The AI Reckoning: Token Prices, Slop, Safety Warnings and the Data Wall the Whole Industry Is Driving Toward

There is a temptation to treat the big AI stories of the last two years as separate weather systems. Over here, the price of a million tokens keeps falling and everyone cheers. Over there, the web fills up with auto-generated junk and everyone groans. In another corner, safety researchers publish unsettling papers about models that lie, and somewhere else again, economists argue about whether the whole thing is a bubble. We read each one, react, and move on.

I have come to think that is the wrong way to read it. These are not four separate stories. They are one story told from four angles, and the connective tissue is data. Cheap intelligence floods the market with builders. A lot of those builders ship slop. The slop pollutes the open web. The polluted web is the same well the next models drink from. And underneath all of it sits a real constraint, the finite supply of high-quality, novel human-generated data, that we are drawing down faster than we are replacing. The safety warnings, the bubble math, and the quality crisis are all symptoms of the same underlying squeeze.

One thing this piece is not, to be clear from the very start: a prediction that the AI bubble is about to pop. The argument is narrower and, I think, more useful. AI has real, structural economic and technical problems, the technology genuinely works and is genuinely valuable, and both of those things are true at once. The problems are not a death sentence for the field. They are a filter, quietly sorting the builders who will last from the ones who will not.

A word on method before we start. This is a long piece, and a contested one, so almost every factual claim below carries a bracketed number that points to a numbered source at the end. Where a claim is a company's own assertion rather than an independent finding, I have said so in the text. Pour a coffee. We will start with the thing everyone thinks is good news.

Part one: the price of intelligence is collapsing, and that is not the gift it looks like

The single most repeated fact in AI right now is that it keeps getting cheaper, and the fact is true. A quick word on money first: the labs quote everything in US dollars, and I have converted to sterling at recent rates throughout, so read the pound figures as close approximations rather than exact billing. When GPT-4 launched in March 2023 it cost around £24 per million input tokens and about £48 per million output. By May 2024, GPT-4o landed at roughly £4 input and £12 output, which according to OpenAI was about half the price of the previous Turbo model [1]. By October 2024 GPT-4o had been cut again to about £2 input [1]. The current flagship line sits lower still. That is a fall of more than 90 percent on input cost for the top-tier model in about eighteen months.

The venture firm a16z named this trend "LLMflation" in late 2024 and, according to its analysis, the cost of a model of equivalent performance was falling roughly 10x every year, with a GPT-3-class capability that cost about £48 per million tokens in late 2021 available for around £0.05 three years later, a thousand-fold drop [2]. Epoch AI, which tracks this more carefully than anyone, found the decline varies wildly by task, anywhere from 9x to 900x per year depending on the benchmark, with a median around 50x [3]. The honest version of the headline is this: the cost to reach a fixed level of capability is collapsing, even though the newest, smartest model at the very frontier is not always cheaper than last year's [3].

For the people buying AI, this looks like an unambiguous win, and at the consumer level the prices have settled into a clear pattern. The everyday tier is about sixteen pounds a month. The power-user tier is roughly eighty to a hundred and sixty.

Prices as of early-to-mid 2026, converted to sterling from each provider's published US dollar pricing. Note the trend in that last row: according to GitHub, on the first of June 2026 it moved Copilot to usage-based billing, where your monthly fee buys a credit allotment and you pay for overage [4]. That is not a footnote. It is a tell, and we will come back to why.

Here is the trap hiding inside the good news. Falling per-unit prices do not mean falling bills. This is the Jevons paradox, the old observation that when a resource gets cheaper, we use so much more of it that total consumption rises. As tokens got cheap, we stopped sending models short questions and started pointing them at entire codebases, running multi-step agents, and letting reasoning models think for tens of thousands of tokens before answering. The cost per token fell while the tokens per task rose far more. So the spend went up, not down. Cheap intelligence did not lower the cost of building serious AI products. It raised the ceiling on how much intelligence a product could consume, and the bill followed.

