There is an uncomfortable pattern in the history of consumer technology, and it is worth stating plainly before we get to artificial intelligence. New media technologies are very often pulled into the mainstream by demand for adult content, and the engineering that demand funds tends to benefit everyone who comes later. This is not a fringe theory; technology historians have documented it across half a century. The same dynamic is now unfolding in generative AI, but with a set of harms the earlier waves never produced. The focus of this piece is that shift, how the nature of the harm changes when machines can fabricate rather than merely distribute, and what it means for anyone building, deploying, or governing these systems.
We work on getting AI systems safely into production. That work is impossible to do well without a clear-eyed look at how these systems get misused, because the misuse defines the safeguards you have to build. This is that look.
The historical pattern
The claim that adult content drove early technology adoption is well supported, even where the exact figures are disputed. Technology historian Jonathan Coopersmith has argued for years that demand for explicit material accelerated the spread of the home VCR, then cable, then the consumer internet, because people wanted to consume that material privately and were willing to pay for the technology that let them. A frequently cited example is the VCR, whose early adoption was fueled in part by consumers wanting to view adult material at home, helping disseminate the technology.
The VCR
Home viewing drives early adoption.
Cable
Private, paid channels expand reach.
The internet
Streaming, online payments, analytics.
Generative AI
The first half of the cycle is well underway - but the artifact is different.
The internet era intensified it. Many of the first commercial websites were adult bulletin-board operators who moved their image collections online, and the web arguably gained early mainstream traction in part because it was an effective medium for this content. The sector was an early and aggressive adopter of technologies that later became universal: streaming video in the browser, online payment processing, traffic analytics, and bandwidth-hungry media delivery. The founder of the adult site Kink.com, Peter Acworth, recalled that when customers demanded live high-definition streaming years ago and no acceptable off-the-shelf solution existed, the company built its own, ahead of mainstream media sites.
The bandwidth claims are where caution is needed, because they are frequently exaggerated and rarely sourced rigorously. Various estimates over the years have placed adult content at a large share of internet traffic, with figures of roughly a third commonly repeated. One often-quoted framing holds that adult material once consumed more than half the world's bandwidth and has since "dropped" to about a third, not because viewership fell but because total streaming volume from services like video platforms grew so much larger around it. The precise percentage matters less than the direction it points: for decades, demand for this content was a meaningful driver of investment in faster delivery, better compression, and easier access. The infrastructure got built, and everyone inherited it.
That is the pattern. A technology arrives, demand for illicit or adult uses funds its early refinement, the rough edges get sanded down, and the mainstream adopts the matured result. With generative AI, the first half of that cycle is well underway. The difference, and it is a serious one, is in what the technology now produces.
What is different this time
Earlier waves were about distribution and access. This is not to romanticize what was distributed; the traditional adult industry carried grave harms of its own, which we come back to below. The point of the contrast is narrower and technical. The VCR did not manufacture the people in the videos, and broadband did not fabricate events that never happened. Whatever harm occurred upstream, the technology itself moved existing recordings to more people, more privately, more quickly. It did not invent the subject.
Distribution
The technology moved an existing recording to more people, more privately, more quickly. It did not invent the subject. Whatever harm occurred happened upstream of the medium.
Fabrication
It does not distribute a recording of something that happened; it manufactures a depiction of something that did not - of a specific, identifiable person who never consented and was never present.
Generative AI changes the nature of the artifact itself. It does not distribute a recording of something that happened; it manufactures a depiction of something that did not. That distinction is the entire problem. When the technology can synthesize a photorealistic depiction of a specific real person who never consented and was never present, the harm is no longer about access to content. It is about the fabrication of content targeting an identifiable human being. The earlier analogy holds for the adoption curve and breaks completely on the question of consent.
This is why the conversation cannot stay technical. The same generative capability that produces a synthetic film set or a stylized portrait also produces non-consensual intimate imagery of real people, and the second use has driven a measurable surge in harm.
The ecosystem driving it
The technical center of gravity for this activity is the open-source generation ecosystem, and it is worth describing accurately, at a high level, because the structure explains why the problem is hard to contain.
