GenAI now enables any threat actor to mass produce propaganda, misinformation, and other content at near zero cost. Scaled production and spread of synthetic content can overwhelm classifiers, hash matching, human review, and other core elements of Trust & Safety abuse detection and enforcement. Platform defenders are rapidly working to respond with new, AI-driven scaled detection and enforcement tools, setting the stage for this new “arms race.”

In the near term, the threat actor’s advantages are undeniable.

• Content production at scale: Thousands of posts, images, or videos generated in seconds and rapidly posted across platforms.

• Micro-variation: Easy edits (changing a word or frame) skirt hash matching tools.

• Cost: Content creation is near zero.

• Speed: Unhindered by costs, approval chains, and need for truth/accuracy, adversaries can produce and spread propaganda and misinformation faster than platforms can verify, remove, and counter.

The net effect is that with almost no barriers to entry, ANYONE can become an adversary and project influence far beyond their means would have allowed in the past.

If attackers enjoy scale, speed, and low cost, why haven’t defenders already lost? The answer is that platform defenders have certain advantages of their own that can tilt the balance of power back toward them in the medium to long term.

• Owning the infrastructure. Companies build and maintain the platforms. They have access to enormous volumes of user behavior, metadata, content enforcement histories, and other account information and abuse signals that individual threat actors can’t see. This enables Platform Defenders to analyze trends, understand how threat actor TTPs manifest on products, launch new protections that directly counter them, and detect coordinated campaigns across accounts and content types. Still more, it enables platforms to bake defenses into new products and features in the design phase.

• Resource Asymmetry. While threat actors can cheaply generate and spread GenAI propaganda and other content, major platforms control vastly greater compute, engineering, and financial resources (with the possible exception of China and Russia as potential nation-state adversaries). With investment, they can continuously red-team AI models, retrain classifiers, and develop new scaled abuse detection and enforcement tools based on adversarial data.

• Cross-Industry Collaboration. Companies - in partnership with governments, civil society, and academia - are increasingly working together to counter adversaries, sharing signals, playbooks, and tactical databases such as hash libraries. Initiatives such as GIFCT’s hash-sharing and joint incident responses demonstrate that defenders can pool intelligence resources to mitigate shared risks across platforms. [1]

• Provenance and Authenticity Tools. Standards like the Coalition for Content Provenance and Authenticity (C2PA) embed “a verifiable, tamper-evident record” in media files. [2] While not a silver bullet, they provide an additional potential detection signal to Platform Defenders, and help users identify and dismiss scams, misinformation, and disinfo campaigns of threat actors.

Threat actor exploitation of GenAI is not a temporary fad. It is the new norm, and platforms must expect adversaries to quickly identify opportunities to leverage new tools and skirt existing protections. However, this does not mean that the dynamic of AI- driven scaled production (threat actors) versus scaled detection and enforcement (platform defenders) is a zero-sum game. Over the medium to long term, the structural advantages of defenders, combined with cross-industry collaboration, tilts the balance of power in their favor. The important caveat is that winning here doesn’t mean defeat of threat actors. It means maintaining and increasing resilience to the rising tide of scaled content production through continuous investment and development in protections.

End Notes

1. https://gifct.org/hsdb/

2. https://contentauthenticity.org/how-it-works/