts and posts flooding platforms almost immediately after each incident, manufacturing the appearance of organic consensus around false narratives.

Procedures: Actors Spreading Templates Across Borders

Domestic influencers and foreign state-linked actors operate under different incentives but rely on overlapping misinformation and disinformation infrastructures that enable conspiratorial narratives to be seeded and amplified within hours of a major event. Political violence does not create this capability; rather, it activates existing networks that move quickly to exploit the resulting information vacuum, capture public attention, and advance strategic, political, or financial interests.

Domestically, actors spreading misinformation operate across the political spectrum, though their motivations vary. For influencers and podcasters, financial and political incentives often drive amplification: conspiracy content generates engagement, grows audiences, and can create direct revenue opportunities.

Increasingly, the narratives themselves appear less tied to ideology. Following the 2024 Butler shooting, claims that the event had been staged circulated primarily among left-leaning accounts, framing the attack as manufactured to generate electoral sympathy. By 2026, prominent far-right figures, including Alex Jones, Candace Owens, Tucker Carlson, and Marjorie Taylor Greene, had adopted similar framing. Conspiracy narratives surrounding political violence are becoming less partisan and more opportunistic: the framework itself migrates to whichever actors find it strategically useful.

Foreign state-linked actors also exploit political violence to advance existing strategic objectives. In the wake of these violent events, Russian-linked networks amplified anti-Ukraine and anti-NATO narratives, Iranian-linked outlets promoted anti-Israel framing, and Chinese state-adjacent accounts emphasized institutional distrust and social division. The information vacuum that follows a major incident creates a window of heightened opportunity. As audiences actively seek explanations, pre-existing narratives aligned with these geopolitical interests are positioned to fill the gap and broaden their reach.

From Fringe to Mainstream: The Migration Is Accelerating

The TTPs described above appear to have had a measurable downstream effect on public perception. Claims that once would have remained confined to explicitly conspiratorial spaces are now reaching mainstream audiences more quickly and visibly. A May 2026 poll found that a majority of Americans were unsure whether any of the recent assassination attempts targeting Donald Trump were real, while nearly 30 percent believed at least one had been staged. The rapid deployment of narrative templates, amplified through interconnected networks and reinforced by misleading, manipulated, and increasingly synthetic content offering early “evidence” before corrections emerge, likely contributes to this dynamic.

Notably, these claims no longer peak and disappear after a single news cycle. Instead, they resurface across subsequent incidents because audiences have already partially absorbed the underlying framing. Each new event does not restart the conspiracy narrative from scratch; it builds on pre-existing suspicion and accumulated distrust. The resurgence of conspiracy narratives surrounding Charlie Kirk in May 2026 illustrates this dynamic. More than a year after his killing, conspiracies surrounding the arrest of his alleged killer again trended online. The core allegation, that a court video timestamp demonstrated a cover-up, was not materially new; only the detail used to revive and recirculate the narrative had changed.

Similarly, the 2026 White House Correspondents’ Dinner shooting prompted renewed skepticism surrounding the 2024 Butler attack, with many users questioning whether it too was staged. Contemporary conspiracy ecosystems increasingly operate through persistent narrative templates that remain available for reactivation whenever a new event creates an opportunity to reinforce or expand them.

Implications for Trust and Safety

In high-attention crises, false narratives do not need to be convincing to be effective. They only need to arrive first. In the immediate aftermath of a political violence incident, facts are incomplete, official information is limited, and audiences are actively searching for explanations. That information vacuum gives conspiracy narratives and misinformation an opening to shape interpretation before verified reporting has time to catch up.

For Trust and Safety teams, the risk is not just the volume of misinformation, but the speed at which familiar frames can harden into belief. Staged-event claims, allegations of institutional complicity, foreign-blame narratives, and synthetic “evidence” give audiences a ready-made way to make sense of uncertainty. Once those interpretations take hold, later corrections often struggle to displace them; new facts are absorbed through the conspiratorial frame rather than replacing it.

The challenge, then, is not only reactive moderation but also intervening during the first window of narrative formation. Teams that understand the playbook behind these incidents are better positioned to recognize the claims most likely to surface early, identify the formats prone to accelerating them, and respond before speculation solidifies into durable distrust.

If your team is facing similar risks around crisis misinformation, political violence narratives, or AI-driven manipulation, Alice’s intelligence experts can help you identify emerging threats earlier and respond more effectively.

Learn more about our Intelligence offerings here or get in touch with an expert here.

The Assassination Conspiracy Playbook: Tactics, Techniques, and Procedures was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Alice analyzed over 200 sources to map how trusted online platforms, closed channels, mainstream e-commerce, and non-consensual intimate imagery are converging into a scalable cross-border abuse pipeline.

Trigger Warning: This artical discusses rape, sexual violence and assault.

Social discovery, chemical incapacitation, and NCII form a single abuse pathway

The online sale of drugs is hardly a new phenomenon. It is most often associated with personal consumption or established criminal supply chains. But some substances, such as GHB, surface online for a far more disturbing purpose: to facilitate sexual assault.

Commonly referred to as “date rape drugs,” these substances are used to sedate, disorient, or incapacitate victims, making abuse easier to carry out. The practice is closely tied to spiking — the covert administration of drugs without a person’s knowledge or consent. In these cases, the threat lies not only in the substance itself, but in the broader digital ecosystem that enables it to be discovered, discussed, and acquired.

That ecosystem extends well beyond the dark web. Social media platforms, e-commerce sites, and messaging channels can all contribute to the visibility of these substances, the spread of coded language, and the connection between buyers and sellers. What emerges is not simply an illicit marketplace, but an online environment in which tools for abuse can circulate in plain sight, supported by the scale and accessibility of mainstream platforms.