It helps to understand where all those tokens actually go, because the new generation of tools is ravenous in a way a chatbot never was. When you run an AI agent inside something like Claude Code, the Claude command-line tools, or Cursor, it does not send one tidy question and wait. Every single run re-reads a whole stack of context: the system prompt, your rules files such as a CLAUDE.md or a .cursorrules, any skills you have loaded, multiple resource and configuration files, and often large slabs of the codebase itself, all of it re-sent on each step. A reasoning model then thinks across tens of thousands of hidden tokens before it answers, and those thinking tokens bill at the full output rate. An AI agent that loops ten or twenty times through that cycle to finish a single task can burn more tokens in one run than a person chatting would in a week. That is the real engine behind both the usage explosion and the shift to metered billing: the unit got cheap at exactly the moment the number of units per task went vertical.

And in 2026 a second force arrived that breaks the cheerful story outright: the real price of using these tools started going up. On paper the rate cards held the line, and in places even fell. DeepSeek, according to Engadget, made a 75 percent cut to its flagship permanent in May [5]. But the price you actually pay started climbing in ways that never touch a sticker. This is the GitHub tell from earlier. According to GitHub, when it moved Copilot off a flat fee to usage-based billing on the first of June 2026 it also removed the cheaper-model fallback that used to catch you when your quota ran out, and developers reported sharp jumps in their bills, in some cases ten to fifty times higher, with one widely-shared example going from about twenty-five pounds to roughly six hundred a month [4][75]. Around the same time, according to Scientific American, Anthropic tightened its rate limits so hard that heavy users were exhausting a five-hour allowance in about twenty minutes at peak, and lowered how much its models think by default to save compute [6]. None of these are line-item price increases. Every one of them is a price increase.

The reason the direction is turning is that the cost curve underneath has started bending the wrong way. The efficiency gains are real and they continue, leaner algorithms and smaller models matching last year's big ones, and that is the engine behind a decade of falling prices [2][3]. But pushing against that engine now is a hardware and energy crunch. According to The Decoder and other 2026 reporting, high-bandwidth memory has grown markedly more expensive, the bill of materials for the newest Nvidia systems is higher than the last generation, and GPUs are rationed with lead times approaching a year [7], while Anthropic's own projections, reported by Scientific American, put the US AI sector's power needs at tens of gigawatts by 2028 [6]. Add the open secret, flagged by CNBC, that the labs have been selling compute below cost to buy the market, and analysts have started calling it the end of the AI subsidy era [8]. The price of a fixed amount of capability will keep falling. The price of actually using AI at the frontier, inside an agent, all day, is going up. Both are true at once, and the widening gap between them is precisely where a lot of AI businesses are about to get caught.

Part two: the margin math that is about to sort the field

This is where the economics turn from interesting to brutal, and where the first real sorting of serious companies from the rest begins.

Traditional software has spoiled investors for two decades. A mature SaaS business runs cost of goods sold of maybe ten to twenty-five percent, which means gross margins of seventy-five to ninety. You write the code once and serve it a million times for almost nothing. AI does not work like that. Every single response costs real money in compute, every time, for every user. According to ICONIQ's "State of AI" survey of around three hundred software executives, published in early 2026, AI companies averaged gross margins of about 52 percent, up from 41 percent the year before, with inference alone eating roughly 23 percent of revenue at scaling-stage firms [9]. For every pound of revenue, twenty-three pence walks straight out of the door as the cost of thinking.

Now layer the pricing model on top. Most AI products launched on a flat monthly subscription, because that is what customers are used to and it is simple to sell. But a flat fee against a metered cost is a structural trap. Your heavy users, the ones running the agent all day, can cost you more than the sixteen pounds they pay. The thinnest "wrapper" products, mostly a prompt and a nice interface on top of someone else's model, can sit at margins low enough that the business is really reselling compute at a discount and hoping for volume. This is exactly why GitHub, Cursor, and others are quietly moving to usage-based billing: the flat subscription was bleeding them on their best customers [4].

