A new qualitative study of 200 media reports offers a clear view of how generative AI misuse developed from January 2023 to March 2024. The central finding is direct: the biggest risks seen in the dataset came less from complex attacks on AI systems and more from ordinary use of widely available tools for deception, influence, and scale.
Researchers from Google DeepMind, Jigsaw, and Google.org found that most reported misuse did not require advanced technical skill. Instead, actors used generative AI capabilities to create synthetic images, fake profiles, impersonations, and other material that could blur the line between authentic and fabricated content.
What the study examined
The researchers reviewed 200 media reports about generative AI misuse across a 15-month period. Their work was qualitative, meaning the focus was on patterns, tactics, motivations, and examples rather than a complete count of every incident.
The study separates two broad kinds of risk. One involves attacking GenAI systems themselves, such as trying to manipulate a model through prompt injections. The other involves using GenAI systems as tools to create or amplify harmful material.
The second category dominated the observed cases. According to the study, most abuses were not direct technical attacks on the models. They were uses of accessible GenAI features that could be carried out with minimal technical expertise.
That distinction matters because it changes where the practical risk sits. The concern is not only whether a model can be hacked. It is also whether a model can make impersonation, synthetic media, fake support, and misleading content easier to produce and distribute.
Manipulating real people was the most common tactic
The most common form of abuse found in the study involved manipulating representations of real people. The source article lists identity theft, sock-puppet tactics, and non-consensual intimate images as examples.
These cases show how generative AI can affect trust at a human level. A false profile, a fabricated image, or an impersonation can create the appearance that a real person said or did something, even when the underlying media is synthetic.
Other frequent tactics included spreading false information and using GenAI-powered bots and fake profiles to scale and amplify content. In practical terms, generative AI can be used both to create deceptive material and to make that material appear more widespread than it is.
The study also points to a more ambiguous category of misuse. The authors write, "The increased sophistication, availability and accessibility of GenAI tools seemingly introduces new and lower-level forms of misuse that are neither overtly malicious nor explicitly violate these tools’ terms of services, but still have concerning ethical ramifications."
That observation is important because not every harmful use looks like an obvious crime or a direct rule violation. Some uses may sit in a gray area, especially when synthetic media is used in political communication or advocacy and the audience cannot easily tell what is genuine.
Public opinion was the leading motive
The study found that influencing public opinion was the most common motive, appearing in 27% of reported cases. Monetizing products and services followed at 21%. Fraudulent activities, including theft of information, money, or assets, ranked third at 18%.
For public opinion campaigns, the tactics varied. The source article describes impersonating public figures, using synthetic digital personalities to feign grassroots support for or against a cause, and creating fake media. It also uses the term "astroturfing" for this manufactured appearance of public support.
Many cases in the dataset involved emotionally charged synthetic images tied to politically controversial topics, including war, social unrest, or economic decline. Other cases sought to damage reputations through falsified compromising portrayals of politicians.
The same broad political pattern appeared in misuse cases uncovered by Microsoft and OpenAI, according to the source article, though those cases allegedly had little impact. The source also notes that OpenAI recently tightened access restrictions for China, Russia, and other countries.
Beyond politics, the study found that AI-generated content was produced at large scale to generate advertising revenue. Fraudulent activity also appeared through fake celebrity endorsements for crypto systems and personalized phishing campaigns.
Direct attacks on AI systems remained rare
Although the study examined misuse of generative AI, direct attacks on the systems themselves were not the main story. According to the source article, attacks on GenAI systems were mostly carried out between 2023 and 2024 as research to uncover vulnerabilities.
About a third of these attacks used "prompt injections" to manipulate models. Prompt injection is presented in the source as one method used to influence model behavior, but explicit attacks on GenAI systems were still rare in the period studied.
The researchers documented only two actual cases of explicit attacks. One involved preventing unauthorized scraping of copyrighted material. The other involved allowing users to generate uncensored content.
This does not mean system attacks are irrelevant. It means that, in the reports studied, the more visible and common misuse came from applying GenAI tools to real-world deception, fraud, influence, and monetization.
Why the findings matter for AI policy
The study’s findings are useful for regulators, trust and safety teams, and researchers because they describe harms that are already visible in public reporting. The practical challenge is that many of the most common tactics depend on ordinary capabilities: generating images, creating text, imitating identities, or scaling content through fake profiles.
The researchers also warn that multimodal capabilities are likely to create new methods of abuse. As GenAI systems handle more forms of media, the possible combinations of synthetic text, images, profiles, and other content may expand.
The authors argue that responding to this fast-changing threat landscape requires a broader view of what is happening. They emphasize data sharing between actors and advocate an industry-wide information exchange system similar to that used in the aviation industry.
The main lesson is straightforward. Generative AI risk is not limited to technical exploits against models. In the observed media reports, the larger problem was the use of accessible AI tools to manipulate identity, attention, trust, and public perception.