5 hours ago

The New Economics of Synthetic Children

5 mins read

By
Dr. Jasmin (Bey) Cowin

Late
in 2025, a criminal gang contacted an all-girls secondary school in the north
of England with a demand. As reporter Helen Hoddinott detailed in her
investigation for LBC, “Cyber-gang
‘demand £250k ransom from school’”
, the blackmailers had scraped
photographs of 30 pupils from the school’s own website, run them through
generative AI tools, and produced sexually explicit imagery of those children.
The price for silence: £250,000 in bitcoin.

The
school refused to pay and reported the extortion attempt to police, a decision
Simon Bailey, the former National Police Chiefs’ Council lead for child
protection, publicly supported. The Internet
Watch Foundation
(IWF) assessed roughly 150 of the manipulated images as
child sexual abuse material under UK law, converted them into digital
fingerprints, and distributed those hashes to major platforms to block
re-uploads.

The
school’s name and the investigating police force are being deliberately
withheld to protect the pupils, and no arrests have been publicly reported.
That the perpetrators remain unidentified is itself part of the story: the
extortion arrived through the same anonymous, cross-border channels as the
financially motivated sextortion campaigns the National Crime Agency (NCA)
and the FBI have tracked for years. The IWF has confirmed this was not an
isolated attempt, and the UK Online Harms Early Warning Working Group, which
includes the IWF, the NCA, the NSPCC,
and Childnet, has warned it is only a matter of time before more schools are
targeted.

A Threshold Crossed in a Single Year

Internet Watch Foundation (IWF) analysts identified 3,440 AI-generated videos of child sexual abuse in 2025,
compared with 13 in 2024. The organization calculates that increase at 26,362
percent. Of those videos, 65 percent met the Category A standard, the most
severe legal classification in UK law. Across all formats, the IWF identified
8,029 AI-generated images and videos of realistic child sexual abuse in 2025, a
14 percent rise on the previous year, and dealt with 312,030 confirmed reports
of abuse imagery overall, a record.

In the United States, the National Center for Missing and
Exploited Children
(NCMEC) received 4,700 reports involving generative AI
in 2023 and 67,000 in 2024. Its early 2025 data shows tens of thousands of
reports of users uploading images of real children with text prompts to
generate abuse material, alongside more than 145,000 reports of AI tools being
used to alter existing files.

Europol
traces the step change to the release of open-source diffusion models in 2021
and 2022, which put realistic image synthesis within reach of offenders with no
technical expertise. In June 2026, the NCA warned that online child sexual
abuse is increasingly driven by profit, describing a global ecosystem in which
offenders exploit platforms and payment systems to identify victims, groom
children, and monetize abuse. The UK government has announced a ban on
possessing AI models designed to generate child sexual abuse material, and the
IWF is pressing EU legislators to criminalize AI-generated abuse imagery in all
forms as the bloc negotiates new child protection rules.

The
Information-Designers

Thirty
years ago, William Gibson mapped the mechanism in his novel Idoru
(1996), whose synthetic star, Rei Toei, is assembled from data alone: “a
personality-construct,” built by professional information-designers, a person
who exists because someone compiled her. The blackmailers who targeted the
English school worked as malevolent information-designers of a criminal kind,
compiling school photographs into synthetic and sexually explicit bodies. What
Gibson imagined as entertainment engineering has arrived as an attack: any
publicly available photograph of a child, student, or faculty member, whether
posted by a school, a sports club, an event organizer, or a parent, can now
serve as raw material for synthetic abuse imagery. Institutions and families
that once treated photographs as celebration or marketing are, in effect,
publishing an attack surface, and every image they post may feed the data
pipeline of synthetic sexual abuse.