The Upstream of Harm — A Case Study

The Zhenhao Zou case shows how ordinary platforms can sit at the very start of severe sexual violence. Public reporting from 2025 indicates that Zou used Chinese social media platforms WeChat, Weibo, Xiaohongshu, and dating apps to approach Chinese women based in the UK. Zou then used 1,4-butanediol purchased from Chinese e-commerce website Taobao, to incapacitate victims, filming the assaults with hidden and handheld devices. Investigators recovered millions of messages, extensive video evidence, and signs that indicate that there likely were more victims involved.

The significance of this case is not only the scale of the offender’s violence. It is that it makes the abuse pathway clearly visible: social media, discovery, chemical incapacitation, and NCII can converge inside ordinary digital ecosystems.

This is a core trust-and-safety issue. These harms do not begin in obviously criminal spaces. They begin in the same products users rely on for messaging, housing, friendship, dating, and daily life.

The Online Ecosystem

Alice’s intelligence collection points to a second layer of risk: abuse communities described in secondary Chinese-language and diaspora reporting and forums, including German and Chinese encrypted messaging channels where participants discussed drugging, assault, and recording women using evasive, dehumanizing language.

What stands out is not only that the language is coded to avoid detection, but that it is organized into a coherent metaphor system. Perpetrators refer to themselves “drivers”; female victims described as “automobiles”; an acquaintance’s or partner’s victim referred to as a “private car”; women considered especially attractive were described as “luxury cars”; the drug used in the assault was called “gasoline”; and once a victim lost consciousness, she could be referred to as a “dead pig”.

In Alice’s assessment, the “fuel” metaphor is especially revealing: it turns drugging from an obvious act of violence into coded operational language, making incapacitation sound logistical, routine, and easier to discuss inside closed abuse networks.

The wider metaphor system does the rest of the work. By recasting perpetrators as drivers and women as vehicles, it strips women of agency and reframes them as objects to be selected, categorized, and used. By describing unconscious victims in animalizing terms, it pushes them even further outside the category of personhood. This is more than slang. It is an abuse-enabling framework that can obscure violent intent, reduce visibility to moderation systems, lower moral friction inside the group, and reinforce a misogynistic in-group culture built around dehumanization.

NCII is not a byproduct of the abuse chain — it is part of it

Research has identified accounts across social mediaallegedly using images and videos of drugged and raped Chinese women to advertise exploitative content. For example one WeChat-based seller allegedly supplied incapacitating agents while a buyer filmed assaults and used that footage in exchange-based interactions. Taken together, these cases suggest that NCII is not simply what remains after the assault. In some parts of this ecosystem, it appears to function as part of the abuse economy itself: a trophy, a proof artifact, a status signal, or a reusable asset. The harm does not end when the assault ends; it persists through the image.

Chinese E-Commerce Sites and the Exposure Problem

Alice’s intelligence has identified a serious commercial-exposure issue around 1,4-butanediol, a direct precursor to GHB. The issue is not only legality. It is visibility.

Public-facing exposure tied to mainstream Chinese e-commerce environments, including Taobao and Alibaba, reinforces a wider pattern in which harmful precursor substances can surface within ordinary product and supplier infrastructure rather than only in fringe channels.

Despite backlash and periodic removals, Alice’s findings suggest the core risk persists: substances such as 1,4-butanediol remain too readily exposed within mainstream e-commerce environments, leaving harmful procurement pathways more intact than they should be.

For Alice, this is a clear indicator of low-friction exposure: harmful precursor substances were visible enough in mainstream commerce that users could encounter and discuss them before meaningful platform intervention.

The broader pattern is that harmful actors do not need a dedicated black-market environment when mainstream infrastructure already does enough of the work. If a user can move from social trust spaces to commercial visibility on Taobao or Alibaba, for example, to closed chat groups without meaningful friction, one can easily purchase drugs to commit sexual offences.

Moderation asymmetry can suppress scrutiny without disrupting harm

A further risk is moderation asymmetry. In some cases, exploitative content, harmful precursor visibility, or abuse-oriented discussion remains online long enough to circulate. In others, survivor-centered discussion and public accountability are reportedly curtailed. For Alice, this points to a damaging imbalance: parts of the ecosystem may at times be more effective at containing scrutiny than at interrupting the abuse chain itself.

The platform lesson is clear: this is a cross-platform abuse system

The lesson for platforms is straightforward. This is not just a drug issue. It is not just an NCII issue. It is not just a closed-channel issue. It is a cross-platform abuse system.

The pathway is increasingly clear:

• discovery in trusted social environments,
• normalization in coded or closed groups,
• exposure to harmful precursor substances in mainstream commerce,
• assault enabled by incapacitation,
• and harm extended through NCII.

For platforms, focusing only on explicit NCII or obviously illicit listings is too narrow. Alice’s intelligence suggests that effective intervention requires attention to trust-based luring behavior, coded misogynistic vocabularies, dehumanizing metaphor systems, closed-group migration, covert-recording signals, and low-friction exposure to precursor substances in mainstream commerce. Without that broader lens, intervention will continue to arrive after the harm is already done.

If your platform is facing similar risks, Alice’s intelligence experts can help you identify, mitigate, and stay ahead of evolving threats. Learn more about our Intelligence offering, or speak with an expert.

Drug-Facilitated Sexual Violence: The Chinese “Date Rape” Ecosystem and NCII was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

James Hardy explores the proliferation of NCII within “Com” networks and nihilist violent extremism circles. Using the 764 cell as a case study, this article explores how NCII content is used as leverage within coercive NVE dynamics.

Introduction

The 764 network is often described in fragments: as a violent online subculture, a child exploitation network, a nihilistic extremist milieu, and a cyber-enabled abuse ecosystem. But these categories only tell part of the story. To understand how 764 uses non-consensual intimate imagery (NCII), these harms need to be viewed as connected rather than incidental.

