2026-05-14 21:00:00
When generative AI first moved from research labs into real-world business applications, enterprises made a tacit bargain: “Capability now, control later.” Feed your proprietary data into third-party AI models, and you will get powerful results. But your data passes through systems you do not own, under governance you do not set. The protections you rely on are only as durable as the provider’s next policy update.
Now, with generative AI established in everyday business operations and sophisticated new agentic AI systems advancing every day, companies are reevaluating the terms of that deal.
“Data is really a new currency; it’s the IP for many companies,” says Kevin Dallas, CEO of EDB, echoing a recurrent anxiety from customers. “The big concern is, if you’re deploying an AI-infused application with a cloud-based large language model, are you losing your IP? Are you losing your competitive position?”
That question is now fueling a movement toward reclaiming both the data and AI systems that have rapidly become part of core business infrastructure. AI and data sovereignty, which refers to breaking dependence on centralized providers and establishing genuine control over models and data estates, it is an urgent priority for many companies, says Dallas, citing internal EDB data: “70% of global executives believe they need a sovereign data and AI platform to be successful.”
The idea of AI sovereignty is becoming a global policy conversation. NVIDIA CEO Jensen Huang recently spoke about the need for such a shift at the World Economic Forum’s annual meeting at Davos in January 2026: “I really believe that every country should get involved to build AI infrastructure, build your own AI, take advantage of your fundamental natural resource—which is your language and culture—develop your AI, continue to refine it, and have your national intelligence be part of your ecosystem.”
This report explores how enterprises are pursuing sovereignty over their models and data estates in an era of rapid AI adoption. Drawing on a survey conducted by EDB of more than 2,050 senior executives and a series of interviews with industry experts, the research confirms that the sovereignty movement on the enterprise level is already well underway.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff. It was researched, designed, and written by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
2026-05-14 21:00:00
Financial services companies have unique needs when it comes to business AI. They operate in one of the most highly regulated sectors while responding to external events that are updated by the second. As a result, the success of agentic AI in financial services depends less on the sophistication of the system and more on the quality, security, and accessibility of the data it relies on.
“It all starts with the data,” says Steve Mayzak, global managing director of Search AI at Elastic.
Agentic AI—systems that can independently plan and take actions to complete tasks, rather than simply generate responses—holds enormous potential for financial services due to its ability to incorporate real-time data and optimize complex workflows. Gartner has found that more than half of financial services teams have already implemented or plan to implement agentic AI.
However, introducing autonomous AI into any organization magnifies both the strengths and weaknesses of the underlying data it uses. To deploy agentic AI with speed, confidence, and control, financial services companies must first be able to search, secure, and contextualize their data at scale. “Agentic AI amplifies the weakest link in the chain: data availability and quality,” says Mayzak. “And your systems are only as good as their weakest link.”
Financial services companies, therefore, require a trusted and centralized data store that is easy to access, dependable, and can be managed at scale.
Regulation in the financial services sector requires a high degree of accountability for all data tools. As Mayzak says, “You can’t just stop at explaining where the data came from and what it was transformed into: ‘Here’s the data that went in, and this is what came out.’ You need an auditable and governable way to explain what information the model found and the logic of why that data was right for the next step.” That is, you need to be able to see, understand, and describe the underlying processes.
At the same time, financial services companies require speed and accuracy in order to meet customer expectations and stay ahead of competition. Markets are continually shifting, and risks and opportunities move along with them. If an AI model can parse natural language (unstructured data) from complex sources—in addition to structured data in spreadsheets that are easier to analyze—this gives users more relevant information.
In this environment, there is no tolerance for error, including the hallucinations that plagued early AI efforts. Agentic AI systems depend on rapid access to high-quality, well-governed data that is secure and accessible. In financial services, that data spans transactions, customer interactions, risk signals, policies, and historical context. The task of preparing that data for AI should not be underestimated. “Natural language is way more messy than structured data, and that makes the process of organizing and cleaning it up that much more important and also that much harder,” says Mayzak.
The data must be well indexed and consolidated across different locations, not locked in the silos of separate systems across the organization. Otherwise, AI agents lag, provide inconsistent answers, and produce decisions that are harder to trace and explain, undermining confidence among regulators, customers, and internal stakeholders.
As Mayzak says, “There are many different ways to describe how to execute a trade at a bank. In an agent-powered world, we need those descriptions to be deterministic—to give the same results every time. Yet we’re building on powerful but non-deterministic models. That’s incredibly tricky, but not impossible.”
For a financial services firm, managing this can be very challenging. A Forrester study found that 57% of financial organizations are still developing the necessary internal capabilities to fully leverage agentic AI. “The data exists in many different formats, created over the course of a bank’s history,” says Mayzak. “Take any bank that’s been around for 50 years: They might have 60 different types of PDFs for the exact same thing. And at the same time, we want the output of these systems to be 100% accurate. In many cases, there is no ‘good enough’.” That is, companies need to do it right, and the first time.
An effective search platform is key to solving the problem of fragmented, poorly indexed, inaccessible data. Financial services companies that can readily sift through both their structured and unstructured data, keep it secure, and apply it in the right context will get the most value from agentic AI. This often requires designing AI systems with data access and utility in mind so they can work faster and yield more accurate results, as well as reduce risk. “Search is the foundational technology that makes AI accurate and grounded in real data,” Mayzak says. “Search platforms have become the authoritative context and memory stores that will power this AI revolution.”
