CybserSecurity News

Tag: Deepfake

  • The Podcast Trap: How UNC1069’s AI Deepfakes Are Poisoning the Global npm Registry

    What begins as a mundane exchange—an invitation to a podcast or a routine professional briefing—may serve as the preamble to a sophisticated incursion, potentially granting adversaries access to millions of downstream projects. In recent weeks, several maintainers of prominent Node.js libraries have revealed they were targeted by an identical social engineering stratagem. While the Axios package was previously compromised through similar means, it has now become evident that this is no isolated incident, but rather a coordinated and expansive campaign.

    The offensive has zeroed in on individuals whose projects underpin a vast portion of modern software development. Among the targets are Feross Aboukhadijeh, creator of WebTorrent; John-David Dalton, the author of Lodash; Jordan Harband, a key figure in JavaScript standardization; and various contributors to the Express and Node.js core teams. Many of these developers steward libraries that garner hundreds of millions of weekly downloads. According to Aboukhadijeh, such assaults have transcended anomaly to become an increasingly frequent reality.

    The adversaries operate with a consistent and calculated methodology. Initial contact is typically established via LinkedIn or Slack, where they masquerade as corporate representatives—frequently adopting the moniker “Openfort.” The ensuing dialogue appears organic: they discuss potential collaborations, arrange calls, and gracefully navigate rescheduled meetings. Eventually, the victim is beckoned to a video conference.

    The deception culminates during the meeting itself. The provided link directs the user to a fraudulent page that mirrors Zoom or Microsoft Teams with uncanny fidelity. The interface is meticulously crafted, sometimes even featuring a “counterpart” rendered through AI-generated video. Within moments, a simulated technical error regarding audio or connectivity prompts the user to “remedy” the issue by downloading an application or executing a terminal command.

    Should the user comply, malware is surreptitiously installed on the device. Once persistent, the program harvests sensitive data and establishes contact with a command-and-control server every sixty seconds. This unauthorized access facilitates the theft of access keys, npm tokens, cloud credentials, and browser contents. Armed with these assets, the attackers can publish compromised versions of software packages without further authentication.

    Developer Pelle Wessman recounted a parallel experience: he was invited to a podcast recording, integrated into a group chat with other “participants,” and provided with preparatory questions. During the call, the fraudulent service prompted a software installation. Upon inspecting the file, Wessman discovered malicious code and declined the execution. When the initial ploy failed, the attackers urged him to run a command via curl before abruptly purging their communication history.

    A similar narrative was shared by Node.js contributor Jean Burellier, who received a meeting link mere minutes before its scheduled start. Although the URL mimicked an official Microsoft domain, it led to a counterfeit site. When he refused a prompted “update” during the call, he was instantaneously expelled from all related chats.

    These attacks rely not on frantic urgency, but on the meticulous cultivation of trust. Adversaries may maintain contact for weeks to evade suspicion. The malicious infrastructure replicates legitimate services with breathtaking precision, a complexity further heightened by the deployment of AI-generated deepfakes.

    Cybersecurity specialist Tayvano attributes this campaign to the group UNC1069, previously identified by Mandiant. Having formerly targeted cryptocurrency firms, the group has pivoted toward open-source developers. The rationale is clear: compromising a single popular package provides a gateway to millions of dependent projects.

    As the npm repository facilitates trillions of downloads annually, the compromise of a single developer constitutes a direct threat to the global software supply chain. Maintainers warn that even two-factor authentication offers no sanctuary if malware is already operational on a device, as it can intercept data post-login. Similarly, contemporary package publication mechanisms are insufficient against a comprehensive system takeover.

    The community is now calling for transparency and the shared documentation of these encounters. As the campaign evolves and adversaries explore new platforms, the impact of a single successful breach extends far beyond the individual, threatening the entire ecosystem upon which millions of services and applications rely.

  • Lazarus Group Stole $1.4B in Crypto; Will Use AI & Deepfakes for 2026 Attacks

    North Korea’s Lazarus hacking collective is intensifying its targeted phishing campaigns against cryptocurrency platforms and individual investors, amassing hundreds of millions of dollars in illicit gains. According to a report by AhnLab, the group is expected to adopt even more sophisticated spear-phishing tactics in 2026, increasingly leveraging AI, deepfakes, and advanced evasion techniques to bypass security systems.