764 and adjacent “Com” networks operate through coercion, humiliation and social status, targeting children and vulnerable people across mainstream social media, gaming spaces and encrypted platforms. NCII is one mechanism through which 764 exacts harm, turning private vulnerability into public control, personal trauma into group content, and sexual abuse into a tool of radicalisation, coercion and status-building.

In this ecosystem, NCII material is not only the product of abuse; it becomes leverage, proof of domination and a form of currency within the group.

By trapping victims in cycles of fear and forced compliance, perpetrators can gain notoriety in communities where status is tied to the severity of harm inflicted. Abuse becomes performative and a form of currency: images, videos and livestreamed coercion are circulated to increase the perpetrator’s standing.

The 764 network challenges some of the standard categories used in trust and safety. Terms such as ‘extremism,’ ‘sextortion,’ and ‘cybercrime’ remain useful, but they are insufficient on their own, for the network’s power lies in the convergence of all of these areas.

The 764-NCII Abuse Lifecycle

The use of NCII within 764 and adjacent Com networks is a core mechanism of control. In these online ecosystems, intimate imagery — and, where victims are minors, child sexual abuse material (CSAM) — can be used to identify vulnerable targets, escalate coercion, establish dominance or control over the victim, produce ‘proof’ of victimization, and generate material that can be traded for status inside network spaces.

The investigation found that members of the 764 network frequently used grooming and extortion to obtain intimate images of victims, corroborated by the UK’s National Crime Agency’s (NCA) safeguarding notice. What follows is often an exertion of control over victims, in a ritual of humiliation, degradation or abuse. The notice also states that victims may be forced to take part in acts of violence (either against themselves or others), with the material then shared to increase the perpetrator’s status. The following section breaks down the NCII abuse chain, explaining how these groups operate:

Our investigation analyzed a network of 764-related communication channels on a variety of social networking and encrypted messaging applications. We found a consistent chain of events that weaponized NCII material, escalating into offline physical harm.

1. Target selection

The abuse chain often begins with the deliberate identification of vulnerable targets, rather than random opportunism. Alice research found that 764 members sometimes use detailed internal guidance to adapt their accounts and approaches to platform features and specific victim profiles, whether this be related to mental health, eating disorders, self-harm, or “TCC” spaces.

These online spaces act as “hunting grounds” for perpetrators selecting vulnerable targets. By tailoring their strategy and matching the demographics of their intended targets, this makes the first interactions appear authentic and plausible, lulling these vulnerable individuals into a false sense of security.

2. Grooming

Once first contact is made by a 764 member, the next stage observed within this lifecycle is to build rapport in order to establish a quasi-coercive relationship dynamic. The most common tactic observed has been to foster a genuine trusting relationship before escalating their conversations towards more explicit requests and demands.

In many cases, perpetrators will seek imagery or acts that appear less extreme, as this creates the conditions for future leverage — continuously ramping up until the victim is being hounded for explicit imagery from an individual they have built trust with over a matter of weeks or even months.

In one high-profile case involving an affiliate of 764, members were found to have engaged in online sextortion techniques from 2019–2022. Here, victims were groomed for the eventual production of CSAM through escalating means of degradation.

3. NCII Exchange and Exploitation

After intimate imagery has been obtained from the victim, it becomes an essential weapon within the abuse chain. When victims hesitate, resist or threaten to tell parents or authorities, 764 network members threaten to expose images to family, friends, schools or online audiences.

This has been used as a tactic to force victims into increasingly abusive sexual exploitation, self-harm, humiliation or violence. The result is a feedback loop of no-escape: the more a victim complies, the more material a perpetrator holds; and the more material a perpetrator holds, the more leverage they have to exploit a victim and coerce them into taking part in even more extreme activities.

In the case of CVLT, a sub-guild within the 764 network, victims were encouraged to engage in increasingly dehumanizing acts, including degrading acts, self-harm, and coerced livestreamed abuse. In similar cases, victims have been encouraged to commit assault, animal abuse or even murder as a way to appease their abusers.

4. Abuse as Status

Once material has been gathered by abusers, this is used to gain notoriety, recruit others, and demonstrate status within the networks. The abuse becomes performative, and the more severe or degrading the content, the more status it can confer.

The ADL notes that, while some members do hold extremist views, for most of the 764 network the violence and abuse serves to increase status and influence within the network.This is reflected in the criminal cases lodged against alleged members of 764. In one case, the US Justice Department alleged that CSAM, gore and other violent material obtained through the exploitation of vulnerable individuals online, was used to create “lorebooks” — digital archives of their tortuous activities, traded with other members in the network as a form of social currency that solidifies their social status.

These lorebooks are often stored in encrypted “vaults”, creating conditions for repeated re-sharing, meaning even if the initial abuse appears to have stopped, revictimisation can easily occur.

5. Physical Harm

The most concerning feature of the 764 abuse chain is that it does not always remain online. Once perpetrators have gained significant leverage, they can use this to push victims toward offline or embodied harm.

The bridge from NCII to physical harm is not separate from the abuse chain; it is the point where the coercive value of the imagery becomes visible offline. For trust and safety teams, recognising that bridge early can be the difference between removing abusive content after the fact and interrupting an active pattern of control before further harm occurs.

For example, a UK-based 764 member pled guilty to encouraging suicide after digitally blackmailing a minor into attempting suicide. In another case, a US-based 764 member admitted to coercing minors into extreme bodily mutilation or suicide attempts. While the aforementioned CVLT case showed that members encouraged victims to commit acts of self harm, but other instances have gone further — with encouragement towards suicide attempts, animal abuse, or violence against family members.