Once in place, these AI-enhanced searches and autonomous systems can serve financial services companies for a range of purposes. When monitoring client exposure, agentic AI can continuously scan transactions, market signals, and external data to detect emerging risks; platforms can then automatically flag or escalate issues in real time. In trade monitoring, AI agents can review trade workflows, identify discrepancies across different formats, and resolve exceptions step by step with minimal human intervention. In regulatory reporting, AI can gather data from across systems, generate required reports, and track how each output was produced. These applications of AI save time while supporting audit and compliance needs by being traceable and explainable.
Although such capabilities already exist, they are often manual, fragmented, and difficult to scale. Agentic AI allows financial organizations to move toward more automated, efficient, and scalable processes while maintaining the accuracy and transparency required in their highly regulated environment. As Mayzak says, “It’s not that different from how humans operate today, just done at a much faster pace and at scale.”
Launching agentic AI can be daunting, especially if other AI ventures have stalled internally. Mayzak’s recommendation is to choose a manageable use case and allow it to grow over time. “Success can build on success,” he says. “While companies may aim to automate a 70-step business process, they are discovering that you have to start somewhere. What is working in the market is tackling the problem one step at a time. Once you get the first step working, then you can take the next step, and the next.”
The financial services organizations that lead among their peers will be those that integrate agentic AI into a broader ecosystem that includes strong security controls, good data governance, and effective management of system performance. As Mayzak says, “Doing this well will create an AI feedback loop, where executives gain new signals from these systems to assess the effectiveness of their investments and generate reliable, actionable insights.” By iterating on pilots and continuously improving, companies will build agentic systems that can be measured, managed, and scaled. This will transform agentic AI into lasting competitive advantage.
Learn more about how Elastic supports financial services.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff. It was researched, designed, and written by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
2026-05-14 20:10:00
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.
When Jennifer got a research job in 2023, she ran her new professional headshot through a facial recognition program. She wanted to see whether it would pull up the porn videos she’d made more than a decade earlier. It did, but it also surfaced something she’d never seen before: one of her old videos, now featuring someone else’s face on her body.
Conversations about sexualized deepfakes usually focus on the people whose faces are inserted into explicit content without consent. But another group often gets ignored: the people whose bodies those faces are attached to.
Adult content creators say AI systems are training on their work, cloning their likenesses, and generating explicit content they never agreed to make, all with little legal protection or control. Read the full story on the threat to their rights, livelihoods, and ownership of their own bodies.
—Jessica Klein
This story is part of our The Big Story series, the home for MIT Technology Review’s most important, ambitious reporting. You can read the rest here.
Generative AI is exposing people’s personal contact information—and there’s no easy way to stop it.
A software developer started receiving WhatsApp messages asking for help after Gemini surfaced his number. A university researcher got the chatbot to reveal a colleague’s private cell number. A Reddit user says Gemini sent a stream of callers looking for lawyers to his phone.
Experts believe these privacy lapses stem from personally identifiable information in AI training data. Chatbots may now be making that information dramatically easier to find.
Find out why these breaches are growing—and why there’s little that victims can do to stop them.
—Eileen Guo
Nearly a decade after Elon Musk first unveiled the Tesla Semi, the electric truck is finally rolling off the production line. It could be a breakout moment for battery-powered freight.
Semitrucks produce an outsized share of road transport pollution, while electric alternatives have struggled with high prices, limited range, and charging challenges. Tesla is betting the Semi can overcome those problems. The truck reportedly travels up to 480 miles on a single charge and costs far less than many competing electric models.
Here’s how the Tesla Semi could give electric trucking a vital boost.
—Casey Crownhart
This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here.
The must-reads
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 The US has approved Nvidia chip sales to 10 Chinese firms
Alibaba, Tencent, and ByteDance are among those cleared to buy H200 chips. (Reuters $)
+ The US will receive 25% of the revenue from the sales. (Engadget)
+ But Beijing wants domestic firms to prioritize homegrown chips. (Nikkei Asia)
+ Nvidia CEO Jensen Huang is in China with a White House delegation. (CNBC)
2 Beijing’s push for AI independence is weakening US leverage
It’s allowing China to resist pressure during the Beijing talks. (NYT $)
+ The country has made a big bet on open-source. (MIT Technology Review)
+ Here’s what’s at stake for tech at the Trump-Xi meeting. (Rest of World)
3 AI is “rotting the brains” of developers
They’re losing their previous abilities to do their jobs. (404 Media)
+ A populist backlash is building against AI. (MIT Technology Review)
+ It’s time to reset our expectations about AI. (MIT Technology Review)
4 Sam Altman has over $2 billion in companies that have dealt with OpenAI
The ties have triggered accusations of conflicts of interest. (The Times $)
+ The GOP is scrutinizing Altman’s business dealings. (WSJ $)
5 Andreessen Horowitz has become the top political donor in the US
A16z contributed $115.5 million to the midterm elections. (NYT)
+ AI lobbying has reached a fever pitch. (NYT $)
6 Microsoft feared being too dependent on OpenAI
CEO Satya Nadella was worried about OpenAI supplanting his company. (CNBC)
+ Microsoft is eyeing startup deals for life after OpenAI. (Reuters $)
7 AI systems are forecasting wars and regime collapse
One estimates a 20% chance of regime change in Iran by 2026. (Economist $)
+ AI has turned the Iran conflict into theater. (MIT Technology Review)
8 Anthropic says a model behaved badly due to training on dystopian sci-fi
Training on more positive stories could help. (Ars Technica)
9 Data centers now consume 6% of the electricity in the US and UK
AI’s global energy consumption is up 15% globally in two years. (Guardian)
10 NASA has rescued Curiosity after its drill got stuck on Mars
The agency has just revealed how it freed the rover. (Wired $)
Quote of the day
—Joan Donovan, assistant professor of journalism and emerging media studies at Boston University, tells the Washington Post how Elon Musk has consistently amplified one anonymous X account.
