Today, Bloomberg issued a jaw-dropping report about the hundreds of thousands of CyberTipline reports with a generative AI component that Amazon filed to the National Center for Missing and Exploited Children (NCMEC), which operates the tipline, in the first half of 2025. Ever since that number was first disclosed in the New York Times last July, I had been wondering what it meant.
The standardized CyberTipline reporting form, which is used to report child sex abuse material (CSAM) to NCMEC, contains a checkbox labeled "Generative AI." But what does it mean when an electronic service provider (ESP), such as a social media platform, cloud storage provider, or AI company, checks that box? It varies, as my colleagues and I found in the research report we published last May about AI-generated CSAM (AI-CSAM), based on interviews with respondents from AI companies, other ESPs, and NCMEC.
The NYT article came out shortly after our research report. It revealed that NCMEC had received "485,000 reports of A.I.-related CSAM" from ESPs in the first six months of 2025, of which a whopping 380,000 were from Amazon. (For comparison, in all of 2024, NCMEC had received a total of 67,000 AI-related reports.) I knew from my research that this didn't necessarily indicate 380,000 pieces of AI-generated CSAM, but the NYT article didn't specify what that number did mean. Neither did a blog post from NCMEC itself a couple months later about what it called the "alarming increase" in generative AI-related reports in the first part of 2025.
So I wondered and speculated: What the heck was going on at Amazon?!
I never imagined the truth that Bloomberg reported today: Every single one of Amazon's hundreds of thousands of reports flagged known CSAM – CSAM that Amazon had discovered by automatically scanning the training data for its AI models to detect hash matches to a database of known CSAM of real victims. According to Amazon, "None of its reports submitted to NCMEC were of AI-generated material." Zero. Out of 380,000. That is, of the nearly half-million reports to NCMEC in the first half of 2025 that had that "Generative AI" box checked, at least 78% did not involve any AI-generated CSAM at all.
That is not the impression you would get from reading that New York Times article, which stated, right in the headline, "A.I.-Generated Images of Child Sexual Abuse Are Flooding the Internet." And so a misunderstanding was born – one that's been perpetuated for months, until two Bloomberg reporters dug into that number and found out the truth.
Finally, I had my answer. And it so completely flabbergasted me that I wrote a very long email to my contacts at NCMEC, which I'm sharing here.
Today's bombshell report from Bloomberg demonstrates that NCMEC urgently needs to make changes to the CyberTipline reporting form so that there's not just one checkbox that says "Generative AI." This news shows definitively how ambiguous the meaning of checking that checkbox can be, as NCMEC told us when Shelby and I were researching our AI-CSAM report last year. What did it mean for Amazon to check that box 380,000 times in H1 2025? Nobody knew (outside of Amazon and maybe NCMEC), until this news article came out.
Consequently, for 6 months — ever since NCMEC released its H1 2025 numbers in the New York Times last July — the public has been under the impression that those 380,000 CyberTips from Amazon represented hundreds of thousands of pieces of AI-generated CSAM. The NYT article's very first words are "A new flood of child sexual abuse material created by artificial intelligence," and, later, it calls NCMEC's 485,000 number "an explosion of A.I.-produced child sexual abuse material." NCMEC's blog post last fall was more carefully worded than the NYT piece, yet nevertheless did not give any breakdown of what the numbers meant or at least explain that a report marked "Generative AI" can mean multiple things.
For half a year, "Massive Spike In AI-Generated CSAM" is the framing I've seen whenever news reports mention those H1 2025 numbers. Even the press release for a Senate bill about safeguarding AI models from being tainted with CSAM stated, "According to the National Center for Missing & Exploited Children, AI-generated material has proliferated at an alarming rate in the past year," citing the NYT article.
Now we find out from Bloomberg that zero of Amazon's reports involved AI-generated material; all 380,000 were hash hits to known CSAM. And we have Fallon [McNulty, executive director of the CyberTipline] confirming to Bloomberg that "with the exception of Amazon, the AI-related reports [NCMEC] received last year came in 'really, really small volumes.'"