Beyond
the School Gate: Clubs, Events, and the Feed

School
websites are often repositories of named, identifiable children, which is why
criminals most likely started there. But the same logic applies to every other
channel where children’s and educator faces appear in public. Sports clubs, youth
orchestras, scout troops, trading-card tournaments, recitals, and community
festivals routinely publish rosters, match photos, and highlight reels, often
with full names and locations attached. The UKSIC document “Protecting
your setting’s images from AI manipulation and abuse”
(May 2026), gives
updated image security guidance for schools that explicitly extends its
warnings to organizations working with children beyond formal education, and
safeguarding advisers now name sports clubs and extracurricular activities
alongside schools as exposure points.

Family
social media may be the largest reservoir of all. Years of Instagram and
Facebook posts have built searchable, high-resolution archives of children’s
faces at every age, frequently tagged with names, schools, and locations. The
FBI warned as early as June 2023 that offenders were using ordinary social
media photos of minors to fabricate explicit imagery for extortion. In the UK,
Childline now receives calls from children who were sent convincing fake nudes
of themselves built from their own Instagram photos, with no prior contact from
the offender. And research
from the child-safety nonprofit Thorn
found that one in ten minors surveyed
knew peers who had used generative AI to create explicit images of other
children. The threat therefore also operates inside classrooms and friend
groups, well below the radar of organized crime.

The
Next Frontier: The Uninvited Camera That Walks Through the Door

Institutions
can scrub their websites, and parents can lock their accounts, and yet – a new
capture channel still walks (uninvited) through the door. Every pair of Meta glasses
signals recording with a small white LED, but a peer-reviewed study Mind the Gap:
Mapping Wearer–Bystander Privacy Tensions and Context-Adaptive Pathways for
Camera Glasses
, presented at the CHI 2026 conference found that roughly
two in three people, wearers and bystanders alike, consider such LED indicators
inadequate, describing them as easy to overlook, invisible in bright light,
meaningless to people who don’t know what the light signifies, and simple to deliberately
obstruct. After capture, photos and video from Meta’s glasses are imported into
the Meta AI app by default, with cloud processing switched on by default. An investigation
by Svenska Dagbladet
published in February 2026 found that annotators at a
Nairobi data subcontractor reviewed intimate footage from the glasses to train
Meta’s AI, with automatic face blurring that workers said failed in difficult
lighting; the UK Information Commissioner’s Office called the claims concerning
and wrote to Meta demanding answers.  

In
February 2026, a
Los Angeles judge ordered Mark Zuckerberg’s own legal team to remove their
Ray-Ban Meta glasses in court
, warning that facial recognition could
identify jurors. Days after Meta announced anti-tampering protections for the
recording light in July 2026, the
Financial Times
reported the company was prototyping “super sensing”
glasses that could continuously collect audio and photograph surroundings every
few seconds.

The
European AI Act vs Mass Facial Recognition Harvesting

Regulation
is racing to draw lines. Since February 2, 2025, Article 5(1)(e) of the EU AI
Act has flatly prohibited building or expanding facial recognition databases
through untargeted scraping of facial images from the internet or CCTV. This is
the practice for which Clearview
AI was fined $33.7 million by the Dutch data protection authority.
Everyday
public photography and camera glasses as such fall outside that prohibition, a
narrower line than is often assumed; but a glasses ecosystem that identified
bystanders against a mass-harvested database would collide directly with it,
which is one reason recognition features available elsewhere are switched off
in EU markets. Under the GDPR, biometric data processed to identify a bystander
requires an explicit legal basis, and a bystander child has certainly never
provided one. For children outside the EU, including in the United States, no
equivalent line exists.          

Thirty
years ago, Gibson imagined professional information-designers assembling a
synthetic star from nothing but data, a fantasy that required him to invent
both the designers and the archive they would draw from. Humanity has since
supplied the second half of his invention for free, building the largest
collection of faces ever assembled and distributing it across school websites,
club pages, and family feeds on every continent, so that anyone, anywhere, with
malice and a diffusion model can now play the information-designer. The archive
was built out of pride and love; it is still growing by the hour, and the only
question the world has left to settle is who will be permitted to compile it.

author avatar
Josh Weiner

Don't Miss