Why 764 challenges traditional trust and safety workflows

Most mainstream platforms have policies that cover NCII, child sexual exploitation, harassment, doxxing, violent threats, and extremist content. The challenge is that 764-linked behavior can cut across several of these categories at once. A single incident may involve:

• Grooming or deceptive relationship-building
• Coerced intimate imagery
• Threats to expose or distribute material
• Doxxing, swatting, or harassment
• Self-harm encouragement or coercion
• Violent extremist symbolism or nihilistic community affiliation
• Cross-platform migration after enforcement

Handled in isolation, each signal may look like a singular violation. Viewed together, they reveal an interconnected abuse system.

This is where adversarial intelligence becomes essential.

Networks like 764 are decentralized, unstable, and highly adaptive, often shifting names, structures, and leadership as enforcement pressure increases.

Conclusion

In coercive extremist networks, intimate imagery can become a tool of control: a way to isolate victims, enable further abuse, and generate status inside the network. Effective NCII response requires integrated intelligence, cross-policy coordination, escalation pathways for high-risk victims, and an understanding of how adversarial communities operate.

This is where proactive adversarial intelligence matters. Alice helps platforms identify emerging abuse patterns before they scale, connect fragmented signals across policy areas, and translate intelligence into earlier intervention.”

If your platform is seeing similar cross-policy abuse patterns, Alice’s intelligence experts can help identify, assess, and mitigate emerging risks before they escalate. Learn more about Alice’s Intelligence offering at alice.io/intelligence, or speak with an expert at alice.io/contact-us.

Intimate Images as Instruments of Control: 764, NCII, and the Evolution of Extremist Extortion was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Fake news about disease outbreaks is not built from scratch, but builds on a previously tried and tested misinformation framework. Researchers from Alice’s Emerging Trend Detection team highlight three post-Covid-19 disease outbreaks below, illustrating how this framework facilitates an ever-increasing speed of misinformation spread and adoption. This has important implications for how platforms, policymakers, and trust and safety teams approach emerging health-related misinformation narratives.

New Outbreaks Activate Existing Misinformation Narratives

You might assume that each outbreak of a disease would come with its own misinformation narratives, given changing contexts, locations, and impacts. However, data collected following the May 2026 outbreak of hantavirus on board the Dutch expedition cruise ship, MV Hondius, starkly shows how the information environment shaped during the Covid-19 pandemic continues to influence how new health crises are interpreted.

When analyzing misinformation narratives emerging from the hantavirus outbreak, Alice researchers found the health-related conspiracies and misinformation logic remained remarkably similar to what was built, adapted, and scaled during the Covid pandemic: elites orchestrating the outbreak, hidden motives of governments and international organizations, as well as pharmaceutical companies, and treatments that kill rather than cure. The familiarity of the narratives to online users engaging with them increases the speed of adoption and paves the way for international, cross-border spread.

The Numbers Behind the Pattern

Alice analysts identified close to 900 unique Covid-19-related misinformation narratives during and following the Covid pandemic, with peak activity running through to the end of 2022, averaging 23.7 new narratives per calendar month. There were five dominant focuses, with some narratives containing more than one:

1. Vaccine harm/death claims (52%+)
2. The pandemic was planned/plandemic (20%)
3. Suppression of “the truth” (20%)
4. The disease/numbers are fake (14%)
5. Bioweapon/lab origin (7%)

While another 22% mapped to smaller, localized, political content or social unrest.

Claims emerging from the hantavirus outbreak show this same infrastructure is being reused to spread misinformation. Alice’s data shows 35 hantavirus-related narratives appeared between May 6 and May 19, 2026. That is a concentrated burst, but the more important point is how those narratives were framed. 92% of these claims mapped to the same broad frame set that dominated Covid-19 narratives.

The strongest single category focused on the disease being staged, with 69.4% of the hantavirus narratives mapping to it. When comparing to the Covid-19 division, the percentages are as follows:

Suppression and Bioweapon are roughly proportionate between Covid-19 and hantavirus, the infrastructure transferred at about the same rate for those themes.

Staged and Plandemic are massively overrepresented among hantavirus narratives. The “this is fake / this was planned” framing occurred at 3–4x the rate seen in Covid. This suggests those are the most portable, most immediately deployable narrative templates; they don’t require any disease-specific knowledge to apply.

Vaccine Harm is underrepresented at 14% vs 52%; which is explained by there being no hantavirus vaccine yet. The fact that there are vaccine misinformation claims at all, emerging from the hantavirus outbreak, strongly confirms the use of a pre-existing narrative structure.

While percentages change, the pattern is significant. Most of these narratives did not need to construct a brand-new mythology around hantavirus itself. Instead, they plugged the outbreak into pre-existing assumptions. The disease changed, the interpretive lens did not.

Familiarity Breeds Speed

The pre-existing misinformation infrastructure built during Covid-19 enabled false narratives around new diseases, such as hantavirus, to spread rapidly. For example, on May 4, 2026, the very same day that the WHO made official reference to the outbreak as such, users were already making the claim that this was “another orchestrated event.”

During Covid, it took weeks or months for certain narrative themes to fully emerge: vaccine harm claims didn’t appear until 50 days into our tracking period, and suppression narratives took over 100 days. With hantavirus, every single one of the five major narrative themes was present within 72 hours of the first mainstream media reports. The first vaccine-harm narrative emerged only after Pfizer announced results in November 2020. With hantavirus, it appeared on day 1, although still to this day there is no approved vaccine.

This speed is particularly striking given the limited real-world impact of the 2026 hantavirus outbreak, especially when compared to the global scale of the Covid-19 pandemic, which claimed millions of lives and led to never-before-seen governmental responses across the world. Rather than spreading hantavirus-specific misinformation, the familiar Covid-19-era misinformation narrative infrastructure helped accelerate their spread.