Modern open image and video generation is modular. A base model provides general capability, and the community extends it with small add-on files, commonly low-rank adapters, that specialize the output toward a particular subject, style, or person without retraining the whole model. Thousands of these adapters are shared on open repositories, and the number grows continuously. They are assembled and run through node-based interfaces such as ComfyUI, which give users visual, fine-grained control over the generation pipeline by connecting modular components into a workflow that can then be packaged and shared so others can reproduce a result.
None of this is inherently illicit. The same modularity powers legitimate concept art, game asset pipelines, film pre-visualization, and design work. The difficulty is that the architecture is permissionless by design. A workflow tuned for a harmful purpose travels through the same sharing channels as a benign one, and the community's strength, rapid iteration and open distribution, is exactly what makes harmful applications spread.
Two further developments sharpen the problem. First, model repositories that host community contributions sit under continuous tension between openness and safety. Civitai, the largest such platform, has faced sustained criticism from safety advocates over how easily its hosted components can be used to create deepfake and non-consensual content. It has responded by hiring trust-and-safety staff and strengthening detection, while openly acknowledging that no moderation system is perfect and that moderation at its scale is one of the hardest problems in the field.
Second, and more concerning, is the deliberate removal of safety behavior from models. Aligned models are trained to refuse harmful requests, but there is now a category of openly circulating "abliterated" models in which that refusal mechanism has been mathematically stripped out, so the model no longer declines anything; others are fine-tuned specifically on adult datasets to the same end. This is the AI-specific version of an old story: a safety feature exists, and a community forms specifically to defeat it.
How safeguards are being circumvented
The safeguards on responsible AI systems are real, and on the major commercial platforms they are strong. The problem is that determined misuse routes around them in predictable ways, and understanding those routes is essential for anyone designing defenses.
Prompt manipulation
Safety filters are probed and evaded through obfuscated prompts that frame requests in oblique or substituted language the model does not recognize as prohibited. Demonstrated in research, though with limited success rates and many attempts.
Leaving the guarded system
When a commercial provider enforces strong filters, misuse migrates to self-hosted open models with no filters at all. Tightening one platform does not solve the problem; it relocates it.
No guardrails to defeat
The most damaging route requires defeating nothing. Some widely available consumer tools have simply shipped without adequate guardrails, and were misused at scale within days.
The first route is prompt manipulation. Text-to-image safety filters can be probed and evaded through carefully constructed or obfuscated prompts. Academic work has demonstrated automated frameworks that find prompts capable of slipping past a commercial model's filter by framing requests in oblique or substituted language it does not recognize as prohibited, though such methods have shown limited success rates and required many attempts. The same pattern extends beyond images: security researchers report that bad actors already push language models past their built-in protections using crafted prompts and adversarial suffixes.
The second route is simply leaving the guarded systems entirely. When a commercial provider enforces strong filters, misuse migrates to self-hosted open models with no filters at all, or to the deliberately unrestricted models described above. This migration is the core reason that tightening a single platform does not solve the problem; it relocates it.
The third route is the most damaging, because it does not require defeating a safeguard at all. Some widely available consumer tools have, at various points, simply lacked adequate guardrails. In late 2025 and early 2026, Grok, the AI assistant built into the social platform X, was used at scale to generate sexualized images of real people, including apparent minors, in what investigators and reporters described as a mass episode of users digitally altering images of real individuals without consent. Reporting indicated the tool was exploited to "digitally undress" real people, generating an estimated 1.8 to 3 million such images and prompting investigations across multiple countries, including the United States, the United Kingdom, the EU, India, France, Malaysia, and Indonesia. French authorities opened a formal investigation in early 2026, and xAI eventually restricted image generation to paid users and blocked edits of real people in revealing clothing. The lesson for builders is blunt: a powerful generative feature shipped without robust, tested safeguards is not a neutral tool waiting to be misused. At scale, it will be misused within days.
The human harm
The abstract risk became a measured reality quickly. The volume of synthetic intimate imagery has grown sharply, and the tools to create it have become some of the fastest-spreading applications in the category. By one accounting, the number of deepfake files grew from roughly 500,000 in 2023 toward a projected figure in the millions by the end of 2025, with apps designed to fabricate nude images becoming one of the fastest-growing categories of AI tool.
The harm is not evenly distributed. It falls overwhelmingly on women and, in a particularly alarming pattern, on children, including by other children - classmates fabricating explicit images of peers for bullying or extortion.