One More Thing
In a near-future war—one that might begin tomorrow—a sniper’s computer vision system flags a potential target. Just over the horizon, a chatbot advises a commander to order an artillery strike.
In both cases, an AI system recommends pulling the trigger while a human still has the final say. But how much of the decision is really theirs? When, if ever, is it ethical for that decision to kill? And who’s to blame when something goes wrong?
This is how AI is reshaping decision-making on the battlefield.
—Arthur Holland Michel
We can still have nice things
A place for comfort, fun, and distraction to brighten up your day. (Got any ideas? Drop me a line.)
+ The secrets behind how Shazam works have been revealed.
+ For the first time in a decade, a rare “Cloud Jaguar” was caught on camera.
+ Explore our galaxy from your screen at this year’s Milky Way Photographer of the Year collection.
+ If you want a game over with style, a funeral company is offering Mario, Luigi, Peach, and even Yoshi-branded coffins.
2026-05-14 18:00:00
The Tesla Semi has officially arrived. The company recently released a photo of the first vehicle rolling off its new full-scale production line.
This moment has been nearly a decade in the making: The company first announced the truck in late 2017. And now we’ve got final battery specs, official prices, and big news about big orders.
The Semi is a relatively affordable electric semitruck with pretty impressive performance. It also comes at a moment when Tesla has lost its grip on the global electric-vehicle market. Let’s talk about what’s new with the Tesla Semi and why this could be a breakout moment for electric trucking.
Medium- and heavy-duty vehicles, like buses and semitrucks, make up a small fraction of vehicles on the road but contribute an outsize fraction of pollution, including both carbon dioxide emissions and other pollutants like nitrogen oxides (NOx) and small particles. Globally, trucks and buses represent about 8% of total vehicles on the road, but they create 35% of carbon dioxide emissions from road transport.
Tesla’s latest addition to its vehicle lineup, the Class 8 Semi, could be part of the solution to cleaning up this polluting sector. (I’ll note here that I briefly interned at Tesla in 2016. I don’t have any ties to or financial interest in the company today.)
In November 2017, Elon Musk took to the stage at a lavish event in LA to announce the Semi. At that event, Musk promised a truck that could go from zero to 60 miles per hour in five seconds, could achieve a range of 500 miles, and would come with thermonuclear-explosion-proof glass. (Remember the era before the Twitter takeover and DOGE, when this was what Musk was known for? A simpler time.)
Soon after the unveiling, major corporations including Walmart put in early orders for Tesla Semis. Deliveries were expected in 2019.
That deadline obviously didn’t work out. The date was pushed back several times, and Tesla did start delivering a small number of pilot trucks, beginning in 2022. But this year, things got more serious, with the company releasing its final production specifications in February and rolling its first Semi off its high-volume production line in late April.
And last week, WattEV announced an order of 370 Tesla Semis. WattEV offers electric freight operations, essentially providing trucks as a service to companies so they don’t have to purchase their own or supply their own charging infrastructure. The company will pay over $100 million for the new trucks, and the first 50 should be delivered this year, with the full fleet expected by the end of 2027. Those trucks will be supported by megawatt-charging systems located in Oakland, Fresno, Stockton, and Sacramento.
With the factory up and running and a huge order on the books, it feels as if the Tesla Semi has truly arrived. And some of Musk’s claims from 2017 ring true: The base model has a range of about 320 miles, and the long-range version about 480 miles (quite close to his 500-mile claim).
Delivering this much range for this big truck means a whopping battery. The base model Tesla Semi battery pack has a usable capacity of 548 kilowatt-hours, according to a document filed with the California Air Resources Board (CARB). But the battery is even more massive in the long-range version, which boasts a whopping 822 kilowatt-hour battery. Compare these to the Tesla Model 3, which typically comes with a 64 kilowatt-hour pack.
I reached out to Tesla to confirm the battery size and ask other questions for this article; the company didn’t respond.
These trucks cost quite a bit more than they were expected to in 2017. At that time, the expected price was $150,000 for the base model and $180,000 for the long-range. Today, Tesla is pricing the trucks at $260,000 and $300,000, respectively, according to documentation filed with CARB.
That’s considerably more expensive than the median diesel truck being sold today, which rang in at $172,500 for the 2025 model year, according to research from the International Council on Clean Transportation. But it’s much cheaper than similar battery-electric trucks available today, where the median is about $411,000.
And in California, where companies can get vouchers that cover $120,000 towards the purchase price of an electric truck, the Tesla Semi is competitive right away, especially since electric trucks tend to be much cheaper to run and maintain than diesel ones.
Over the years, it wasn’t always clear that the Tesla Semi would ever actually hit the roads. (At that same 2017 event, Musk announced a new Roadster sports car, and that’s nowhere to be seen.) So it’s encouraging to see the factory starting up, and a large order that looks like it could lend this project some commercial momentum.
Tesla had a massive impact on the electric vehicle market, and if it can scale production and support charging infrastructure, it could help do the same for trucking.
This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here.
2026-05-14 17:00:00
When Jennifer got a job doing research for a nonprofit in 2023, she ran her new professional headshot through a facial recognition program. She wanted to see if the tech would pull up the porn videos she’d made more than 10 years before, when she was in her early 20s. It did in fact return some of that content, and also something alarming that she’d never seen before: one of her old videos, but with someone else’s face on her body.
“At first, I thought it was just a different person,” says Jennifer, who is being identified by a pseudonym to protect her privacy.
But then she recognized a distinctly garish background from a video she’d shot around 2013, and she realized: “Somebody used me in a deepfake.”
