This report explores the growing threat of AI-generated child sexual abuse material (AI-CSAM) in the United States. It examines how generative technologies are being used to create synthetic but hyper-realistic imagery that mimics CSAM, raising urgent ethical, legal, and enforcement challenges. Although these materials may not involve real victims at the point of creation, their impact is far-reaching—fueling harmful behaviors and complicating law enforcement efforts. The paper calls for updated legislation, improved detection tools, and stronger collaboration between tech companies, law enforcement, and policymakers to address this emerging form of exploitation.
To download the report, click here.
Introduction: The Emergence and Escalation of Deepfake CSAM in the United States
Technological advancements have consistently, albeit often inadvertently, furnished new vectors for child exploitation. The rapid improvement and increasing accessibility of Artificial Intelligence (AI) models have introduced a new dimension to this threat. While AI offers transformative potential across numerous sectors, its misuse has led to severe harms, among which nonconsensual intimate imagery (NCII) and Child Sexual Abuse Material (CSAM) represent some of the most egregious applications.
The capabilities of AI, particularly in image and video synthesis, have become increasingly sophisticated and, critically, more democratized. Tools like Stable Diffusion and adaptable models such as Checkpoint and LoRA can be downloaded and utilized offline, circumventing content moderation and detection mechanisms that might be present on centralized platforms. Consequently, individuals with even limited technical proficiency can now generate convincing AI-generated CSAM (AIG-CSAM), thereby expanding the potential pool of offenders and broadening the overall threat landscape.
This report aims to provide a comprehensive, expert-level analysis of the challenges and implications of deepfake CSAM within the United States. It is intended for academic researchers, specialized law enforcement personnel — particularly those in Child Abuse, Internet Crimes Against Children (ICAC), and Cybercrime (CALC) units — and other domain experts requiring a nuanced understanding of this evolving threat.
Defining the Terrain: CSAM, Deepfakes, and AI-Generated CSAM (AIG-CSAM)
Child Sexual Abuse Material (CSAM) is broadly defined as sexually explicit content involving a child. The U.S. Department of Justice emphasizes that underlying every sexually explicit image or video of a child is an act of abuse, rape, molestation, and/or exploitation, making the material itself a permanent record of the child’s victimization. While the term “child pornography” persists in some federal statutes, “CSAM” is the preferred terminology among professionals as it more accurately reflects the inherent abuse depicted and the resultant trauma to child victims.
Crucially, U.S. federal law has for some time included provisions that address synthetic imagery. The legal definition of CSAM encompasses “computer-generated images indistinguishable from an actual minor, and images created, adapted, or modified, but appear to depict an identifiable, actual minor.” This pre-existing legal language provides a foundational basis for addressing some types of AIG-CSAM.
Deepfake technology refers to any visual media created, altered, or otherwise manipulated in a manner that would falsely appear to a reasonable observer to be an authentic record of the individual’s actual speech, conduct, or likeness. These synthetic media are typically generated using advanced AI and machine learning techniques, most notably Generative Adversarial Networks (GANs) and, more recently, diffusion models.
AI-Generated CSAM (AIG-CSAM) is defined as CSAM that is fully or partially created using artificial intelligence. This category encompasses several distinct typologies:
- Fully Synthetic Depictions: Images or videos portraying entirely fictional, AI-generated child-like figures engaging in sexually explicit conduct, not based on any specific real child.
- Manipulation of Existing Images of Real Children: Taking innocent photographs or videos of real children — often sourced from social media — and using AI to alter them into sexually explicit material. Common techniques include “nudifying” or face-swapping a child’s face onto pre-existing pornographic content.
- Alteration of Existing CSAM: AI used to modify pre-existing CSAM, for instance to obscure the identity of a victim or perpetrator, or to create new abusive scenarios featuring previously victimized children.
- AI-Generated Textual CSAM: Generative AI producing text-based CSAM, such as scripts for grooming children, or chatbots designed to simulate sexually explicit conversations with minors.
A pervasive and dangerous misconception is that AIG-CSAM is somehow less harmful than traditional CSAM. Experts across child protection, law enforcement, and academia unequivocally reject this assertion. The harms associated with AIG-CSAM are profound: they strain law enforcement resources, enable re-victimization of abuse survivors, fuel sextortion schemes, and inflict severe psychological damage on children whose likenesses are used — regardless of whether a physical act of abuse occurred during the image’s creation.
Prevalence, Trends, and Statistical Landscape of Deepfake CSAM in the U.S.
The National Center for Missing and Exploited Children (NCMEC) serves as the primary U.S. clearinghouse for reports of suspected online child exploitation. Its CyberTipline data provides critical insights into the scale and evolution of CSAM.