    Lazarus Group is widely regarded as one of the most dangerous cybercriminal organizations, responsible for a string of high-profile attacks on the cryptocurrency sector. Researchers recall the theft of $1.4 billion from the Bybit exchange on 21 February 2025, as well as the $30 million breach of Upbit. In total, Lazarus is credited with stealing more than $1.4 billion from the crypto industry alone in recent years. The group is linked to North Korea’s intelligence services and is believed to possess virtually unlimited resources for developing and refining new attack methods.

    Lazarus’s primary weapon is spear phishing—a form of precision-crafted phishing that differs starkly from mass spam campaigns. Before an attack, adversaries study their target: scouring social-media profiles, LinkedIn pages, prior correspondence, and public appearances. Based on this intelligence, they forge emails that mimic genuine conference invitations, job offers, or interview requests. These messages appear authentic, complete with accurate salutations and contextual detail. A single click on a link or the opening of an attachment is enough to install malware that steals credentials or grants the attackers access to a corporate network.

    AhnLab’s analysis for October 2024 to September 2025 shows Lazarus implicated in 31 documented intrusions, surpassing other prominent actors such as Kimsuky (27 mentions) and TA-RedAnt (17 mentions). Moreover, Lazarus’s interests extend well beyond cryptocurrency exchanges: financial institutions, IT companies, and even the defense sector have become targets. Analysts underscore that human error remains the decisive factor—employees and users who trust “plausible” emails are the gatekeepers whom Lazarus aims to exploit.

    In the cryptocurrency ecosystem, such attacks are especially destructive: transactions are irreversible, and asset values fluctuate rapidly. A compromised wallet, exchange account, or internal platform system can lead to multimillion-dollar losses within minutes. AhnLab observes that Lazarus’s resilience is driven not only by its operators’ skills but also by a continuous influx of technical and financial resources.

    The report emphasizes that over the past 12 months, Lazarus has consistently remained one of the gravest threats to crypto exchanges. The Bybit and Upbit incidents alone yielded the group more than $1.43 billion. The attack pattern is often the same: the victim receives a meticulously crafted email, follows a link, enters credentials or opens an attachment, and in doing so grants the attackers access to exchange systems or personal assets.

    Amid the rise of these attacks, experts stress the importance of both technical and behavioral defenses. For everyday users, the fundamental rules remain unchanged: verify senders through independent channels (such as a company’s official website or verified phone numbers), enable multifactor authentication across all crypto-related services, and encrypt network traffic—especially when conducting financial operations. Users should avoid clicking suspicious links, refrain from opening attachments from unknown or overly insistent contacts, and keep systems and applications fully up to date with security patches.

    Specialized recommendations focus on mitigating spear-phishing risks in crypto transactions. Experts advise minimizing publicly available personal information—job titles, habits, and professional contacts—as the less the attackers know, the harder it is for them to craft a truly convincing email. Whenever in doubt, recipients should verify messages through alternate channels: calling the purported sender, messaging them separately, or contacting official support rather than replying directly to a suspicious email.

    For organizations, user discipline is insufficient on its own. AhnLab calls for comprehensive, multilayered defense: regular security audits, strict patch-management policies, phasing out legacy systems, and continuous employee training on identifying phishing and social-engineering attempts. Incident analyses from 2025 show that attackers from Lazarus, Kimsuky, and TA-RedAnt frequently exploit human mistakes and vulnerabilities in outdated software.

    AhnLab also recommends that companies and individuals rely solely on official software sources, avoid downloading applications from dubious websites, and never open files sent by unknown senders. Modern antivirus solutions and anomaly-detection systems can help detect unusual activity—ranging from remote-access attempts to suspicious cryptocurrency-wallet operations. At the corporate-network level, essential measures include infrastructure segmentation, rigorous access-control policies, and monitoring of internal data flows.

    A growing point of concern is the role of artificial intelligence in future attacks. AhnLab predicts that by 2026, AI will become a standard tool for cybercriminals—capable of mass-generating realistic phishing sites and emails free of typical grammatical flaws, as well as producing numerous malware variants crafted to evade antivirus tools and analysis systems.

    Deepfake technologies warrant particular attention: forged video and audio featuring company executives, well-known experts, or supposed exchange employees may be used to increase the credibility of fraudulent requests and malicious links. AhnLab analysts warn that deepfake attacks will evolve to a point where distinguishing fabrication from reality becomes exceedingly difficult. This elevates the risk of confidential-data breaches and underscores the critical importance of robust information-security measures and vigilant monitoring of anomalous account and system behavior.