Eerily, the facial recognition tech had identified her because the image still contained some of Jennifer’s features—her cheekbones, her brow, the shape of her chin. “It’s like I’m wearing somebody else’s face like a mask,” she says.
“It’s like I’m wearing somebody else’s face like a mask.”
Conversations about sexualized deepfakes—which fall under the umbrella of nonconsensual intimate imagery, or NCII—most often center on the people whose faces are featured doing something they didn’t really do or on bodies that aren’t really theirs. These are often popular celebrities, though over the past few years more people (mostly women and sometimes youths) have been targeted, sparking alarm, fear, and even legislation. But these discussions and societal responses usually are not concerned with the bodies the faces are attached to in these images and videos.
As Jennifer, now 37 and a psychotherapist working in New York City, says: “There’s never any discussion about Whose body is this?”
For years, the answer has generally been adult content creators. Deepfakes in fact earned their name back in November 2017, when someone with the Reddit username “deepfakes” uploaded videos showing faces of stars like Scarlett Johansson and Gal Gadot pasted onto porn actors’ bodies. The nonconsensual use of their bodies “happens all the time” in deepfakes, says Corey Silverstein, an attorney specializing in the adult industry.
But more recently, as generative AI has improved, and as “nudify” apps have begun to proliferate, the issue has grown far more complicated—and, arguably, more dangerous for creators’ futures.
Porn actors’ bodies aren’t necessarily being taken directly from sexual images and videos anymore, or at least not in an identifiable way. Instead, they are inevitably being used as training data to inform how new AI-generated bodies look, move, and perform. This threatens the livelihood and rights of porn actors as their work is used to train AI nudes that in turn could take away their business. And that’s not all: Advancements in AI have also made it possible for people to wholly re-create these performers’ likenesses without their consent, and the AI copycats may do things the performers wouldn’t do in real life. This could mean their digital doubles are participating in certain sex acts that they haven’t agreed to do, or even perpetrating scams against fans.
Adult content creators are already marginalized by a society that largely fails to protect their safety and rights, and these developments put them in an even more vulnerable position. After Jennifer found the deepfake featuring her body, she posted on social media about the psychological effects: “I’ve never seen anyone ask whether that might be traumatic for the person whose body was used without consent too. IT IS!” Several other creators I spoke with shared the mental toll that comes with knowing their bodies have been used nonconsensually, as well as the fear that they’ll suffer financially as other people pirate their work. Silverstein says he hears from adult actors every day who “are concerned that their content is being exploited via AI, and they’re trying to figure out how to protect it.”
One law professor and expert in violence against women calls these creators the “forgotten victims” of NCII deepfakes. And several of the people I spoke with worry that as the US develops a legal framework to combat nonconsensual sexual content online, adult actors are only at risk of further injury; instead of helping them, the crackdown on deepfakes may provide a loophole through which their content and careers could be stripped from the internet altogether.
During his preteen years in the 1970s, Spike Irons, now a porn actor and president of the adult content platform XChatFans, was “in love” with Farrah Fawcett. Though Fawcett did not pose nude, Jones managed to get his hands on what looked like pictures of her naked. “People were cutting out faces and pasting them on bodies,” Irons says. “Deepfakes, before AI, had been going around for quite a while. They just weren’t as prolific.”
The early public internet was rife with websites capitalizing on the idea that you could use technology to “see” celebrities naked. “People would just use Microsoft Paint,” says Silverstein, the attorney. It was a simple way to mash up celebrities’ faces with porn.
People later used software like Adobe After Effects or FakeApp, which was designed to swap two individuals’ faces in images or videos. None of these programs required serious expertise to alter content, so there was a low barrier to entry. That, plus the wealth of porn performers’ videos online, helped make face-swap deepfakes that used real bodies prevalent by the 2010s. When, later in the decade, deepfakes of Gal Gadot and Emma Watson caused something of a broader panic, their faces were allegedly swapped onto the bodies of the porn actors Pepper XO and Mary Moody, respectively.
But it wasn’t just high-profile actors like them whose bodies were being used. Jennifer was “a very minor performer,” she says. “If it happened to me, I feel like it could happen to anybody who’s shot porn.” Since he started his practice in 2006, Silverstein says, “numerous clients” have reached out to report “This is my body on so-and-so.”
Both people whose faces appear in NCII deepfakes and those whose bodies are used this way can feel serious distress. Experts call this type of damage “embodied harms,” says Anne Craanen, who researches gender-based violence at the UK’s Institute for Strategic Dialogue, an organization that analyzes extremist content, disinformation, and online threats.
The term reflects the fact that even though the content exists in the virtual realm, it can cause physiological effects, including body dysmorphia. The face-swapped entity occupies the uncanny valley, distorting self-perception. After discovering their faces in sexual deepfakes, many people feel silenced, experts told me; they may “self-censor,” as Craanen puts it, and step back from public-facing life. Allison Mahoney, an attorney who works with abuse survivors, says that people whose faces appear in NCII can experience depression, anxiety, and suicidal ideation: “I’ve had multiple clients tell me that they don’t sleep at night, that they’re losing their hair.”
Independent creators aren’t just “having sex on camera.” For someone to rip off their work “for their own entertainment or financial gain fucking sucks.”
Though the impact on people whose bodies are used hasn’t been discussed or studied as often, Jennifer says that “it’s just a really terrible feeling, knowing that you are part of somebody else’s abuse.” She sees it as akin to “a new form of sexual violence.”
The uncertainty that comes with not being aware of what your body is doing online can be highly unsettling. Like Jennifer, many adult actors don’t really know what’s out there. But some devoted followers know the actors’ bodies well—often recognizing tattoos, scars, or birthmarks—and “very quickly they bring [deepfakes] to the adult performer’s attention,” says Silverstein. Or performers will stumble upon the content by chance; some 20 years ago, for instance, the first such client to tell Silverstein her body was being used in a deepfake happened to be searching Nicole Kidman online when she found that one of the results showed Kidman’s face on her porn. “She was devastated, obviously, because they took her body,” he says, “and they were monetizing it.”