That is an absolutely mindboggling misunderstanding for everyone — the general public, lawmakers, researchers like me, etc. — to labor under for so long. If Bloomberg hadn't dug into Amazon's numbers, it's not clear to me when, if ever, that misimpression would have been corrected.
Nobody benefits from being so egregiously misinformed. It isn't a basis for sound policymaking (or an accurate assessment of NCMEC's resource needs) if the true volume of AI-generated CSAM being reported is a mere fraction of what Congress and other regulators believe it is. It isn't good for Amazon if people mistakenly think the company's AI products are uniquely prone to generating CSAM compared with other options on the market (such as OpenAI, with its distant-second 75,000 reports during the same time period, per NYT). That impression also disserves users trying to pick safe, responsible AI tools to use; in actuality, per today's revelations about training data vetting, Amazon is indeed trying to safeguard its models against CSAM. I can certainly think of at least one other AI company that's been in the news a lot lately that seems to be acting far more carelessly.
I understand that you fault Amazon for swamping you with non-actionable reports, and I hope that publicly naming and shaming Amazon in Bloomberg will help un-stick whatever frustrating détente you must have encountered in the private discussions I assume you've had with them about their sudden flood of reports; maybe this bad press will induce them to reform their reporting practices. (If Amazon's spokesperson had graciously deigned to go on the record like Fallon did, I would have included them on this email, which you can feel free to forward to them if you like.)
Nevertheless. Even if Amazon's reporting practices leave something to be desired, NCMEC controls the design of the reporting form. The API documentation says that the Generative AI file annotation means "The file contains content that is believed to be Generative Artificial Intelligence." But NCMEC has known for at least a year (we interviewed NCMEC in early February 2025) that in practice, ESPs mean a range of things when they check that box. It is up to the ESP to clarify by giving additional information in the free text entry box — which they may not do when filing 380,000 (presumably largely automated) reports in 6 months.
When the meaning of checking a single checkbox is so ambiguous that absent additional information, reports of known CSAM found in AI training data are facially indistinguishable from reports of new AI-generated material (or of text-only prompts seeking CSAM, or of attempts to upload known CSAM as part of a prompt, etc.), and that ambiguity leads to a months-long massive public misunderstanding about the scale of the AI-CSAM problem, then it is clear that the CyberTipline reporting form itself needs to change — not just how one particular ESP fills it out.
A more granular, nuanced design for reporting generative AI issues might have let Amazon (and in turn NCMEC) provide a clearer picture from the start, which could have preempted months of misunderstanding and changed the course of public discussions about how to regulate AI for child safety.
It is up to NCMEC not only to take affirmative steps to correct the widespread confusion about the scale of AI-generated CSAM being reported to the CyberTipline, but also to update the reporting form to avoid similar misunderstandings in the future by making it easy and straightforward for ESPs to submit a clear, unambiguous account of the specific role played by AI in any given report.
That is easier said than done, to be sure. But after today's staggering Bloomberg news, it can no longer be avoided. Indeed, having seen for myself how responsive NCMEC is to emergent trends, I can only assume that reforms to the "Generative AI" component of the CyberTipline reporting form are already underway. I look forward to seeing the result, and I am happy to be of assistance however I can.
UPDATE 1/30/26: I got a prompt response from one of my NCMEC contacts, which made four main points: (1) NCMEC is indeed in an early stage of a multi-year tech modernization process for the CyberTipline API and reporting systems to “support more granular and clearer reporting,” but since (2) it’s almost entirely up to ESPs what information they choose to report (true!), that means (3) no matter how robust the API, the reports are only as good as the info ESPs elect to provide, and (4) all those Amazon reports included minimal data, not even the file in question or the hash value, much less other contextual information about where or how Amazon detected the matching file. (Big Steamed Ham vibes, with Amazon as Principal Skinner.) “They choose not to give detail,” NCMEC’s email to me said. (Note that the CyberTipline reporting API also doesn’t have a specific field for entering a PhotoDNA match ID, perceptual hash, etc.; hopefully that’s also part of the update roadmap, along with more granular AI options!)