  • Deepfake Scandal Disrupts South Korean Assembly After Lawmaker Uses AI Video of Officials to Warn of AI Misuse

    A scandal erupted in South Korea’s National Assembly after Kim Jang-kyun, a lawmaker from the ruling People Power Party, presented a deepfake video depicting senior government officials during a parliamentary session. The AI-generated clip appeared to show a “secret meeting” between Vice Minister Bae Kyung-hoon and former Judicial Committee Chairman Lee Chun-suk.

    According to Kim, his intention was to draw attention to the escalating threat of AI misuse and to illustrate how effortlessly convincing fakes can now be produced. However, his colleagues deemed the act provocative and inappropriate for an official legislative proceeding.

    The attempt to warn against the dangers of artificial intelligence backfired dramatically. Lawmakers accused Kim himself of blurring the line between an educational demonstration and manipulation, arguing that by using real individuals’ likenesses, he undermined the very point he sought to make.

    Digital paranoia has become the new common sense.
    Subscribe to us.

    The confrontation quickly descended into chaos—members began shouting over one another, forcing the Science, ICT, Broadcasting, and Communications Committee to adjourn after just one hour and fifteen minutes.

    Kim maintained that “cases of AI abuse and its side effects are countless,” insisting the video was intended purely to raise awareness. Yet the outcome proved the opposite: the Assembly’s focus shifted from the substance of the issue to the scandal itself.

    The incident stands as a vivid illustration of how even an effort to expose the perils of deepfake technology can devolve into disinformation.

    Such occurrences are becoming increasingly frequent in global politics. In the United Kingdom, for example, more than a hundred videos surfaced online in 2024, featuring former Prime Minister Rishi Sunak “speaking” with an AI-generated voice. Researchers from Fenimore Harper determined that these clips reached over 400,000 users and closely mimicked the style of BBC news reports.

    In South Korea, however, the situation carried an ironic twist: a lawmaker who sought to warn the public about the risks of artificial intelligence ultimately became a victim of its consequences—not technologically, but politically.

  • Google’s New Tech Will Prove If a Photo Is Real or AI-Generated

    Google has unveiled a new system for authenticating digital images by embedding C2PA Content Credentials into the Pixel 10 camera and the Google Photos application. This mechanism is designed to help users distinguish original photographs from those created or altered using generative models — a challenge that has grown increasingly urgent amid the surge of fabricated content online. The company emphasizes that traditional watermarking methods are no longer sufficient, as they leave room for ambiguity and manipulation.

    On the Pixel 10, every JPEG photo taken is automatically tagged with Content Credentials metadata, recording the circumstances of its creation. If the image is later edited — whether through AI tools or conventional photo editors — Google Photos logs the entire edit history and preserves it alongside the file. The system functions entirely on-device, requires no internet connection, and, according to Google, is resilient to tampering. At the same time, user privacy remains intact, while the authenticity of the data can still be verified.

    Image authentication

    To guard against forgery, Google has implemented multiple layers of protection. Each image is signed with a unique cryptographic key that is never reused, ensuring both anonymity and the impossibility of tracking. All keys are generated and stored within Android StrongBox, secured by the Titan M2 security chip. Should the image metadata be altered, the digital signature is immediately invalidated.

    Adding another layer of assurance, the system leverages Android Key Attestation, which allows Google’s certificate authorities to verify the authenticity of both the hardware and the application generating the certificate. The Tensor processor’s integrated secure timer further strengthens the mechanism by providing precise timestamps, even when the device operates offline.

    Google underscores that Content Credentials are safeguarded by the same cryptographic principles that secure financial transactions and mobile applications. This ensures that users can trust the integrity and provenance of their images.

    Looking ahead, the company intends to extend Content Credentials support to additional Android devices, though it has not yet disclosed a timeline. Meanwhile, Google urges industry peers to move beyond simplistic “AI-generated” labels and adopt verifiable provenance mechanisms, arguing that only such approaches can effectively combat disinformation and the proliferation of deepfakes.

  • Fraudsters Evolve: How Money Mules Are Using Starlink and AI to Launder Funds

    Over the past two years, the banking sector across the Middle East, Turkey, and Africa has witnessed a marked evolution in cash-out schemes driven by so-called “money mules.” According to Group-IB, drawing on data from more than 200 million mobile sessions and thousands of investigations, fraudsters have steadily advanced from simple IP-masking tactics to multi-layered operations involving Starlink satellite terminals, forged GPS coordinates, SIM identification evasion, and even the cross-border shipment of pre-configured smartphones.