Otherwise, this imagery may be found by an organization like Takedown Piracy, one of several copyright enforcement companies serving adult content creators. US copyright violations can be challenging to prove if someone’s body lacks distinguishing features, says Reba Rocket, Takedown Piracy’s chief operating and marketing officer. But Rocket says her team has added digital fingerprinting technology to clients’ material to help flag and remove problematic videos, often finding them before clients realize they’re online.
By capturing “tens of thousands of tiny little visual data points” from videos, digital fingerprinting creates unique corresponding files that can be used to identify them, Rocket says—kind of like an invisible watermark. The prints remain even if pirates alter the videos or replace performers’ faces. Takedown Piracy has digitally fingerprinted more than half a billion videos and the organization has gotten 130 million copyrighted videos taken down from Google alone (though, of those videos, Rocket hasn’t tracked how many of these specifically include someone else’s face on a performer’s body).
Besides copyright, a range of legal tools can be used to try to combat NCII, says Eric Goldman, a law professor at Santa Clara University. For example, victims can claim invasion of privacy. But using these tools isn’t particularly straightforward, and they may not even apply when it comes to someone’s body. If there aren’t, for instance, unique markers indicating that a body in a deepfake belongs to the person who says it does, US law “doesn’t really treat [this content] as invasion of privacy,” Goldman says, “because we don’t know who to attribute it to.”
In a 2018 study that reviewed “judicial resolution” of cases involving NCII, Goldman found that one successful way plaintiffs were able to win cases was to assert “intentional affliction of emotional distress.” But again, that hinges on the ability to clearly identify the person in the content. Relevant statutes, he adds, might also require “intent to harm the individual,” which may be hard to show for people whose bodies alone are featured.
In the last few years, Silverstein says, it’s become less and less common to see the bodies of real adult content creators in deepfakes, at least in a way that makes them clearly identifiable.
Sometimes the bodies have been manipulated using AI or simpler editing tools. This can be as basic as erasing a birthmark or changing the size of a body part—minor edits that make it impossible to identify someone’s image beyond a reasonable doubt, so even porn actors who can tell that an altered image used their body as a base won’t get very far in the legal realm. “A lot of people are like, That looks like my body,” says Silverstein, but when he asks them how, they’ll reply, It just does.
At the same time, other users are now creating NCII with wholly AI-generated bodies. In “nudify” apps, anyone with a minimal grasp of technology can upload a photo of someone’s clothed body and have it replaced with a fake naked one. “So [much] of this content being created is just someone’s face on an AI body,” Silverstein says.
Such apps have drawn a ton of attention recently, in incidents from Grok’s “nudifying” minors to Meta’s running ads for—and then suing—the nudify app Crushmate. But there’s been relatively little attention paid to the content being used to train them. They almost certainly draw on the more than 10,000 terabytes of online porn, and performers have virtually zero recourse.
One reason is that creators aren’t able to demonstrate with any certainty that their content is being used to train AI models like those used by nudify apps. “These things are all a black box,” says Hany Farid, a professor at the University of California, Berkeley, who specializes in digital forensics. But “given the ubiquity” of adult content, he adds, it’s a “reasonable assumption” that online porn is being used in AI training.
“It’s just not at all difficult to come up with pornographic data sets on the internet,” says Stephen Casper, a computer science PhD student at MIT who researches deepfakes. What’s more, he says, plenty of shadowy online communities provide “user guides” on how to use this data to train AI, and in particular programs that generate nudes.
It’s not certain whether this activity falls within the US legal definition of “fair use”—an issue that’s currently being litigated in several lawsuits from other types of content creators—but Casper argues that even if it does, it’s ethically murky for porn created by consenting adults 10 years ago to wind up in those training data sets. When people “have their stuff used in a way that doesn’t respect or reflect reasonable expectations that they had at that time about what they were creating and how it would be used,” he says, there’s “a legitimate sense in which it’s kind of … nonconsensual.”
Adult performers who started working years ago couldn’t possibly have consented to AI anything; Jennifer calls AI-related risks “retroactively placed.” Contracts that porn actors signed before AI, adds Silverstein, might provide that “the publisher could do anything with the content using technology that now exists or here and after will be discovered.” That felt more innocuous when producers were talking about the shift from VHS to DVD, because that didn’t change the content itself, just the way it was conveyed. It’s a far different prospect for someone to use your content to train a program to create new content … content that could replace your work altogether.
Of course, this all affects creators’ bottom line—not unlike the way Google’s AI overviews affect revenue for online publishers who’ve stopped getting clicks when people are content with just reading AI-generated summaries. Performers’ “concern is … it’s another way to pirate [their] content,” says Rocket.
After all, independent creators aren’t just “having sex on camera,” as the adult content creator Allie Eve Knox puts it. They’re paying for filming equipment and location rentals, and then spending hours editing and marketing. For someone to then rip off and distort that content “for their own entertainment or financial gain,” she says, “fucking sucks.”
Tanya Tate, a longtime adult content creator, tells me about another highly unsettling AI-created situation: She was recently chatting with a fan on Mynx, a sexting app, when he asked her if she knew him. She told him no, and “his eyes just started watering,” Tate says. He was upset because he thought she did know him. Turns out he’d sent $20,000 to a scammer who’d used an AI-generated deepfake of Tate to seduce him.