This Is Not Just Fast, It Is Also Broad

The spread of hantavirus-related misinformation is not only notable for its speed of adoption, but also for its reach and linguistic spread. For example, a widely shared claim alleged that the public health response to the hantavirus outbreak was part of a broader WHO effort to force countries to adopt a Pandemic Treaty and comply with International Health Regulations. The narrative reached millions of users and appeared across social media accounts posting in, among others, English, Italian, Korean, French, Japanese, Finnish, Norwegian, Spanish, German, Portuguese, Romanian, Greek, Arabic, Polish, Russian, Dutch, and Chinese, within 24 hours.

Bird Flu Reinforces the Same Pattern

While the hantavirus led to a particularly evident adoption of Covid-era narratives, this pattern can also be discerned across other health crises. Since 2021, outbreaks of bird flu have caused periodic spikes in health misinformation. Although bird flu misinformation spread less widely, the narratives show many of the same underlying assumptions. Misinformation narrative themes for bird flu can similarly be mapped, such as the disease being orchestrated by elites, to claims that the disease is fake or lab-engineered and that it is a ruse to get the population to ingest the Covid-19 vaccine. 68% of bird flu narratives mapped to the ‘Pandemic Orchestrated by Elites’ frame, more than five times the rate seen in Covid narratives, suggesting the “plandemic” template was already so established it became the default first response. Once again, while the disease changes, the themes remain the same.

Is Ebola the One to Watch?

A current, concerning outbreak of Ebola in the Democratic Republic of Congo and Uganda, which has already taken more than 130 lives at the time of writing, may be the next trigger for the same information infrastructure to be implemented. With claims about elite orchestration, hidden motives, and deadly treatments currently being tracked by Alice researchers.

The misinformation response to the four different outbreaks described in this blog; Covid-19, hantavirus, bird flu, and Ebola, shows that the real risk is not tied to one single disease; it is tied to the misinformation infrastructure’s portability.

Once institutional distrust becomes the default lens through which audiences interpret public-health events, any outbreak, even one with limited initial traction, can be folded into the same conspiracy logic.

Why This Matters for Trust and Safety Teams

The rapid adoption of an existing health-related misinformation infrastructure has important implications for platforms, policymakers, and trust and safety teams dealing with emerging health narratives. If each outbreak is treated as a self-contained misinformation event, the response will be too reactive. Teams might monitor disease-specific keywords, disease-specific rumors, and disease-specific claims only after they begin to spike.

But if we understand that a deeper, reusable infrastructure exists, then detection has to move upstream. That means looking out for the narrative components that consistently make those claims travel, such as anti-institutional framing, vaccine misinformation, engineered-outbreak rhetoric, disease staging, and attempts to recast new health events through unresolved Covid-19-era suspicion. The most dangerous narrative is not the newest one, but the one audiences already know how to believe.

How Alice Helps Teams Detect These Shifts Early

For organizations trying to understand and mitigate these shifts, Alice helps track the evolution of harmful narratives across crises, platforms, and languages. Its Trust and Safety solutions are designed to identify emerging misinformation patterns early, including the recycled distrust frameworks that allow new outbreak narratives to scale across languages and online communities before they fully break into the mainstream. Learn more about our Intelligence offerings here or get in touch with an expert here.

Covid-19 Built the Misinformation Infrastructure, Hantavirus Shows How Well it Works was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Alice conducted a red team investigation using a sample of 50 viral leaked CSAM cases, simulating how users might intentionally search for and access harmful content, to assess how high-risk NCII content surfaces across mainstream platforms. Alice found that 70% of viral cases remain accessible via mainstream search infrastructure.

Non-consensual intimate imagery (NCII) is no longer a contained category of online harm — it is an expanding, industrialized ecosystem. Defined as the non-consensual creation, distribution, or solicitation of intimate or sexualized content, NCII spans images, video, audio, and text, and includes everything from real-world abuse to synthetic AI-generated material.

NCII is not limited to adults. Recent investigations by Alice reveal an urgent and underreported issue within this ecosystem: the convergence of NCII and Viral Leaked Child Sexual Abuse Material (CSAM). Viral, non-consensually distributed content depicting minors, often originating from hacking, coercion, or covert recording remains readily accessible through mainstream discovery systems. This represents one of the highest severity tiers of NCII, yet it continues to fall through the cracks of moderation.

Today the TAKE IT DOWN Act comes into force, addressing this blind spot is no longer optional; it is a regulatory, operational, and ethical necessity.

The Blind Spot: When NCII is CSAM

Alice conducted a red team investigation, simulating how users might intentionally search for and access harmful content, to assess how high-risk NCII content surfaces across mainstream platforms. Using a targeted dataset of 50 known viral CSAM cases, we found that 70% of these cases remain accessible via mainstream search infrastructure, particularly through image indexing systems.

Why Viral CSAM Is Missed

Alice’s findings point to a systemic failure, not of policy, but of execution and integration between detection systems and enforcement workflows. This disconnect between safety policy and how detection operates in practice allows one of the most egregious forms of NCII to remain permanently indexed.

At the core of this issue is a fundamental limitation: automated detection systems are built to identify known content but struggle with emerging, modified, or context-dependent abuse. Most platforms rely on hash-based detection, which assigns a unique digital fingerprint to previously identified CSAM and scans for exact or near-exact matches. This approach is highly effective for known material, but it depends on that content already existing in a database. As a result, viral CSAM can fall outside these pipelines, either because it has never been added to shared datasets or because it appears in slightly altered forms, such as cropped or re-encoded versions, that evade matching.

This is further compounded by structural fragmentation. Even where content is known, detection and enforcement are inconsistently applied across platforms. Platforms maintain separate enforcement mechanisms for NCII and CSAM, which are not effectively integrated. Long-standing obligations to report CSAM to The National Center for Missing & Exploited Children (NCMEC) have shaped detection systems around identifying known, legally defined content and routing it into law enforcement. In contrast, NCII is primarily handled through content moderation and removal pipelines, often triggered by user reports.