The email also noted the Bloomberg article’s statement that “Amazon believes it over-reported these cases to NCMEC to avoid accidentally missing something,” quoting an Amazon spokesperson as saying, “We intentionally use an over-inclusive threshold for scanning, which yields a high percentage of false positives.” This false-positives revelation didn’t really make it into my original email, but it’s also astonishing: Not only did zero of those 380,000 Amazon reports involve AI-generated CSAM, it seems many of them didn’t involve CSAM at all. (When scanning files for CSAM, false matches can happen when the match threshold is set sufficiently low; at such high volume, Amazon’s reports were likely automated, without human review to catch false positives.) NCMEC said they only learned about this false-positives issue last week and are very frustrated by it.
Amazon certainly deserves a lot of the heat here. There’s no question about that. NCMEC absolutely should improve the design of the CyberTipline reporting form, but Amazon also shouldn’t knowingly flood NCMEC with hundreds of thousands of reports that are useless at best and false positives at worst.
Still, why wasn’t it clear way, way sooner what was going on? Here’s all Amazon needed to say, back when they began their training data vetting effort: “The high volume of automated reports we’ve been submitting lately are all from scanning AI training data for hash matches to known CSAM, with an over-inclusive threshold that we picked in the interest of caution but that’s probably meant plenty of false positives. To our knowledge, nothing we’ve reported is AI-generated material.” This is basic information that seems like it should have been known or knowable by Amazon, and thus shareable with NCMEC, from the very start. So why did it take so long for that information to come out, and why did it take a Bloomberg investigation to do it?
In all of 2024, Amazon AI Services (which has its own reporting flow to NCMEC and is broken out in NCMEC’s numbers from Amazon and Amazon Photos) filed 30,759 CyberTipline reports total. That is, on average, NCMEC went from receiving 84 reports per day to over 2,000 per day. Did NCMEC ever call up Amazon to ask why Amazon was suddenly submitting 25x more reports, and what those reports meant? Surely they must have had some talks about this, right? I said as much as the end of my TrustCon talk, which was attended by at least two NCMEC personnel, shortly after the NYT article came out last July: Amazon’s generative AI-related report numbers made it clearly an outlier, but as a big mainstream company, hopefully they’d be willing to come to the table with NCMEC to discuss whether its products were generating AI-CSAM and whether its CyberTipline reporting practices were feasible.
It seems like what we’ve got here is failure to communicate. But what kind of failure? Did NCMEC never ask Amazon what was up, despite suddenly getting flooded with reports that were apparently maddeningly thin on detail? Did NCMEC instead just assume — along with everyone else, from journalists to senators — that if the reports came from Amazon AI Services, they must be a massive spike in AI-CSAM (when in fact zero of it was AI-CSAM)? That seems unlikely. So, did NCMEC try to press Amazon? Did Amazon simply stonewall NCMEC’s inquiries? If they did, why would they tell a couple of journalists what they wouldn’t tell NCMEC itself?
Frankly, neither organization comes out smelling of roses here. Amazon looks irresponsible and heedless of the burden it’s been putting on NCMEC, and it’s embarrassing for NCMEC to have to admit, after so much hullabaloo since July, that there never was a massive increase in AI-CSAM. In reality, nearly 80% of all "Generative AI" CyberTipline reports to NCMEC in H1 2025 involved no AI-generated CSAM at all. But that’s also the silver lining: Amazon’s AI models apparently aren’t a CSAM generation machine after all, and in fact AI-generated CSAM reports are very low-volume. That’s really good news.
I hope that this Bloomberg exposé will cause both Amazon and NCMEC to wipe the egg off their face, take a long look at what’s not working — with their respective internal processes, and with the dynamic between them — and start making some positive changes.