Several men, Tate subsequently learned, had been scammed by an AI version of her, and some of them began blaming her for their losses and posting false statements about her online. When she reported one particularly aggressive harasser to the police, they told her he was exercising his “freedom of speech,” she says. Rocket, too, is familiar with situations where AI is used to take advantage of fans. “The actual content creator will get nasty emails from these people who’ve been scammed,” she says.
Other porn actors say they fear that their likenesses have been used without consent to do other things they wouldn’t do. One, Octavia Red, tells me she doesn’t do anal scenes, “but I’m sure there’s tons of deepfake anal videos of me that I didn’t consent to.” That could cost her, she fears, if viewers choose to watch those videos instead of subscribing to her websites. And it could cause fans to develop false expectations about what kind of porn she’ll create.
“I saw one AI creator saying, ‘Well, AI girls will do whatever you want. They don’t say no,’” says Rocket. “That horrifies me … especially if they’re training those AI models on real people. I don’t think they understand the damage to mental health or reputation that that can create. And once it’s on the internet, it’s there forever.”
As AI technology improves, it’s increasingly difficult for people to discern any type of real video from the best AI-generated ones on their own. In one 2025 study, UC Berkeley’s Farid found that participants correctly identified AI-generated voices about 60% of the time (not much better than random chance), while advances like false heartbeats make AI-generated humans tougher than ever to spot.
Nevertheless, most lawyers and legal experts I spoke with said copyright laws are still adult performers’ best bet in the US legal system, at least for getting their face-swapped content taken down. For his clients, Silverstein says, he tries to figure out the content’s origins and then issue takedown requests under the Digital Millennium Copyright Act, a 1998 law that adapted copyright law for the internet era. “Even recently, I had a performer who has an insanely well-known tattoo,” he says, and with a DMCA subpoena he managed to identify the poster of the content, who voluntarily removed it.
But this way of working is becoming increasingly rare.
These days it’s nearly “impossible,” Silverstein says, to determine who produced a deepfake, because many platforms that host pirated content operate facelessly. They’re also often based in places that “don’t really care about US law when it comes to copyrights,” says Rocket—places like Russia, the Seychelles, and the Netherlands.
While governments in the EU, the UK, and Australia have said they will ban or restrict access to nudify apps, it’s not an easily executed proposition. As Craanen notes, when app stores remove these services, they often simply reappear under different names, providing the same services. And social platforms where people share NCII deepfakes, argues Rocket, are slacking in getting them removed. “It’s endless, and it’s ridiculous, because places like Twitter and Facebook have the same technology we do,” Rocket says. “They can identify something as an infringement instantly, but they choose not to.”
(An Apple spokesperson, Adam Dema, said in an email that “’nudification’ apps are against our guidelines” in the app store, and it has “proactively rejected many of these apps and removed many others,” flagging a reporting portal for users. A Google spokesperson emailed, “Google Play does not allow apps that contain sexual content,” noting that the company takes “proactive steps to detect and remove apps with harmful content” and has suspended hundreds of apps for violating its policy. A Meta spokesperson shared a blog post about actions that company has taken against nudify apps but did not respond to follow-up questions about copyrighted material. X did not respond to a request for comment.)
As porn performers are forced to navigate AI-related threats, the only current federal law to address deepfakes may not help them much—and could even make matters worse. The Take It Down Act, which became US law last year, criminalizes publishing NCII and requires websites to remove it within 48 hours. But, as Farid notes, people could weaponize the measure by reporting porn that was made legally and with consent and claiming that it’s NCII. This could result in the content’s removal, which would hurt the performers who made it. Santa Clara’s Goldman points to Project 2025, the Heritage Foundation’s policy blueprint for the second Trump administration, which aims to wipe porn from the web. The Take It Down Act, he argues, “allows for the coordinated effort to scrub adult content from the internet.”
US lawmakers have a history of hurting sex workers in their attempts to regulate explicit content online. State-level age verification laws are an example; visitors can pretty easily get around these measures, but they can still result in reduced revenue for adult performers (because of lower traffic to those sites and the high price of age-checking services they have to purchase).
“They’re always doing something to fuck with the porn industry, but not in a way that actually helps sex workers,” says Jennifer. “If they do something, they’re taking away your income again—as opposed to something like giving you more rights to your image, [which] would be tremendously helpful.”
But as generative AI plays an increasingly large role in NCII deepfakes, the types of images to which adult performers have rights moves deeper into a gray area. Can actors lay claim to AI images likely trained on their bodies? How about AI-generated videos that impersonate them, like the one that tricked Tanya Tate’s fan?
The biggest challenge will be creating “legitimate, effective laws that will absolutely protect content creators from abusing their likeness to train and create AI,” Rocket says. “Absent that, we’re just going to have to keep pulling content down from the internet that’s fake.”
In the meantime, a few porn actors tell me, they’re trying to take advantage of copyright laws that weren’t really made for them; they’ve signed with platforms that host their AI-generated duplicates, with whom fans pay to chat, in part so they’ll have contracts that protect ownership of their AI likenesses. When I spoke with the actor Kiki Daire in September 2025 for a story on adult creators’ “AI twins,” she said she “own[ed] her AI” because she’d signed a contract with Spicey AI, a site that hosted AI duplicates of adult performers. If another company or person created her AI-generated likeness, she added, “I have a leg to stand on, as far as being able to shut that down.”
Even this, though, is not a sure thing; Spicey AI, for instance, shut down several months after I spoke with Daire, so it’s unlikely that her contract would hold. And when I spoke in October with Rachael Cavalli, another adult actor who had signed with an AI duplicate site in hopes it’d help protect her AI image, she admitted, “I don’t have time to sit around and look for companies that have used my image or turned something into a video that I didn’t actually do … it’s a lot of work.” In other words, having rights to your AI image on paper doesn’t make it easier to track down all the potentially infinite breaches of those rights online.