When content sits at the intersection of both, such as viral CSAM, it does not fit cleanly into either system. Instead of being treated as a distinct category of harm, it is either absorbed into CSAM reporting flows or handled as generic content moderation, resulting in inconsistent prioritization and enforcement.

At the same time, Trust and Safety teams operate within individual platforms, while the NCII ecosystem spans multiple platforms and geographies making it difficult to keep pace with a self-sustaining system driven by commercial incentives.

The TAKE IT DOWN Shift

The TAKE IT DOWN ACT establishes a new framework for how this problem is handled. It establishes publishing NCII as a federal criminal offense and mandates a notice-and-takedown regime requiring platforms to remove reported content within 48 hours, including “reasonable efforts” to identify and remove identical copies.

However, this introduces a critical limitation. The law requires platforms to act quickly once content is reported, but it does not require them to proactively detect it. As a result, enforcement remains largely triggered by reporting rather than discovery.

This highlights a broader structural issue: even as accountability increases, enforcement still relies heavily on victims to surface harmful content. In practice, this means platforms may technically comply with removal obligations while still hosting additional variants, or undiscovered instances of the same content.

While platforms are not strictly liable for content they are unaware of, repeat failures to detect and address widely circulating, high-risk material can raise questions about the adequacy of their systems, creating both ongoing harm for victims and increased regulatory scrutiny.

AI Is Accelerating the Problem at Scale

AI systems are actively making this problem worse, enabling the creation and distribution of viral CSAM at an unprecedented scale.

The National Center for Missing & Exploited Children (NCMEC) has reported a dramatic surge in AI-related exploitation, with a total of 485,000 reports related to AI-generated CSAM reported in the first half of 2025, compared to 67,000 in 2024.

Closing the Gap

That’s why this gap between NCII enforcement and how viral CSAM actually surfaces, where high-risk content is not consistently detected or acted on, has to be closed now, proactively rather than reactively.

This requires a combination of technological capability and intelligence-led enforcement.

To do so, platforms must move beyond reactive, hash-based systems and invest in earlier detection at ingestion, cross-platform signal sharing, and continuous monitoring of high-risk content. Detection systems must also evolve to account for modified and AI-generated variants, ensuring enforcement is consistent across all surfaces.

At Alice, we help platforms identify what their systems miss, surfacing high-risk content, and mapping how it spreads across the ecosystem.

Learn more about our Intelligence offering here, or speak directly with an expert to strengthen your Trust & Safety strategy.

Why Viral CSAM is Missed: Navigating the NCII Pipeline was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Synthetic Influence, Real-World Harm: How AI Influencers Are Creating New Pathways for Image Abuse and Exploitation

Alice analyzed over 500 sources to understand how stolen media, synthetic identities, and adult monetization are converging into a scalable abuse pipeline.

AI influencers are no longer a novelty. Across social platforms, synthetic personas are being used to attract followers, sell subscriptions, and simulate intimacy at scale. Some are clearly fictional. Others are designed to blur the line between human and machine.

That ambiguity is becoming a AI, trust, and safety problem.

Alice investigations have revealed that some AI-generated influencer accounts are built using images and videos taken from real women, models, adult creators, and ordinary users. In some cases, a real person’s video is copied, their face is replaced with an AI-generated one, and the resulting persona is promoted as an “AI model” or “virtual influencer.” These accounts then redirect followers to paid platforms, adult-content sites, subscription pages, dating services, or AI companion apps.

This trend is often described as “AI pimping”: the creation and operation of AI-generated adult influencer accounts that monetize synthetic sexualized personas. The concern is not only fake sexual content. It is the emergence of a repeatable ecosystem where synthetic personas can be created, promoted, optimized, and monetized, sometimes using real people’s bodies, images, or likenesses without consent.

For platforms, this creates risk across non-consensual intimate imagery (NCII), impersonation, sexual exploitation, creator abuse, fraud, and trafficking-adjacent activity.

The AI Influencer Abuse Pipeline

AI influencer abuse is not a single content violation. It is a process. A single actor can harvest real content, generate synthetic identities, promote them on mainstream platforms, monetize them elsewhere, and share the method with others.

To better understand how this ecosystem operates, Alice analyzed over 500 sources linked to AI influencer abuse, synthetic adult personas, non-consensual image manipulation, and related monetization tactics.

1. Image and video harvesting

Threat actors collect images and videos from public social media profiles, adult creator pages, modeling portfolios, livestreams, stock libraries, dating profiles, and short-form video platforms.

They do not always need to steal a full identity. Often, they only need a body, pose, gesture, voice sample, outfit, or movement pattern that can be repurposed into a synthetic persona.

This creates a detection gap. If the victim’s face is removed or replaced, the abuse may fall outside standard conceptions of synthetic impersonation. But the victim’s body, labor, performance, or original media may still be exploited.

2. Face-swapping and synthetic identity creation

After collecting source content, threat actors use AI tools to generate a new face, avatar, or fictional identity and map it onto real bodies. The result may appear to be a fictional “AI model,” while the underlying media still comes from a real person who never consented.

This gives exploiters plausible deniability. They can claim the account is synthetic while relying on stolen human content. It also exposes a policy gap: many platform rules focus on copied names or faces, while this abuse may involve stolen bodies, movements, or source media.

3. Non-consensual sexualization

The same process can be used to create or distribute NCII. This means that benign images can be transformed into sexualized content. For example: clothed videos can be repurposed into adult material; a creator’s body can be used in synthetic pornography; and, a social media profile can become the raw material for an AI-generated “girlfriend,” “model,” or “sex worker.”

For victims, the harm does not depend on whether the image is technically “real.” If someone’s likeness, body, identity, or original content is used to create sexual content without consent, the impact can include harassment, reputational damage, income loss, extortion, stalking, and psychological harm.

