The Malicious Technical Ecosystem: Exposing Limitations in Technical Governance of AI-Generated Non-Consensual Intimate Images of Adults
Michelle L. Ding, Harini Suresh
TL;DR
The paper addresses the problem of AI-generated non-consensual intimate images (AIG-NCII) of adults and gaps in governance. It adopts a survivor-centered analysis that maps the Malicious Technical Ecosystem (MTE)—an open, decentralized stack of independently developed models, nudification tools, and supporting infrastructure—onto the NIST AI 100-4 synthetic-content governance framework. It identifies three key gaps: overreliance on transparency, conflation of CSAM with adult NCII, and governance focused on large corporate models rather than user-driven tools, arguing for survivor-centered prevention and framework reforms. By reframing AIG-NCII as a high-risk harm linked to the MTE, the work emphasizes regulatory shifts that address creation and dissemination, not just downstream removal, to reduce harms and improve practical protections for survivors.
Abstract
In this paper, we adopt a survivor-centered approach to locate and dissect the role of sociotechnical AI governance in preventing AI-Generated Non-Consensual Intimate Images (AIG-NCII) of adults, colloquially known as "deep fake pornography." We identify a "malicious technical ecosystem" or "MTE," comprising of open-source face-swapping models and nearly 200 "nudifying" software programs that allow non-technical users to create AIG-NCII within minutes. Then, using the National Institute of Standards and Technology (NIST) AI 100-4 report as a reflection of current synthetic content governance methods, we show how the current landscape of practices fails to effectively regulate the MTE for adult AIG-NCII, as well as flawed assumptions explaining these gaps.