If she’d known what she knows about technology today, Jennifer says, she doesn’t think she would have done porn. The risks have increased too much, and too unpredictably. She now does in-person sex work; it’s “not necessarily safer,” she says, “but it’s a different risk profile that I feel more equipped to manage.”
Plus, she figures AI is unlikely to replace in-person sex workers the way it could porn actors: “I don’t think there’s going to be stripper robots.”
Jessica Klein is a Philadelphia-based freelance journalist covering intimate partner violence, cryptocurrency, and other topics.
2026-05-14 02:09:03
A Redditor recently wrote that he was “desperate for help”: for about a month, he said, his phone had been inundated by calls from “strangers” who were “looking for a lawyer, a product designer, a locksmith.” Callers were apparently misdirected by Google’s generative AI.
In March, a software developer in Israel was contacted on WhatsApp after Google’s chatbot Gemini provided incorrect customer service instructions that included his number.
And in April, a PhD candidate at the University of Washington was messing around on Gemini and got it to cough up her colleague’s personal cell phone number.
AI researchers and online privacy experts have long warned of the myriad dangers generative AI poses for personal privacy. These cases give us yet another scenario to worry about: generative AI exposing people’s real phone numbers. (The Redditor did not respond to multiple requests for comment and we could not independently verify his story.)
Experts say that these privacy lapses are most likely due to the use of personally identifiable information (PII) in training data, though it’s hard to understand the exact mechanism causing real phone numbers to show up in the AI-generated responses. But no matter the reason, the result is not fun for people on the receiving end—and,even more worryingly, there appears to be little that anyone can do to stop it.
It’s impossible to know how often people’s phone numbers are exposed by AI chatbots, but experts say they believe that it is happening far more than is reported publicly.
DeleteMe, a company that helps customers remove their personal information from the internet, says customer queries about generative AI have increased by 400%—up to a few thousand—in the last seven months. These queries “specifically reference ChatGPT, Claude, Gemini … or other generative AI tools,” says Rob Shavell, the company’s cofounder and CEO. Specifically, 55% of these concerns about generative AI reference ChatGPT, 20% reference Gemini, 15% Claude, and 10% other AI tools, Shavell says. (MIT Technology Review has a business subscription to DeleteMe.)
Shavell says customer complaints about personal information surfaced by LLMs usually take two forms. In one common situation, “a customer asks a chatbot something innocuous about themselves and gets back accurate home addresses, phone numbers, family members’ names, or employer details.” Alternatively, a customer may be confronted with and report the exposure of someone else’s personal data, when “the chatbot generates plausible-but-wrong contact information.”
This aligns with what happened to Daniel Abraham, a 28-year-old software engineer in Israel. In mid-March, he says, a stranger sent him a “weird WhatsApp message from an unknown number” asking for help with his account in PayBox, an Israeli payment app.
“I thought it was a spam message,” he wrote to MIT Technology Review in an email—“someone who was trying to troll me.”
But when he asked the stranger how they had found his number, they sent him a screenshot of Gemini’s instructions to contact PayBox customer service via WhatsApp—giving his personal number. Abraham does not work for PayBox, and PayBox does not have a WhatsApp customer service number, Elad Gabay, a customer service representative for the company, confirmed.
Later, Abraham asked Gemini how to contact PayBox, and it generated another person’s WhatsApp number. When I recently asked, Gemini again responded with an Israeli phone number—it belonged not to PayBox but to a separate credit card company that works with PayBox.
Abraham’s exchange with the stranger ended quickly, but he said he was concerned about how other potential exchanges could turn sour, leading to “harassment or other bad interactions.” “What if I asked for money in order to ‘solve’ that [customer service] issue?” he said.
To try to figure out how this happened, Abraham ran a regular Google search on his phone number, and he found that it had been shared online once, back in 2015, on a local site similar to Quora. Though he’s not sure who posted it there, it may explain how it ended up being reproduced by Gemini over a decade later.
Chatbots like Gemini, Open AI’s ChatGPT, and Anthropic’s Claude are built on LLMs that are trained on huge amounts of data scraped from across the web. This inevitably includes hundreds of millions of instances of PII. As we reported last summer, for example, the large popular open-source data set DataComp CommonPool, which has been used to train image-generation models, included copies of résumés, driver’s licenses, and credit cards.
The likelihood of PII surfacing this way is only increasing as public data “runs out” and AI companies look for new sources of high-quality training data. This includes information from data brokers and people-search websites. According to the California data broker registry, for instance, 31 of 578 registered data brokers operating in the state self-reported that they had “shared or sold consumers’ data to a developer of a GenAI system or model in the past year.”
Furthermore, models are known to memorize and reproduce data verbatim from training data sets—and recent research suggests that it is not just frequently appearing data that is most likely to be memorized.
It’s standard practice now to build guardrails into an LLM’s design to constrain certain outputs. Content filters aim to identify PII and prevent chatbots from releasing it, for example, and Anthropic provides instructions to Claude to choose responses that contain “the least personal, private, or confidential information belonging to others.”
But as a pair of University of Washington PhD students researching privacy and technology saw firsthand recently, these safeguards don’t always work.
“One day, I was just playing around on Gemini, and I searched for Yael Eiger, my friend and collaborator,” Meira Gilbert says. She typed in “Yael Eiger contact info,” and after Gemini provided an overview of Eiger’s research, which Gilbert had expected, Gemini also returned her friend’s personal phone number. “It was shocking,” Gilbert says.