The harm is not evenly distributed. It falls overwhelmingly on women and, in a particularly alarming pattern, on children, including by other children. Child-safety organizations and law enforcement report a sharp increase in AI-generated child sexual abuse material, with offenders including both adults and minors, such as classmates fabricating explicit images of peers for bullying or extortion. The first federal conviction under the new United States law in this area, in April 2026, involved a man who harassed multiple women with fabricated explicit imagery, distributed a synthetic explicit video of a woman to her colleagues, and used the threat of such material to extort others. The case involved cyberstalking, the production of obscene representations, and the publication of digital forgeries against at least six women, alongside other serious offenses.
This is the point at which the historical analogy fully collapses, though not in the way a simple "consent versus no consent" story would suggest. The traditional industry was never free of consent violations; coercion, trafficking, and the exploitation of people who could not or did not consent have long been documented within it, and the harm to those individuals was severe. What changes with generative AI is the source and scale of the violation. Previously, abusing a specific person generally required involving that person, with all the physical access and risk that entailed. The generative wave removes that constraint. Its signature harm is the fabrication of explicit imagery of people who were never present and never participated, produced at scale, frequently to harass, humiliate, or extort them, and reaching victims, including children, who would never have been exposed under the older model. The harm is no longer gated by access to the subject. That is not a market; it is abuse, and it is what the law has moved to address.
The political and corporate dimension
Non-consensual intimate imagery is the most acute harm, but synthetic media reaches further, into elections, institutions, and the basic question of whether a recording can be believed.
Political deepfakes have moved from novelty to operational tool. One threat-intelligence analysis logged 82 high-profile impersonations across 38 countries in a roughly twelve-month period, with electioneering making up around 16 percent of cases. The corrosive effect is not only that a fake clip might fool voters; it is that the mere existence of convincing fakes lets bad actors dismiss authentic recordings as fabrications, a dynamic that erodes shared reality itself. Analysts note that even without proof that a single election was decided by a deepfake, the psychological impact is real: people may come to doubt everything or trust nothing. Detection and watermarking help but remain fragile, because adversaries simply migrate to unmarked open-source models, and detection tends to lag behind release.
The corporate exposure is just as concrete. Synthetic voice and video are now good enough to defeat human verification in real time. In a widely reported case, the engineering firm Arup lost about 25 million dollars in early 2024 after an employee joined a video call populated by a deepfaked chief financial officer and other synthetic colleagues realistic enough to authorize a series of wire transfers before the fraud was detected. Fraud analysts now warn that synthetic identities can pass live job interviews, turning hiring into an attack surface. Experian's 2026 fraud forecast warns that deepfakes capable of "outsmarting HR," including synthetic candidates who pass interviews in real time, represent a top emerging threat.
There is even a direct organizational version of the consumer harm. In a reported case, anonymized by the source, a mid-sized marketing agency gave its creative teams unrestricted access to image generation, and in March 2025 an employee fabricated compromising images of a competitor's chief executive as an internal joke. The images synced to a client-accessible shared drive, circulated on social media within hours, and the agency settled the resulting lawsuit before trial. The chief technology officer's later reflection was that organizational controls must exceed platform restrictions. That reflection is the one every enterprise should absorb: platform filters are not an organizational control strategy.
What regulation is doing about it
The legal response has accelerated, and the most significant United States development reached a milestone just days before this writing.
TAKE IT DOWN Act
Criminalizes non-consensual intimate images including AI "digital forgeries," and requires platforms to remove flagged content within 48 hours. Full platform enforcement since May 19, 2026, FTC as enforcer.
A fragmented patchwork
169 deepfake-related laws since 2022 and 146 more bills in 2025 alone, with political deepfakes facing the strictest scrutiny - and some First Amendment challenges.
Transparency-first
The EU AI Act's Article 50 requires machine-readable marking and labeling of AI media from August 2026. Australia and Singapore add takedown and correction powers.
The TAKE IT DOWN Act, signed into federal law in May 2025, is the central instrument. It criminalizes the non-consensual publication of intimate images, explicitly including AI-generated "digital forgeries," and requires covered online platforms, from social networks to search engines to image hosts, to remove flagged content within 48 hours of a valid request. The criminal provisions took effect immediately on signing, and the platform-obligation half reached full enforcement on May 19, 2026, with the Federal Trade Commission as the enforcement authority and fines set at tens of thousands of dollars per violation.