    At first, criminals relied on basic tools such as VPNs and proxy servers. Yet stringent regulatory controls in Gulf states quickly rendered these methods useless, as connections from hosting providers and anonymizers were automatically blocked. New workarounds soon emerged, including the use of SIM cards and eSIMs registered in target countries, as well as Starlink stations that spoofed originating IP addresses. While such connections appeared legitimate on the surface, discrepancies between GPS readings and mobile operator data exposed their fraudulent nature and became the basis for identifying campaigns.

    The next wave brought large-scale geolocation spoofing on smartphones. Previously, mandatory GPS access in banking apps served as a reliable barrier, but by 2024 criminal groups had mastered coordinate manipulation on both Android and iOS. One Syrian-Turkish network stood out in particular, using GPS spoofing and counterfeit SIM cards to mass-open accounts for laundering operations, some linked to extremist financing. Banks countered these efforts with Group-IB’s SDK, capable of detecting GPS anomalies and mismatches with device data.

    When the correlation of GPS and SIM identifiers grew harder to bypass, fraudsters turned to SIM-less smartphones, operating via Wi-Fi through routers or tethering from other devices. In parallel, a more elaborate model took shape: recruiting “first-layer” operatives within target countries. These individuals opened accounts in their own names, passed KYC, and maintained them legitimately for a period to build a “trust history.” Afterwards, credentials were transferred abroad to operators who conducted transactions, often disguised as business ventures, investment agreements, or trade deals.

    The most sophisticated phase of mule operations involved shipping pre-prepared devices. In trusted jurisdictions, first-layer mules opened accounts, fulfilled all formalities, and used them for some time to establish credibility. The activated smartphones were then shipped overseas, where entirely different individuals took control. From the bank’s perspective, activity still appeared to originate from the same device, with no signs of a client switch.

    Nevertheless, inconsistencies betrayed the deception: GPS suddenly placed the phone in a different country, ATM withdrawals were logged outside the originating jurisdiction, and network or SIM parameters shifted abruptly. Most revealing of all were behavioral metrics—swipe speed, touch patterns, periods of activity, and even the angle at which the device was held. Such biometric cues allowed investigators to distinguish the original user from the impostor despite unchanged technical identifiers.

    Equally troubling has been a trend in which victims themselves are unwittingly drawn into laundering schemes. Criminals would first transfer funds into a random customer’s account, then contact the individual while impersonating a bank representative or official authority. Under the pretense of an “erroneous transfer,” the victim was persuaded to forward the funds or grant account access. In this way, a well-intentioned client became an unwilling intermediary in the laundering chain.

    For banks, such cases are exceptionally difficult to detect: the customer appears entirely legitimate, shows no overt signs of fraud, and transactions resemble standard transfers. Yet investigations reveal that detection is possible—through analysis of atypical transaction routes, deviations from habitual behavioral patterns, and inconsistencies between device and account data.

    This progression underscores a broader truth: fraud in the META region is no longer confined to the digital realm. It has increasingly morphed into a hybrid model where online technologies intertwine with physical logistics, human recruitment, and social engineering. To counter this, Group-IB recommends unifying IP analytics, geolocation checks, device integrity monitoring, and behavioral modeling into a single system—while preparing for the next wave of threats, including the use of generative AI and deepfakes to forge documents and KYC videos.

  • AI Job Applicants: The New Fraud Wave Impersonating Candidates in Video Interviews

    In the United States, a recruiter conducting a live video interview encountered a bot impersonating a job applicant. This incident highlighted the rapid evolution of AI-driven fraud schemes: no longer limited to generating resumes, these systems can now participate in online interviews using synthetic voices and fabricated video feeds. Experts warn that this poses more than just a risk of wasted time — North Korean networks are deploying fake identities to secure remote IT positions, granting them access to critical systems and, ultimately, classified information. In response, major corporations are partially reintroducing in-person interviews.

    The story began at Nisos, a company hiring engineers and AI specialists for remote roles. Chief Talent Officer Megan Giacinto received an alert from a manager: a candidate’s behavior seemed suspicious. During a follow-up interview, troubling signs emerged. The applicant’s answers lagged, and he continually glanced to the side, as though awaiting prompts from another screen. His speech was clipped, marked by unnatural pauses and rehearsed phrasing. Moreover, his appearance did not match the résumé’s seniority — his face looked far too young for the roles claimed.