When she saw the Gemini result, Eiger remembered that she had, in fact, shared her phone number online in the previous year, for a technology workshop. But she had not expected it to be so visible to everyone on the internet.
Have you had your PII revealed by generative AI? Reach the reporter on Signal at eileenguo.15 or [email protected].
“Having your information be … accessible to one audience, and then Gemini making it accessible to anyone” feels completely different, Eiger says—especially when she found that the information was buried in a normal Google search.
“It was severely downgraded,” Gilbert confirms. “I never would have found it if I was just looking through Google results.” (I tried the same prompt in Gemini earlier this month, and after an initial denial, the tool also gave me Eiger’s number.)
After this experience, Eiger, Gilbert, and another UW PhD student, Anna-Maria Gueorguieva, decided to test ChatGPT to see what it would surface about a professor.
At first, OpenAI’s guardrails kicked in, and ChatGPT responded that the information was unavailable. But in the same response, the chatbot suggested, “If you want to go deeper, I can still try a more ‘investigative-style’ approach.” Their inquiry just had to help “narrow things down,” ChatGPT said, by providing “a neighborhood guess” for where the professor might live, or “a possible co-owner name” for the professor’s home. ChatGPT continued: “That’s usually the only way to surface newer or intentionally less-visible property records.”
The students provided this information, leading ChatGPT to produce the professor’s home address, home purchase price, and spouse’s name from city property records.
(Taya Christianson, an OpenAI representative, said she was not able to comment on what happened in this case without seeing screenshots or knowing which model the students had tested, though we pointed out that many users may not know which model they were using in the ChatGPT interface. In response to questions about the exposure of PII, she sent links to documents describing how OpenAI handles privacy, including filtering out PII, and other tools.)
This reveals one of the fundamental problems with chatbots, says DeleteMe’s Shavell. AI companies “can build in guardrails,” but their chatbots are also “designed to be effective and to answer customer questions.”
The exposure issue is not limited to Gemini or ChatGPT. Last year, Futurism found that if you promptedxAI’s chatbot Grok with “[name] address,” in almost all cases it provided not only residential addresses but also often the person’s phone numbers, work addresses, and addresses for people with similar-sounding names. (xAI did not respond to a request for comment.)
There aren’t straightforward solutions to this problem—there’s no easy way to either verify whether someone’s personal information is in a given model’s training set or compel the models to remove PII.
Ideally, individual consumers should be able to request that their PII be removed, says Jennifer King, the privacy and data fellow at Stanford University Institute for Human-Centered Artificial Intelligence. But this is typically interpreted to apply only to the data that people have directly given to companies—like when they interact with a chatbot, King explains.
“I don’t know if Google even has the infrastructure … to say to me, ‘Yes, we have your data in our training data, we can summarize what we know about you, and then we can delete or correct things that are wrong or things that you don’t want in there,’” she says.
Existing privacy legislation, like the California Consumer Privacy Act or Europe’s GDPR, does not cover the “publicly available” information that has already been scraped and used to train LLMs, especially since much of this is anonymized (though multiple studies have also shown how easy it is to infer identities and PII from anonymized and pseudonymous data).
As to “whether they [AI companies] have ever systematically tried to go back through data that had already been collected from the public internet and minimized that stuff?” King adds. “No idea.”
The next best solution would be companies’ “taking out everybody’s phone numbers or all data that resembles [phone numbers],” King says, but “nobody’s been willing to say” they’re doing that.
Hugging Face, a platform that hosts open-source data sets and AI models, has a tool that allows people to search how often a piece of data—like their phone number—has appeared in open-source LLM training data, but this does not necessarily represent what has been used to train closed LLMs that power popular chatbots like Claude, ChatGPT, and Gemini. (Eiger’s number, for example, did not show up in Hugging Face’s tool.)
Alex Joseph, the head of communications for Gemini apps and Google Labs, did not respond to specific questions, but he said that “the team” is “looking into” the particular cases flagged by MIT Technology Review. He also provided a link to a support document that describes how users can “object to the processing of your personal data” or “ask for inaccurate personal data in Gemini Apps’ responses to be corrected.” The page notes that the company’s response will depend on the privacy laws of your jurisdiction.
OpenAI has a privacy portal that allows people to submit requests to remove their personal information from ChatGPT responses, but notes that it balances privacy requests with the public interest and “may decline a request if we have a lawful reason for doing so.”
Anthropic describes how it uses personal data in model training, but it does not have a clear way for people to request its removal. The company did not respond to a request for comment.
The best option for anyone who wants to protect private data right now is to “start upstream: get personal data off the public web before it ends up in the next scrape,” says Shavell. Since the start of the year, for instance, California has offered its residents a web portal to request that data brokers delete their information. Still, this doesn’t guarantee that your data hasn’t already been used for training—and will therefore not appear in a chatbot’s response.
The Redditor who received incessant calls posted that he had “submitted an official Legal Removal/Privacy Request to Google, asking them to urgently blacklist my number from their LLM outputs,” but had not yet received a response. He also wrote last month that “the harassment continues daily.”
Abraham, the Israeli software developer, says he contacted Google’s customer service on March 17, the day after his phone number was exposed. He says he did not receive a response until May 4, and it simply asked for documentation that he had already provided.
Meanwhile, inspired by her own exposure on Gemini, Eiger is working with Gilbert and Gueorguieva on a research project to further study what personal information is being pulled up by various AI chatbots—and what they may know, even if they’re not telling us.
Some of that information may “technically be public,” says Gilbert, but chatbots may be altering “the amount of effort you would put into finding” it. Now instead of searching through 10 pages of Google search results, or paying for the information from a data broker site, “does generative AI just lower the barrier to entry to target people?”
This piece has been updated to clarify OpenAI’s response.