For platforms, the abuse may appear as explicit deepfakes, face-swapped adult content, AI-generated nude images, fake adult creator accounts, or suggestive “soft-funnel” influencer content that redirects users to explicit paid material elsewhere.

4. Persona packaging and promotion

Once the synthetic identity is created, threat actors package it as a marketable persona using labels such as “AI model,” “virtual influencer,” “AI girlfriend,” “digital creator,” or “AI companion.”

These accounts often post suggestive but platform-compliant content: lifestyle images, swimwear, fitness, cosplay, glamour videos, flirtatious captions, or simulated personal updates. The goal is to attract attention while avoiding immediate enforcement.

Then, when users engage with these advertisements, they are redirected through link-in-bio pages to subscription platforms, paid messaging, private groups, adult-content sites, dating services, or AI companion apps.

5. Monetization

The monetization layer turns synthetic influence into a scalable abuse model. Threat actors can profit through subscriptions, pay-per-view content, tips, paid messaging, custom requests, affiliate schemes, and paid guides teaching others how to replicate the method.

The risk is not only the sale of explicit content. It is the professionalization of the process. Prompts, templates, tool stacks, posting schedules, and guides of “how to make money with AI girls” turn individual abuse into a repeatable business model.

6. Knowledge sharing and scaling

The process is reinforced by the existence of online communities where users exchange prompts, tool recommendations, monetization playbooks, growth tactics, platform-evasion tips, and revenue screenshots.

The Platform Stack Enabling the Ecosystem

The AI-driven adult influencer ecosystem presents itself as a stack of services that support different stages of the abuse pipeline.

This fragmentation makes enforcement difficult. A single abusive persona may be created on one service, promoted on another, monetized on a third, and discussed in a fourth. No single platform may see the full chain.

Why This Matters

The most visible harm is NCII, but the exploitation risks are broader.

AI influencer abuse can enable image-based sexual abuse, economic exploitation of creators, impersonation, fraud, sextortion, and trafficking-adjacent activity. Synthetic personas can be used to advertise sexual services, mask exploiters, support deceptive recruitment, or normalize the commercialization of sexualized identities without meaningful consent.

Not every AI influencer operation is NCII or linked to trafficking. But the infrastructure overlaps with exploitation tactics: deception, control, sexual commodification, impersonation, monetization, and cross-platform concealment.

What Platforms Should Prioritize

Platforms should focus on the full abuse chain, not only the final image.

That means building reporting pathways for body and content theft, not only face-based impersonation. Victims should not have to prove that their face was copied if their body, performance, or original content is being monetized.

Adult monetization platforms should require stronger consent and provenance checks for AI-generated or AI-assisted adult content, especially where image uploads, cloning, or face-swapping are involved.

Repeated AI adult persona funnels may reflect broader patterns of coordinated commercial behavior across mainstream platforms. Trust and Safety teams should also monitor the knowledge-sharing layer, where tutorials, prompt packs, “AI girl” courses, and monetization communities can reveal emerging abuse before it scales.

Finally, detection must be multilingual. The same operating model appears across languages and regions, even when the terminology changes. It is to: acquire content, create synthetic personas, promote them, monetize attention, and teach others to replicate the process.

From Synthetic Personas to Real Harm

AI influencers are often framed as scalable, customizable digital creators. But when synthetic personas are built from stolen media, sexualized without consent, or used to redirect audiences into monetized adult ecosystems, they become abuse infrastructure.

The threat is not that AI influencers exist. The threat is the repeatable abusive process: stolen media, synthetic identity, social media growth tactics, adult monetization, and knowledge-sharing communities that help the model scale.

For Trust and Safety teams, early detection matters. The most effective response is not only identifying the final harmful image, but understanding the communities, tools, funnels, and behavioral signals that allow this abuse to grow.

If your platform is facing risks related to AI-generated personas, non-consensual intimate imagery, synthetic sexual content, or exploitation-driven monetization, Alice’s intelligence experts can help identify, assess, and mitigate emerging threats before they escalate.

Learn more about Alice’s Intelligence and contact us to speak with an expert

Synthetic Influence, Real-World Harm: How AI Influencers Are Creating New Pathways for Image Abuse… was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.

Using proprietary intelligence collection methods, Alice analyzed a sample of 95 pieces of violative content — including the sexualization of minors and non-consensual intimate imagery (NCII) — sourced from threat actor activity across X and adjacent platforms. Alice did not generate this content; all material was identified through monitoring of real-world abuse activity. The findings show that NCII and child sexualization content continues to be generated and distributed via Grok months after X declared its safeguards active, with removal rates falling well below the platform’s stated zero-tolerance commitments.

Introduction

On January 15, 2026, X’s official safety account announced that it had implemented significant new technical safeguards to prevent Grok, its AI system, from generating non-consensual nudity and child sexual exploitation material. The statement was unambiguous: these restrictions would apply to all users, including paid subscribers, and X had conducted proactive sweeps to remove violative content already on the platform.

This announcement followed growing public scrutiny around Grok’s ability to generate and manipulate image-based content, including the sexualization and nudification of real individuals and minors. As generative AI systems become increasingly embedded within large-scale social platforms, these capabilities introduce a new category of risk, where harmful content can be produced, modified, and distributed within the same ecosystem. The January 15 announcement was X’s answer to that pressure.

We decided to test it.

Following the announcement, Alice conducted an independent investigation to assess whether the newly introduced safeguards translated into meaningful outcomes in practice. What we found raises serious questions, not just about X’s enforcement, but about the broader challenge of implementing effective AI safety controls within large-scale social platforms.

The Intelligence: What We Found

Enforcement Gaps Following Safeguard Deployment

The numbers tell the story plainly. To assess the effectiveness of X’s updated safeguards, Alice re-examined a previously identified sample of violative content surfaced prior to the January 15 policy announcement, spanning confirmed cases of minor sexualization and adult NCII generated or distributed through Grok.