    To test her suspicions, Giacinto shifted to behavioral questions requiring detailed accounts of prior responsibilities, results, and team reactions. Here, the bot faltered, stumbling over specifics. She then asked a simple, grounding question about the local weather — a tactic often used to confirm a candidate’s claimed location. The response was incorrect, and the “applicant” unraveled completely under further questioning.

    A similar case was described by Vidoc Security co-founder David Mochadlo, who suspected that an interviewee was using a real-time deepfake mask. To verify, he requested a simple gesture: cover the face with a hand. The candidate refused, and the call ended abruptly. The principle is simple — obstructing the face can break the filter, instantly revealing the deception.

    Why this is dangerous: such impostors typically target engineering and IT roles with access to sensitive infrastructure and data. Security specialists report that North Korean networks actively deploy fake personas to infiltrate companies in the United States, Japan, and beyond — seeking to circumvent sanctions, earn salaries, and, where possible, exfiltrate valuable intelligence.

    How the market is responding: major employers are reinstating in-person stages. According to The Wall Street Journal, companies such as Google, Cisco, and McKinsey already conduct face-to-face interviews at select hiring phases. Recruiting firm Coda Search/Staffing (Dallas) notes that client demand for offline interviews has surged from 5% last year to 30% this year. A full return to traditional processes remains difficult, especially for firms hiring hundreds of engineers annually in fully remote settings, but live evaluations are being revived — at least for the final rounds.

    Meanwhile, a broader issue looms: a flood of auto-generated resumes. LinkedIn reports a 45% year-over-year surge in applications — around 11,000 submissions per minute. Many are easily filtered out due to inconsistent dates or exaggerated roles. As Giacinto explains, a typical red flag might be “a recent graduate suddenly claiming to have led a large team of developers” in their very first job. The paradox is that weak applications from real people may also be discarded if they resemble AI-generated fabrications.

    Key signals of impersonation in interviews (as observed by Nisos and Vidoc Security):

    • Noticeable delays before answering and constant sideways glances
    • Stilted speech devoid of natural intonation
    • Appearance inconsistent with claimed experience
    • Inability to answer detailed behavioral questions
    • Refusal to replicate a simple gesture on camera — deepfake masks often break under such tests
    • Control questions about everyday life (such as local weather) expose discrepancies instantly

    Takeaway for hiring teams: strengthen vetting where data access is at stake; restore in-person interviews at least in final stages; shift away from binary yes/no formats to probing behavioral questions; and incorporate simple “grounding” checks during video calls. Above all, remember that the gap between a sophisticated bot and a genuine candidate is narrowing rapidly. They can still be distinguished — but only through a deliberate, well-structured process.

  • Trump Sparks Outrage with AI-Generated Video Depicting Obama’s Fictional Arrest

    Former U.S. President Donald Trump has once again found himself at the heart of controversy—this time for posting a provocative, AI-generated video. Shared on his own platform, Truth Social, the video depicts the fictional arrest of Barack Obama by FBI agents, culminating in the former president’s incarceration in a prison cell. Unsurprisingly, the footage has sparked widespread concern—not only for its overt political overtones but also for the use of artificial intelligence to disseminate manipulative content.

    The video opens with a montage of clips showing Democratic Party figures chanting the slogan, “No one is above the law.” The scene then cuts to an image of Pepe the Frog—an internet meme often co-opted by far-right groups—dressed in a clown costume, a symbol increasingly embraced by the alt-right online subculture.

    This is followed by a fabricated scene featuring a “younger” Donald Trump confronting Obama. In the generated footage, Obama is shown on his knees, hands restrained behind his back, encircled by FBI agents. The final shot places him inside a prison cell, clad in an orange jumpsuit, looking dejected and downcast. Meanwhile, Trump appears, grinning ear to ear. The video is presented without caption, explanation, or commentary—none is needed, as its message is unmistakably clear.

    It is believed the video was posted in response to a press release accusing the Obama administration of attempting to discredit the 2016 election results. The document alleges that former officials “knowingly disseminated false information” regarding supposed Russian interference—claims purportedly grounded in the discredited “Steele dossier.”