In 2023, NCMEC received over 100 million reports of suspected CSAM. For 2024, NCMEC reported 20.5 million reports, which when adjusted to reflect distinct reported incidents amounted to 29.2 million separate incidents — down from 36.2 million in 2023, a decrease NCMEC attributes partly to a new bundling feature for related reports, and partly to concern over underreporting by some Electronic Service Providers due to end-to-end encryption.
Of particular relevance is the dramatic increase in reports involving Generative AI:
- The NCMEC CyberTipline saw a 1,325% increase in reports involving Generative AI in 2024, escalating from approximately 4,700 such reports in 2023 to 67,000 reports in 2024.
- As of April 2025, NCMEC had received over 7,000 reports of CSAM specifically involving generative AI technology over the preceding two years.
- Online enticement reports exceeded 546,000 in 2024, a 192% increase over 2023.
- Reports with a nexus to violent online groups exceeded 1,300, a 200% increase over 2023, with 69% of those reports coming from parents or caregivers following a child’s self-harm or suicide attempt.
Beyond NCMEC, the Internet Watch Foundation (IWF) discovered over 20,000 AI-generated child abuse images on a single dark web forum within a one-month period in late 2023/early 2024. A 2024 survey by Thorn found that 1 in 10 minors aged 9 to 17 in the United States reported knowing peers who had used AI to create sexually explicit images of other minors — a deeply alarming peer-on-peer trend.
The official statistics likely represent only a fraction of the true volume of AIG-CSAM. The ease of offline generation using open-source tools means a significant amount of material can be created without leaving an immediate digital footprint on monitored platforms, suggesting the scale of unreported AIG-CSAM could be vast.
Key trends characterizing the AIG-CSAM phenomenon include increasing realism that makes synthetic material indistinguishable even to trained forensic analysts, the ability to generate material entirely offline to evade detection, widespread use of real children’s social media images as source material, re-victimization of abuse survivors, the emergence of realistic deepfake videos, commercialization through dark web forums and subscription models, and the alarming rise of peer-on-peer creation among minors.
The U.S. Legal and Regulatory Framework: Addressing Deepfake CSAM
The legal response to AIG-CSAM in the United States is evolving, characterized by interpretations of existing federal statutes, a rapid proliferation of state-level legislation, and ongoing constitutional debates.
Existing federal CSAM laws, primarily codified under 18 U.S.C. § 2251 et seq., broadly prohibit the production, distribution, receipt, and possession of CSAM. In 2024, the FBI publicly affirmed that AIG-CSAM falls under this definition and is considered CSAM. However, as of early 2025, there have been no reported instances of a U.S. federal case being brought solely based on AIG-CSAM that does not depict an identifiable, actual child and was not trained using imagery of real children — highlighting a significant area of untested legal application.
The TAKE IT DOWN Act (signed into law on May 19, 2025) aims to prohibit the nonconsensual disclosure of AI-generated intimate imagery and mandates that online platforms remove such content within 48 hours of notification. The Act has faced criticism from the Electronic Frontier Foundation (EFF), which argues that its broad definitions and rapid takedown mandates may pose risks to free expression, user privacy, and due process.
At the state level, as of April 2025, 38 states have enacted laws that explicitly or implicitly criminalize AI-generated or computer-edited CSAM, with more than half of those laws passed in 2024 alone. State approaches vary considerably:
- California (AB 1831, SB 1381, effective January 1, 2025) amended existing child pornography statutes to explicitly include matter that is “digitally altered or artificial-intelligence-generated.”
- Alabama’s Child Protection Act of 2024 (HB 168) expanded the definition of CSAM to include “virtually indistinguishable depictions” created by digital, computer-generated, or other means.
- Some states criminalize AIG-CSAM only when an identifiable real child’s image is used as source material; others have adopted a broader “appears to be a minor” standard.
The central constitutional debate revolves around Ashcroft v. Free Speech Coalition (2002), in which the Supreme Court struck down prohibitions on computer-generated child pornography depicting entirely fictional children, reasoning that if no real child is harmed in production, the government’s interest under New York v. Ferber (1982) is not implicated. However, the Court in Ashcroft upheld the prohibition on “computer morphing” of real minors’ images into sexually explicit depictions. This distinction is critical for AIG-CSAM cases.
The Anderegg case (U.S. District Court, 2025; currently on appeal to the 7th Circuit) is the first federal criminal case involving generative AI, CSAM law, and the First Amendment to reach a federal appeals court. The district court dismissed a charge for private possession of purely synthetic virtual child obscenity, but did not dismiss charges for the production and distribution of the same material — a distinction with significant implications for how investigators and prosecutors approach purely synthetic AIG-CSAM.
