Generative AI has moved faster than many public-safety systems built to contain its misuse. While much of the global debate still focuses on productivity, creativity and economic opportunity, a new study in AI & Society warns that the same technologies are also reshaping one of the most sensitive areas of online harm: child sexual exploitation and abuse.
Based on interviews with seven UK law enforcement practitioners, the study argues that the danger is not limited to AI-generated illegal imagery. The deeper concern is that generative tools can support a wider chain of offending, from grooming and victim targeting to evasion, cross-platform coordination and the use of multiple tools together.
The paper, “Generative AI in child sexual exploitation and abuse: views from UK law enforcement,” by Cyndie Demeocq, Alex Taylor, Björn Ross and Ashleigh McFeeters of the University of Edinburgh, offers a rare frontline view of how law enforcement is encountering AI-enabled risks. It warns that current safety testing may not reflect how offenders actually misuse systems. In particular, the authors identify a “testing gap” between conventional AI safety evaluations and real-world patterns of misuse involving multi-turn interactions, prompt-chaining, offline models and system-of-systems workflows.
The Risk Is Bigger Than Harmful Images
The study notes recent evidence of AI-generated child sexual abuse material and cites an Internet Watch Foundation report of a 380 percent increase in reports containing AI-generated CSAM in 2024. However, the authors argue that focusing only on generated content underestimates the challenge. Generative AI can also reshape the process by which abuse is facilitated, organised, concealed and scaled.
Interviewed practitioners described a fast-changing landscape in which technology-facilitated offending “mutates” across platforms and tools. Their concerns included AI-assisted grooming and victim targeting, synthetic and manipulated image-based abuse, the combined use of language models and image generators, and locally run or offline models that are harder to detect. The study frames these patterns as “offence facilitation”: AI is not only producing harmful outputs, but enabling different stages of abuse-related behaviour.
The shift is significant for technology companies and regulators because many safeguards are still built around output control: does a model refuse a prohibited prompt, block a specific category of content, or stop a known harmful request? The study suggests that this is too narrow. Harm can emerge across a sequence of interactions and tools, even when no single isolated step captures the full risk. The authors argue that generative AI-enabled CSEA should be understood as a socio-technical process in which offenders combine technologies, social tactics and criminal intent.
The Testing Gap Is Now a Public-Safety Gap
The study explains the “testing gap.” Practitioners told the researchers that companies may not test systems in the way offenders would misuse them, partly because realistic testing itself can create legal and ethical risks. The authors describe this not merely as a technical failure, but as a criminological mismatch: AI systems may be evaluated through single prompts, while real-world misuse may unfold through multi-turn conversations, cross-tool workflows and evasion strategies.
The paper calls for safety evaluation that reflects interaction over time, including multi-turn testing, prompt-to-image workflows, evasion attempts, offline or edge deployment risks, and auditability that can support investigations and court processes.
The research received university ethics approval, transcripts were anonymised, and an external expert panel from organisations including the Internet Watch Foundation, INHOPE, Terre des Hommes and Ofcom reviewed the manuscript to avoid enabling new misuse. This controlled-disclosure approach is important because the same knowledge that helps improve safety testing could, if released carelessly, help offenders adapt.
Law Enforcement Cannot Carry the Burden Alone
The paper also makes clear that this is not a problem law enforcement can solve by itself. Practitioners described pressures around scale, technical complexity, data access, attribution and evidential integrity. They also discussed the need for tools that help triage large volumes of material and identify cases where action may lead to suspects, victims or prosecutable evidence. Yet the study’s broader point is that enforcement depends on an ecosystem: technology companies, regulators, researchers, child-safety organisations and international partners all hold pieces of the response.
The study highlights tensions around data access and privacy, with practitioners arguing that companies should have responsibilities when risks involve real children and serious crime. It also points to international coordination challenges. Online exploitation crosses borders, while legal definitions, investigative capacity and platform relationships differ sharply across jurisdictions. One participant contrasted better-resourced countries with developing economies where day-to-day governance and enforcement constraints may make child-safety responses harder to prioritise.
The study has wider development-policy relevance. AI governance is often treated as a matter for advanced economies and large technology firms, but online child protection is a global problem. Lower-capacity jurisdictions may face weaker forensic capability, limited specialist training, fragmented reporting channels and difficulty engaging with global platforms. If AI-facilitated abuse grows across borders, international cooperation cannot be limited to high-income countries. Capacity building, safe data-sharing frameworks, technical training and cross-border legal cooperation must become part of the AI safety agenda.
Regulation Must Catch the Workflow, Not Just the Output
The paper argues that emerging regulation must go beyond the criminalisation of AI-generated illegal content and the tools designed to produce it. The authors note that the UK Crime and Policing Act 2026 strengthens policy relevance by addressing child sexual abuse image generators, AI-generated CSAM and online activity intended to facilitate abuse. However, they caution that legislation should not be treated as the endpoint. The misuse patterns described by practitioners involve grooming, recruitment, prompt-chaining, evasion, local deployment and cross-platform behaviour, which means governance must cover facilitative and interactional harms as well as final outputs.
For technology companies, the implication is that child-safety evaluation cannot rely on generic red-teaming alone. The study calls for practitioner-informed, legally authorised and tightly controlled evaluation protocols. These should bring together law enforcement knowledge of offender behaviour, technical expertise on model vulnerabilities, regulatory oversight, and child-safety expertise on victim impact and safeguarding.
Policymakers should create safe-harbour mechanisms, regulatory sandboxes or authorised expert-led environments where high-risk systems can be tested realistically without exposing harmful material or methods. For regulators, the task is to require evidence of interaction-centred safety testing, not just static compliance claims. AI developers need to design systems with better logging, auditability, provenance tools, reporting channels and protections against cross-tool misuse.
The study has some limitations. It is based on interviews with seven UK-based law enforcement practitioners and should not be treated as representative of all enforcement perspectives. Its findings are shaped by the UK’s legal, institutional and operational context. The authors explicitly frame the work as agenda-setting rather than exhaustive. Despite the limitations, the study is valuable as it brings a rare practitioner insight into a debate that too often remains abstract, technical or platform-centred.
The future of responsible AI will not be judged only by whether models refuse the most obvious harmful requests. It will be judged by whether governments, companies and institutions can anticipate misuse before it scales, and whether child protection is built into AI governance as a core public-safety obligation rather than an afterthought.
————————————————