The Act does not stand alone. It sits atop an extensive and fragmented body of state law: legislatures have enacted 169 deepfake-related laws since 2022 and introduced 146 more bills in 2025 alone, with political deepfakes facing the strictest scrutiny. The earliest political-deepfake statutes show the pattern. Texas enacted the first in 2019, criminalizing deepfake election videos within 30 days of an election, and Minnesota extended coverage to 90 days before a convention with escalating penalties, though some of these provisions have drawn constitutional challenges on free-expression grounds.
Internationally, the European Union's approach centers on transparency. The EU AI Act's Article 50, with obligations taking effect in August 2026, requires that AI-generated or manipulated media be marked in a machine-readable format and clearly labeled, with exceptions for artistic and journalistic uses; an accompanying Code of Practice on Transparency of AI-Generated Content, expected to be finalized in mid-2026, offers practical guidance on labeling, watermarking, and metadata. Other jurisdictions have taken varied routes: Australia's Online Safety Act empowers a commissioner to issue takedown notices for non-consensual deepfakes, while Singapore's framework enables correction and takedown orders for deepfake misinformation affecting public interest or national security.
No serious observer thinks the law has caught up. Analysts point to gaps in enforcement, coverage, and victim protection even in the strongest statutes, and the patchwork across state, federal, and EU measures creates real compliance complexity, alongside vendor-risk, incident-response, and insurance considerations, for any organization operating across borders. But the trajectory is unmistakable: synthetic media that depicts real people without consent is moving decisively from a legal gray zone into clearly prohibited territory, and the obligations are landing on platforms and deployers, not only on the individuals who create the content.
The other risk: regulation that overshoots
Everything above argues for guardrails, and the case for protecting people from non-consensual and fraudulent synthetic media is strong. But there is a competing risk that a serious treatment cannot ignore, and proponents of a lighter regulatory touch make it forcefully: the wrong rules, or too many of them, can do real damage of their own, and that damage compounds because we are still at the early stages of the technology.
The first part of their argument is about innovation cost. Compliance is not free, and it does not fall evenly. Studies of the EU AI Act's high-risk provisions have estimated meaningful recurring compliance and certification costs per AI system, the kind of fixed burden that a well-funded incumbent absorbs easily and a startup may not survive. The concern its critics raise is that heavy compliance regimes can entrench the largest players, the ones who can afford dedicated legal and safety teams, while marginalizing the smaller entrants who tend to drive the most surprising innovation. A rule written to constrain a handful of frontier labs can end up raising the drawbridge behind them.
The second part is geopolitical, and it is the sharper edge of the argument. Regulation is national or regional, but the technology and its markets are global. If one bloc constrains its developers heavily while others do not, the activity does not stop; it relocates to the more permissive jurisdiction, taking the investment, the talent, and the resulting economic and strategic advantage with it. Commentators have compared this to the way permissive financial regimes attract capital: governments that craft lighter regulatory environments could pull in AI investment and speed deployment, and a state-centric model that deploys autonomous systems at scale could gain strategic advantages in setting global norms. The competitive metrics are already cited as a warning. By one widely reported count, the United States had produced around 40 AI foundation models and China around 15, while the entire European Union, the most heavily regulated of the three, had produced roughly three. Whatever one makes of any single figure, the pattern is part of why the European Commission moved in early 2026 to roll back portions of its own AI Act and data rules it judged too onerous, under explicit competitiveness pressure from the United States and China.
The military dimension makes the stakes higher still. The same generative and autonomous capabilities under debate have defense applications, and a country that restricts itself while a rival does not may cede not just market share but capability. International forums have converged on transparency norms and voluntary principles while largely avoiding binding limits on the highest-stakes uses, precisely because no major power wants to constrain itself unilaterally in a domain it views as strategic. The result is what one analysis called a framework that manages risks at the margins while leaving rival models intact.