Alice’s independent verification found that of CSAM cases Alice had previously identified prior to January 15, 83.3% remained active on the platform at the time of re-examination.

Of the adult NCII cases previously documented, 94.1% of the adult NCII sample was still accessible, untouched by X’s stated proactive sweeps. The gap between what was promised and what was observed is not marginal, it is the dominant finding.

Continued Generation of Violative Content Post-Safeguards

The enforcement gap was only part of the picture. In parallel, Alice conducted additional collection following the January 15 rollout to assess whether new controls prevented further abuse. They did not, at least not consistently.

Despite the introduction of technical restrictions, new instances of violative content continued to be identified, including both adult NCII and minor sexualization, spanning confirmed cases as well as high-risk edge cases involving youth-coded individuals. In total, Alice analyzed 20 additional instances of CSAM and 45 instances of adult NCII generated and distributed by Grok after xAI’s proactive platform sweeps. Notably, some of these cases were generated after January 15, with instances documented as recently as April 2026, meaning the content was produced after the safeguards were purportedly in place.

Premium Access as a Partial Control — Not a Safety Mechanism

X introduced access restrictions limiting image generation to paid subscribers, framing this as an additional accountability layer. In practice, it functions differently.

Alice identified multiple instances of violative content generated through premium accounts after the safeguard rollout. More significantly, in several cases where a non-premium user submitted a high-risk prompt, Grok did not issue a refusal or a safety warning. Instead, it responded by informing the user that image generation was a premium feature, and provided a link to subscribe.

That distinction is critical.

A system that redirects potentially harmful intent toward a paywall is not blocking the behavior, it is monetizing the pathway to it.

Model Behavior and Edge Case Risk

Beyond explicit violations, analysis also identified risks in how the model handles ambiguous or contextually complex prompts. In several instances, Grok generated sexualized outputs in response to prompts that were not overtly explicit, including clothing modifications or removal involving real individuals. Additionally, repeated interactions within comment threads demonstrated how outputs could become progressively more sexualized through iterative prompting.

These patterns highlight challenges in the model’s ability to consistently identify and block high-risk content, particularly in cases involving:

• Non-explicit prompts with implicit intent
• Youth-coded subjects where age is not explicitly confirmed
• Contextual or stylized requests that mask harmful outcomes

Adversarial Adaptation and Safeguard Probing

Alice also observed active user behavior aimed at testing and mapping Grok’s new boundaries. Across X and external forums, users were seen probing the AI directly to identify gaps in its refusal logic, sharing successful prompt strategies with others to circumvent restrictions, and documenting successful methods for generating restricted content to bypass filters.

This behavior is not incidental. It reflects a community actively adapting to newly introduced controls, iterating in near real-time, and distributing knowledge of what works.

What This Means

Grok is not just generating content, it is transforming existing inputs and amplifying harmful ecosystems.

The findings above point to a fundamental challenge that extends beyond X. It highlights a broader challenge in the implementation of safety controls for generative AI systems integrated into social platforms. When safety controls are designed as fixed, rule-based interventions, they can be mapped and exploited. The January 15 safeguards appear to function as a static layer applied to a dynamic, adversarial environment, and the results reflect that mismatch.

Several patterns are worth highlighting for platforms and trust and safety practitioners more broadly.

1. Access-based restrictions do not eliminate risk, they reshape it. Limiting generation to paid users introduces friction, but as our findings show, that friction does not prevent harmful outcomes when the underlying model still responds to high-risk prompts with redirects rather than refusals.Edge cases carry disproportionate risk. A significant portion of the violative content identified did not involve explicitly prohibited prompts. It involved youth-coded subjects, indirect framing, and cumulative escalation; scenarios that binary or keyword-based classification approaches are structurally poor at catching.
2. Once content exists, it persists and spreads. Grok-generated imagery was redistributed manually by users into comment threads where the bot had declined new requests. Videos generated through Grok’s photo-to-video features depicted subjects in sexualized scenarios and were shared independently of the original generation event. The content lifecycle does not end at creation.

Taken together, these patterns suggest that safeguards designed as isolated interventions are insufficient in environments where user behavior, model capabilities, and platform dynamics are all continuously evolving.

The Intelligence Advantage

What distinguishes the environments where AI misuse scales is not just the content itself, it is the behavioral layer surrounding it: how users probe and adapt to systems, how outputs migrate across platforms, and how harmful patterns emerge through signals that are individually ambiguous but collectively significant.

The findings from this analysis point to a broader shift in how abuse manifests. Rather than originating solely within a single platform, harmful behaviors are increasingly composed across multiple layers, combining AI-generated content, user interactions, and off-platform ecosystems where techniques are shared and refined. This includes the use of circumvention strategies, iterative prompting, and migration to external platforms to bypass safeguards.

Identifying these risks early requires continuous cross-surface monitoring, the ability to interpret high-risk edge cases before they reach explicit violation thresholds, and intelligence frameworks that evolve alongside the behaviors they track. Static detection approaches, however well-designed, are outpaced in environments where adversarial adaptation is both fast and distributed. As AI systems continue to evolve, so too must the intelligence frameworks used to understand and mitigate their misuse.

Understanding these dynamics is critical for any platform operating in AI-enabled environments, where risk does not always present itself through explicit violations, but emerges through patterns, edge cases, and cross-platform activity.

If your platform is facing similar challenges, Alice’s intelligence experts can help identify emerging abuse patterns, assess risk exposure, and develop proactive mitigation strategies. Learn more about our Intelligence offering or speak with an expert.

When Safeguards Fail: Testing Grok’s AI Controls on X was originally published in Intelligence @ Alice on Medium, where people are continuing the conversation by highlighting and responding to this story.