    That dossier, compiled by former British intelligence officer Christopher Steele, served as the basis for numerous media reports and investigations into alleged ties between Trump’s associates and Russian operatives. Trump and his supporters have long dismissed the dossier as fabricated and the investigations as part of a broader conspiracy.

    Particularly inflammatory remarks came from Tulsi Gabbard—a former member of Congress and, according to sources cited in the post, now serving as Director of National Intelligence. She characterized the Obama administration’s actions as “treason” and called for the criminal prosecution of all involved.

    According to Gabbard, the objective of the “conspiracy” was “to undermine the will of the American people and stage a years-long coup attempt, with the sole purpose of preventing the duly elected president from fulfilling his mandate.”

    “Everyone who participated in this crime must be investigated and brought to justice,” Gabbard declared. “Only then can we ensure that such a betrayal never happens again.”

    However, not everyone has taken the video seriously. Many social media users accused Trump of orchestrating yet another distraction—particularly in light of renewed public outrage following the dismissal of a case related to the leaked Jeffrey Epstein files. Critics argue that, rather than addressing substantive issues, Trump is once again employing his trademark tactic: creating sensationalist spectacle to divert attention.

    The use of artificial intelligence to simulate real individuals in such a politically charged context has alarmed disinformation watchdogs. This is not merely a meme or a hypothetical fantasy—it represents a novel instrument of political manipulation capable of distorting public perception of reality. The danger is amplified when such content is shared without clear labeling as artificially generated. And as technology continues to advance, these fabrications will only become more convincing.

  • The Dark Side of AI: “Undressing” Services Thrive on Major Tech Platforms, Raking in Millions

    Each month, millions of users visit websites offering so-called “undressing” services—platforms that use generative AI to transform ordinary images of women and girls into fabricated nude depictions. A recent investigation by Indicator has revealed that, despite the efforts of certain lawmakers and tech companies, this industry remains active, highly profitable, and deeply embedded within the infrastructure of some of the world’s largest technology giants.

    An analysis of 85 such websites showed that many are serviced by companies like Google, Amazon, and Cloudflare. Of these, 62 rely on Amazon or Cloudflare for cloud or CDN services, and 54 utilize Google’s authentication systems. A wide array of other tools—including payment gateways and hosting providers—are also employed, sourced from both major corporations and lesser-known firms.

    This ecosystem sustains an illicit industry with an estimated annual turnover of up to \$36 million, a figure based on user counts, subscription fees, and the sale of “credits” used to generate the images. However, researchers note that actual profits may be significantly higher due to off-site activity, such as transactions and promotions on Telegram.

    At the heart of the issue lies the inaction of tech companies whose tools and platforms enable the dissemination of content that violates both legal boundaries and ethical standards. A spokesperson from AWS claimed the company responds to reports of abuse, while Google asserted it is working on solutions and has already taken steps to limit access. Still, little has changed: the sites remain online, growing their audiences and expanding monetization strategies through adult industry ads, affiliate programs, and sponsored links.

    Beyond the clear financial incentives, operators of these sites appear intent on embedding themselves in the adult content industry as legitimate players. According to Indicator, the platforms are adapting to potential restrictions by using fake domains, intermediary sites, and evasion tactics to bypass automated controls. One of the most common methods involves disguising registrations with neutral-looking URLs when signing in via Google or Apple, allowing them to sidestep content filters.

    The threat is becoming increasingly global. Most visitors hail from the United States, India, Brazil, Mexico, and Germany. In recent months, there has also been a surge in traffic from third-party sources, not just search engines. The popularity of such platforms has even attracted the attention of cybercriminals, who are now creating malicious clones of these services laced with malware.

    Despite growing regulatory scrutiny, efforts to dismantle these platforms remain scattered and inconsistent. Several lawsuits have been filed in the U.S. against similar websites. Microsoft has identified developers producing deepfakes featuring celebrities, and Meta has filed suit against a company advertising an AI-based “undressing” app. The U.K. has moved to outlaw the creation of explicit deepfakes, while the “Take It Down Act,” signed by Donald Trump, mandates swift removal of such imagery by hosting companies.

    Still, experts maintain that unless the major tech players take decisive action to cut off infrastructure support for these exploitative platforms, the issue will persist. Piecemeal enforcement is not enough. Systemic, coordinated measures are needed. Should technology providers collectively refuse to serve these services, they would be relegated to obscure corners of the internet, drastically shrinking their reach and profitability. While this won’t eradicate the problem entirely, it could significantly curtail its scale.