The third part of the argument is the one closest to our own work, and it is the clearest illustration of how a blunt rule backfires. The systems that detect and filter harmful content have to be trained to recognize it, and that training requires exposure to examples of exactly the material we want to keep out. A classifier that blocks non-consensual or exploitative imagery cannot learn the difference between that and benign content unless it has been shown enough of both to draw the boundary reliably. The same is true of the hash-matching and detection pipelines that platforms use to catch known abuse material, and of the red-teaming that stress-tests a model's guardrails before deployment. Defensive capability is built on studying the threat.
A law that broadly prohibits handling a category of harmful content, without a carefully drawn exception for safety, research, and detection, does not just restrain bad actors. It can criminalize or chill the trust-and-safety teams, researchers, and vendors who build the filters, because their work necessarily involves handling the very material the law targets. The abusers operate in channels that ignore the rule anyway; the defenders, who are visible and accountable, are the ones exposed.
This puts well-intentioned regulation on a collision course with the safety work it wants to encourage. A law that broadly prohibits the possession, processing, or handling of a category of harmful content, without a carefully drawn exception for safety, research, and detection, does not just restrain bad actors. It can criminalize or chill the trust-and-safety teams, researchers, and vendors who build the filters, because their work necessarily involves handling the very material the law targets. The result is perverse: the abusers operate in jurisdictions and channels that ignore the rule anyway, while the defenders, who are visible, accountable, and trying to help, are the ones exposed to legal risk. Regulation drawn without this carve-out weakens defense more than it weakens offense.
This is not abstract for us. At Strongly, our governance and guardrail functions depend on the ability to accurately identify harmful content, and that accuracy depends on responsible, controlled access to representative examples for training and validation, handled under strict safeguards. Carefully scoped exceptions for this kind of defensive work, the established model for how legitimate safety research and detection are permitted to handle otherwise-restricted material, are what make automated protection possible at all. One category sits outside this entirely: child sexual abuse material is illegal to possess regardless of intent, and responsible detection of it does not rely on training on examples but on authorized, hash-based matching systems operated by designated child-protection organizations and law enforcement. That distinction matters, and good policy preserves both the narrow, tightly controlled path for that category and the broader safety-research exception for everything else. Good regulation protects and ringfences this defensive work explicitly. Blunt regulation that omits it removes the floor from under the safety ecosystem it claims to want.
None of this is an argument against regulation, and it would be a misreading to take it as one. It is an argument about precision and timing. The counter-case is equally real: the claim that competition is purely a "race" that regulation would lose is itself contested, and China has in fact been advancing its own ethics-review, transparency, and safety requirements rather than running entirely unconstrained, which complicates the simple story that restraint only ever means falling behind. Public appetite for some guardrails is high; surveys have found overwhelming majorities favoring AI safety regulation in principle, even amid disagreement over who should write it. And the harms documented earlier in this piece are not hypothetical innovations waiting to bloom; they are active abuses where the absence of rules has a human cost measured in real victims.
The synthesis is that both failure modes are real. Regulation that is too loose leaves people exposed to fabrication, fraud, and abuse. Regulation that is too broad or too early can concentrate power, push development to less accountable jurisdictions, surrender economic and strategic ground, and, as the detection point shows, kneecap the defensive work that actually protects people, all without stopping the abusers it was aimed at. The hard and unglamorous work is targeting: rules narrow enough to hit clear harms like non-consensual intimate imagery and deceptive political fakes, with explicit protection for the safety research and detection work that has to handle the material in order to block it, while leaving the wide space of legitimate development open. The TAKE IT DOWN Act's focus on a specific, clearly defined harm is closer to that model than a sweeping attempt to license the technology itself. Getting that targeting right, repeatedly, as the technology changes, is the actual governance challenge, and it is much harder than choosing a side in a "more rules versus fewer rules" debate that was never the real question.
Our position: accountability over line-drawing
If the line between acceptable and unacceptable use cannot be drawn cleanly in advance, and the history of this exact subject suggests it cannot, then the answer is not to keep trying to draw it more precisely. It is to make sure that whatever someone does is tied to them.
Consider how hard the line-drawing actually is. More than sixty years ago, the Supreme Court tried to define the boundary of unprotected obscenity and effectively gave up on a precise test. In his concurring opinion in Jacobellis v. Ohio in 1964, Justice Potter Stewart wrote that he would not attempt to define the category of hard-core pornography, and perhaps could never succeed in doing so intelligibly, but added the line that became famous: he knew it when he saw it. (The quote is often misattributed; it is Stewart's, not Larry Flynt's, whose own Supreme Court case concerned parody rather than obscenity.) The courts have spent the decades since refining tests that still rest, at bottom, on judgment applied case by case.