Technological Dimensions: Creation, Detection, and Attribution of Deepfake CSAM
The creation of AIG-CSAM relies on increasingly sophisticated and accessible AI technologies. The primary engines are Generative Adversarial Networks (GANs) and diffusion models such as Stable Diffusion. Open-source tools including Checkpoint and LoRA models can be freely downloaded, modified, and trained on specific datasets — including, illicitly, on images of particular children — to produce highly customized AIG-CSAM. “Nudify” applications are commonly used to transform innocent photographs into sexually explicit material. Critically, many of these tools can be run entirely offline, allowing perpetrators to create AIG-CSAM without leaving an immediate online trace.
The detection of AIG-CSAM is characterized by an ongoing arms race between generation and detection capabilities. Key challenges include the ever-improving realism of deepfakes, the need for constant retraining of detection algorithms, poor real-world performance of tools trained on controlled datasets, adversarial attacks designed to defeat detectors, and “reverse fakes” — real CSAM intentionally manipulated to appear AI-generated in order to hinder investigations.
Current forensic tools and techniques include:
- Amped Authenticate: Examines file structure, metadata, compression schemas, and image content to help differentiate between original camera captures and AI-generated images. Can utilize Photo Response Non-Uniformity (PRNU) analysis to potentially link an image to the specific camera sensor that captured it.
- Magnet Verify: Focuses on video authentication, assessing whether video has been edited or modified and distinguishing original camera footage from synthetically produced media. Designed to generate legally compliant reports.
- Machine Learning Detectors: Convolutional Neural Networks (CNNs) such as ResNet-50, Inception V3, and VGG-16 trained to identify subtle artifacts or statistical patterns indicative of AI generation — though their “black box” nature limits legal admissibility.
- Explainable AI (XAI): Techniques such as the Network Dissection Algorithm and LIME (Local Interpretable Model-Agnostic Explanations) aim to make AI detection decisions interpretable, which is critical for courtroom use.
Attribution of AIG-CSAM to specific creators remains one of the most formidable challenges. Perpetrators leverage Tor, VPNs, offshore hosting, and multiple layers of file transformations to obscure their identities. Emerging technical solutions include digital watermarking, digital fingerprinting, cryptographic metadata standards (such as the Coalition for Content Provenance and Authenticity, C2PA), blockchain-based authentication, and analysis of AI model artifacts to identify the specific generation tools used. Each of these approaches has significant limitations, and none provides a complete solution without widespread, standardized global adoption.
Operational Challenges for Law Enforcement and CALC Units
The proliferation of AIG-CSAM presents formidable operational challenges for law enforcement agencies and specialized units including ICAC Task Forces and Cybercrime (CALC) units.
On the investigative side, the sheer volume of CSAM — already exceeding 100 million reports per year before the full impact of AIG-CSAM was felt — is now significantly amplified by the ease with which synthetic material can be generated and disseminated. Distinguishing AIG-CSAM from authentic CSAM requires specialized tools and considerable time. Investigators face a critical triage challenge: whether to focus resources on images that might depict a real child currently suffering abuse, or on clearly synthetic material that is still illegal but offers fewer actionable leads. Any mis-prioritization in this high-stakes environment could delay the identification and rescue of real child victims.
Forensic and evidentiary challenges in prosecution include authenticating digital evidence in an era when sophisticated fakes can cast doubt on all digital media (the “liar’s dividend”), establishing the admissibility of detection tool findings where methodology may not be sufficiently transparent or validated, proving an “identifiable actual minor” is depicted in cases of highly altered or purely synthetic imagery, and maintaining an unbroken chain of custody for digital files that may have been stored across multiple platforms.
Resource asymmetry is severe. A single offender can generate hundreds or thousands of synthetic images, while each investigation demands significant technical expertise and man-hours. Many agencies — particularly smaller or less-resourced ones — lack access to the necessary AI-driven detection tools, advanced forensic software, and in-house expertise. The constant exposure to CSAM, compounded by the technological frustrations of AIG-CSAM investigation, significantly heightens the risk of vicarious trauma, burnout, and retention problems among highly specialized investigators.
Psychological and Societal Impact of Deepfake CSAM
The proliferation of AIG-CSAM inflicts profound psychological harm on individuals and carries broader, detrimental societal implications.
Children whose likenesses are used in AIG-CSAM — whether through direct face-swapping, nudification of innocent photos, or synthetic depiction — experience intense humiliation, shame, anger, feelings of violation, and self-blame. These reactions are not diminished by the knowledge that the depicted acts did not physically occur. Impacts include ongoing emotional distress, social withdrawal, challenges in forming trusting relationships, harm to academic performance, and fear that explicit images will remain permanently accessible online. A particularly insidious factor is the “believability burden” — victims may fear that others will believe the deepfake is real, or conversely, that their genuine distress will be dismissed because the image is “only fake.” Research indicates boys are particularly unlikely to disclose victimization.
