A security researcher’s discovery of an exposed GenNomis database has put a sharp focus on how AI image-generation tools can be misused, and how damaging the results can be when safety and storage practices fail.
According to new research seen by WIRED, the open database contained more than 95,000 records and more than 45 GB of data, mostly AI images. The material included explicit AI-generated images, AI-generated child sexual abuse material (CSAM), prompt data, and images of celebrities such as Ariana Grande, the Kardashians, and Beyoncé de-aged to look like children.
What Was Exposed
The database was discovered by security researcher Jeremiah Fowler, who shared details of the leak with WIRED. It was linked to GenNomis, a South Korea–based website, and its parent company, AI-Nomis.
GenNomis and AI-Nomis hosted several AI tools, including image generation and chatbot tools. Before the site was wiped, GenNomis listed an image generator that let users enter prompts or upload an image and alter it with a prompt. It also listed a face-swapping tool, a background remover, and an option to turn videos into images.
Fowler found the exposed files in early March. The database was not password protected or encrypted. He reported it to GenNomis and AI-Nomis and pointed out that it contained AI CSAM. Fowler says GenNomis quickly closed off the database, but did not contact him about the findings.
Neither GenNomis nor AI-Nomis responded to multiple WIRED requests for comment. Hours after WIRED contacted the organizations, websites for both companies appeared to be shut down, and the GenNomis website returned a 404 error page.
Why The Contents Matter
The exposure is significant because it showed not only a data security failure, but also the kinds of content people were able to create or attempt to create with AI image tools. Fowler said the material included AI-generated pornographic images of adults, potential face-swap images, and files that appeared to contain AI prompts.
He also observed what appeared to be photographs of real people, which he said were likely used to create “explicit nude or sexual AI-generated images.” In some generated images, Fowler alleged, “So they were taking real pictures of people and swapping their faces on there.”
The prompt data raised additional concerns. Fowler said no user data such as logins or usernames was included in the exposed data, but screenshots of prompts showed words such as “tiny,” “girl,” and references to sexual acts between family members. The prompts also contained sexual acts between celebrities.
For Fowler, the visibility of the material itself was the central alarm. “The big thing is just how dangerous this is,” Fowler says of the data exposure. “Looking at it as a security researcher, looking at it as a parent, it’s terrifying. And it's terrifying how easy it is to create that content.”
The Gap Between Policies And Reality
When it was live, GenNomis allowed explicit AI adult imagery. Its homepage featured sexualized images of women in an AI “models” section, including some described as “photorealistic” and others that were fully AI-generated or animated.
The site also had a “NSFW” gallery and a “marketplace” where users could share imagery and potentially sell albums of AI-generated photos. Its tagline said people could “generate unrestricted” images and videos. A previous version of the site from 2024 said “uncensored images” could be created.
At the same time, GenNomis’ user policies said only “respectful content” was allowed. The policies prohibited “explicit violence” and hate speech. Its community guidelines stated: “Child pornography and any other illegal activities are strictly prohibited on GenNomis.”
WIRED noted that researchers, victims advocates, journalists, tech companies, and others have largely moved away from the phrase “child pornography” over the last decade, using CSAM instead.
It remains unclear how much moderation GenNomis used to stop or prohibit AI-generated CSAM. Some users posted to its “community” page last year that they could not generate images of people having sex and that non-sexual “dark humor” prompts were blocked. Another account posted that “NSFW” content should be addressed, because it “might be looked upon by the feds.”
Experts Point To A Wider Ecosystem
Clare McGlynn, a law professor at Durham University in the UK who specializes in online- and image-based abuse, said the case points to a broader market for abusive AI imagery. “This example also shows—yet again—the disturbing extent to which there is a market for AI that enables such abusive images to be generated,” she says.
Henry Ajder, a deepfake expert and founder of consultancy Latent Space Advisory, said the site’s branding mattered. Even if harmful and illegal content was not permitted by the company, he said references to “unrestricted” image creation and a “NSFW” section suggested there may be a “clear association with intimate content without safety measures.”
Ajder also said more pressure needs to be applied across the systems that allow nonconsensual imagery to be generated with AI. He pointed to legislators, tech platforms, web hosting companies, and payment providers as parts of that broader ecosystem.
The GenNomis database exposure does not answer every question about how the content was generated, moderated, shared, or stored. But it does show how quickly AI image abuse can move from a prompt to a file, and how severe the harm can become when those files are left open on the internet.