“Trying to write a filter that admits all the good uses and blocks all the bad ones is the Stewart problem at industrial scale. No content classifier will resolve cleanly what the Supreme Court could not define in prose.
Generative AI makes that gray area vastly larger, not smaller. The same model that produces non-consensual imagery produces legitimate art, satire, education, medical illustration, and film work. The same face-swapping capability behind a malicious deepfake powers consented entertainment and accessibility tools. Trying to write a filter that admits all the good uses and blocks all the bad ones is the Stewart problem at industrial scale, and no content classifier will resolve cleanly what the Supreme Court could not define in prose.
This is why, at Strongly, we believe the most effective approach is to shift the center of gravity from policing the content to establishing accountability for the actor. A know-your-customer model for generative systems, the same principle that underpins responsible finance, ties consequential actions to a verified identity, so that the small fraction of users who set out to cause harm do so knowing their actions are attributable to them. The deterrent is not a brittle filter guessing at intent; it is the knowledge that creating non-consensual or fraudulent material is not anonymous and can be traced back.
The hard part, and the part we take seriously, is privacy. A clumsy KYC regime is its own harm: it can build surveillance infrastructure, chill legitimate and sensitive uses, and concentrate identity data that becomes a target. The goal is balance, not maximalism. Verification should be proportionate to the risk of the action, identity data should be minimized and protected rather than pooled, and the system should be designed so that attribution is available when there is genuine cause, not as ambient monitoring of everyone. Done well, this protects the privacy of ordinary users precisely because it does not need to inspect and judge everything they create; it needs only to ensure that actions are tied to real, accountable people. Accountability and privacy are usually framed as opposites. Designed carefully, a KYC approach is how you get a workable measure of both, while the alternative of ever-tighter content filtering tends to deliver neither.
What builders and enterprises should take from this
The point of confronting the dark side of a technology is not to condemn the technology. It is to build and deploy it responsibly, with clear eyes about how it fails. A few conclusions follow directly from the evidence above.
Platform filters are a floor, not a strategy. An organization that relies on a vendor's content filters as its only control has no control. Internal policy, access governance, logging, and clear acceptable-use rules have to exceed whatever the platform provides.
Shipping a generative capability is shipping a safety obligation. The Grok episode should end any belief that safeguards can be added later. Robust, tested guardrails are part of the launch, not a follow-up.
Provenance and verification are becoming infrastructure. "I saw it on a video call" is no longer proof of anything. High-stakes actions need verification procedures that do not rely on the authenticity of audio or video.
Compliance is now multi-jurisdictional and moving fast. A federal takedown regime in force, dozens of overlapping state laws, and EU transparency obligations arriving in August 2026 demand a deliberate, jurisdiction-aware posture.
Accountability scales better than line-drawing. Because no content filter cleanly separates legitimate use from abuse, the more durable control is tying consequential actions to verified, accountable identities - with privacy protected by proportionality and data minimization. Design for attribution-when-warranted, not for surveillance.
Safety systems need access to what they block. Detecting harmful content requires training on representative examples, so regulation and internal policy should carve out and protect legitimate safety research, detection, and red-teaming. CSAM is the exception that proves the rule: handled through authorized hash-matching, never open training.
The history is clear that demand at the edges of acceptability pushes technology forward, and generative AI is following that script in its adoption. What is different, and what every builder should hold onto, is that this generation of technology fabricates rather than distributes, and the people it can fabricate are real. That is why safeguards, governance, and well-aimed law are not optional features bolted on at the end. But the same clear eyes that see the harm should see the other failure mode too: rules that are too broad or too early can entrench incumbents, push development to less accountable places, and cost economic and strategic ground without protecting a single person. We are early, and the goal is not maximum restraint or minimum restraint but accurate restraint, narrow rules aimed at real harms while the wide space of legitimate work stays open. Since that line can never be drawn perfectly in advance, the most durable answer is to make actions accountable to the people who take them, with privacy protected by design rather than traded away. Get that balance right, keep adjusting it as the technology moves, and you have the difference between a powerful tool and an engine of harm. That is the work that matters now.