For existing survivors, AIG-CSAM constitutes a profound re-victimization. Malicious actors fine-tune AI models using existing CSAM or publicly available images of known victims to generate novel depictions of their abuse, compounding their original trauma. In sextortion schemes — a rapidly growing concern particularly affecting adolescent boys aged 14 to 17 — the synthetic nature of the material does nothing to mitigate the victim’s terror, violation, or fear of exposure.
Research by Thorn found that around 1 in 6 young people believed deepfake nudes were either not harmful or that harm depended on the situation, with top reasons being that the imagery was “fake” or “not real,” or involved no physical harm. This highlights a dangerous misunderstanding that targeted education must address.
At a societal level, the increasing prevalence of AIG-CSAM risks normalizing the sexualization of minors online and desensitizing the public to the severe distress such material causes. The proliferation of convincing fakes undermines general trust in all forms of visual media — the “liar’s dividend” — complicating the use of genuine digital evidence in legal proceedings. The ability of AI to generate highly customized CSAM may also fuel existing demand among offenders and create new markets for specific types of abusive content, perpetuating the cycle of exploitation.
Policy Recommendations and Collaborative Pathways Forward
Confronting the complex and rapidly evolving threat of AIG-CSAM requires a multi-pronged strategic approach encompassing legal reforms, technological countermeasures, multi-stakeholder cooperation, and public awareness initiatives.
On the legal and regulatory front, NCMEC recommends that federal and state laws be updated to explicitly clarify that AIG-CSAM is illegal regardless of whether a “real” child is depicted, if the material appears to depict a child. Civil remedies should be available for victims. Platforms developing or deploying generative AI must bear greater responsibility, incorporating “safety by design” principles, ensuring AI models are not trained on CSAM datasets, and implementing effective systems to detect, report, and remove attempts to generate CSAM. UNICRI recommends treating high rates of CSAM offending as a public health issue, investing in solutions for perpetrators who seek help alongside traditional enforcement — a long-term preventative complement to immediate law enforcement actions.
Technologically, sustained investment is needed in the continuous development of robust, explainable, and legally admissible detection and authentication tools. Research into Explainable AI (XAI) must be prioritized to make detection tools transparent and trustworthy for legal proceedings. AI itself can be leveraged for proactive child protection — including AI-powered tools to automate initial identification and categorization of CSAM for law enforcement (reducing human exposure to traumatic content), and device-level tools to detect and block CSAM creation and distribution.
Multi-stakeholder collaboration is essential. No single entity can adequately address the AIG-CSAM crisis. Required participants include AI developers (who must implement safety by design and rigorously vet training datasets), technology platforms (who must update algorithms and engage in robust content moderation), law enforcement at all levels, academic researchers, NGOs, and international bodies. Building sustained collaboration requires aligning incentives across sectors — such as clear safe harbor provisions for good-faith cooperation and public-private funding for safety-focused research and development.
Public awareness and education are a critical pillar. Young people need education about the safe and ethical use of generative AI, the severe legal and personal consequences of misusing these tools, and the nature of online harms including sextortion. Caregivers and educators must be equipped to recognize evolving threats. UNICRI recommends that caregivers reconsider the extent to which they post images of children on social media, maintain open conversations with children about online dangers, and clearly communicate to teenagers that nudify apps and similar tools are illegal and harmful.
Conclusion: Protecting Children in the Digital Age
The emergence of AI-generated Child Sexual Abuse Material represents a significant and rapidly escalating development in the landscape of online child exploitation. AIG-CSAM, facilitated by increasingly accessible and sophisticated AI technologies, poses multifaceted threats: direct psychological trauma to children whose likenesses are used, re-victimization of existing survivors, overwhelming of law enforcement and child protection systems with vast quantities of illicit material, and the creation of complex legal and evidentiary challenges.
The legal and technological landscapes are currently in a reactive posture, struggling to keep pace with the speed of AI advancements and their malicious applications. No single entity, legislative act, or technological solution can independently resolve this crisis. Confronting it effectively demands a unified, proactive, and adaptive strategy integrating the efforts of governments, the technology industry, law enforcement agencies at all levels, academic researchers, non-governmental child protection organizations, educators, and caregivers.
The AIG-CSAM crisis also serves as a stark bellwether for broader AI governance challenges. The manner in which society, legal systems, and technological safeguards adapt to combat AIG-CSAM will invariably inform and potentially set precedents for addressing other malicious uses of artificial intelligence. Successfully tackling AIG-CSAM requires the development and implementation of frameworks for AI ethics, accountability, and safety by design — principles that will have far-reaching implications beyond this specific form of abuse.
The challenge posed by AI-generated Child Sexual Abuse Material is profound, but not insurmountable. Through dedicated research, strategic investment, robust legal frameworks, technological innovation, and unwavering multi-stakeholder collaboration, it is possible to mitigate this threat and enhance the protection of children in an increasingly complex digital age.