How AI Built a Monetized Abuse Machine on Telegram: Nudifying Bots, Deepfakes, and Automated Archives

AI Forensics, a nonprofit research organization focused on AI system auditing, has published an investigation into a Telegram-based commercial ecosystem that uses AI tools to generate, distribute, and monetize non-consensual intimate imagery (NCII) at scale. The report documents not a collection of isolated bad actors but a structured commercial infrastructure with defined roles, automated pipelines, and customer support functions — an abuse economy that has industrialized what was previously a labor-intensive form of harassment.

The Architecture of the Ecosystem

The investigation found three distinct layers operating in concert. At the generation layer, automated bots accept image inputs — typically sourced from social media or provided directly by users — and return AI-processed outputs that remove or alter clothing. These bots operate via Telegram's native bot infrastructure, accept cryptocurrency payments, and offer tiered subscription models with varying output quality and volume allowances. At the distribution layer, curated channels aggregate generated imagery organized by victim type, operating on subscription or pay-per-view models. At the discovery layer, automated systems cross-reference social media profiles with content already in the ecosystem, enabling the targeting of individuals who have not yet been victimized.

The Automation Factor

The AI Forensics report emphasizes that automation is not incidental to this ecosystem — it is what makes it commercially viable and difficult to disrupt. Manual NCII creation is time-intensive and requires specific skills. Automated AI tools reduce the per-image cost to near-zero. The archive and automated redistribution systems mean that content removed from one location typically reappears in others within hours. Takedown requests addressed to individual channels do not address the underlying infrastructure, which means the standard content moderation playbook is structurally insufficient against this threat model.

Platform Accountability Questions

Telegram's response to NCII abuse has historically been slower and less comprehensive than other major platforms. The AI Forensics investigation was conducted by identifying and mapping publicly accessible or easily discovered channels and bots — suggesting that visibility is not the limiting factor for enforcement. The commercial infrastructure documented in the report — payment processing, subscription management, customer support — represents organizational sophistication that makes the "we remove content when reported" approach inadequate. The report argues that meaningfully addressing the ecosystem requires collaboration between Telegram, AI tool providers, and payment processors — an accountability chain that does not currently function as a coherent whole.