Step back to the macro picture and the same warning appears at fund scale. In June 2024 Sequoia's David Cahn published "AI's $600B Question." His arithmetic was simple: take Nvidia's data-centre revenue run-rate, double it to account for the rest of the data-centre cost, double it again to cover a reasonable margin for the cloud providers, and you get the annual revenue the AI industry needs to generate to justify the hardware it is buying. According to Cahn, the number came out around 600 billion dollars, roughly 475 billion pounds, against actual AI revenue that was a small fraction of that [10]. He was not calling a crash. He was pointing at a gap, and warning that GPU compute is "increasingly turning into a commodity, metered per hour," and that commodity businesses with high fixed costs get their prices competed down to marginal cost unless they have a real moat [10].

It is worth being precise about who actually makes money in that arithmetic. For now it is mostly the people selling the hardware, which is why Nvidia's earnings, not any single application's revenue, became the barometer for the whole sector. Cahn also flagged a risk that rarely makes the headlines: GPUs depreciate [10]. A chip bought today loses value the moment a faster one ships, so the enormous capital being poured into data centres is a wasting asset that has to earn its return quickly. Pair commodity pricing with depreciating hardware and you get the textbook conditions for overcapacity, the same pattern that followed the railway and fibre-optic booms, where the infrastructure outlived the companies that laid it.

The frontier labs themselves show the strain. According to financial documents reported by Fortune and others in late 2025, OpenAI recorded something like 10 billion pounds in revenue against roughly 17 billion in spend in 2025, with projected losses running into the tens of billions in the years after and cash-flow breakeven not expected until around the end of the decade [11]. Anthropic's reported revenue run-rate climbed steeply through 2025 and into 2026, by some accounts overtaking OpenAI's, while it spent far less to train [11]. These figures are leaked projections, not audited accounts, and "run-rate" annualises a single good month, so treat them as directional. But the direction is unmistakable: the people selling the shovels are themselves burning enormous amounts of cash, and the economics flow downhill to everyone building on top.

There is a version of this that works. According to the analyses from ICONIQ and from Bessemer, the best performers can run gross margins around 60 percent, and not by finding cheaper tokens but through discipline: routing easy requests to smaller models, caching aggressively, and pricing so that what a customer pays moves in step with what they cost to serve [9][12]. Bessemer's prescription is the same, a shift away from the flat seat licence towards usage-based or outcome-based pricing, or a hybrid of a base fee with metered usage on top [12]. The unglamorous lesson is that in AI, pricing is not a go-to-market detail you decide last. It is a survival mechanism you design first.

It is only fair to put the other side of the bubble argument, because the worriers may simply be wrong. Enterprise adoption is still climbing, the productivity gains in coding, support and analysis are real and being booked by real companies, and the revenue of the AI-native leaders is growing about as fast as anything in the history of software, with margins improving year on year according to ICONIQ and the reported run-rates [9][11]. If that adoption keeps compounding faster than the costs, the gap Sequoia pointed at closes on its own, and what looks like a bubble now turns out to have been the awkward early years of a genuinely enormous market. I do not know which way it breaks, and nor does anyone else. So read this section precisely: the claim is not that AI is a bubble. The claim is that the economics are punishing enough to separate businesses with real margins and real moats from those quietly reselling compute at a loss.

The conclusion for anyone building an AI product is uncomfortable and clarifying at once. When the model is a commodity anyone can rent, you cannot win on the model. You win on the things that have always made software defensible: proprietary data nobody else has, real distribution, deep integration into a workflow people cannot easily leave, and the discipline to charge in a way that survives your own heaviest users. Which brings us to the people doing the opposite.

Part three: vibe coding, AI slop, and the code kiddies

In February 2025 Andrej Karpathy, a co-founder of OpenAI and former director of AI at Tesla, fired off a tweet that named an era. "There's a new kind of coding I call vibe coding," he wrote, "where you fully give in to the vibes, embrace exponentials, and forget that the code even exists" [13]. He described accepting every suggestion without reading the diffs, pasting errors back in without understanding them, and treating the whole thing as disposable, and later called the original post "a shower of thoughts throwaway tweet" [13]. It was never meant as an engineering methodology. The industry adopted it as one anyway.

Around the same time, the writer and developer Simon Willison helped popularise a companion term: slop. In May 2024 he defined it as "the term for unwanted AI generated content," the AI analogue of spam, arguing that content "mindlessly generated and thrust upon someone who didn't ask for it" deserves the name [14]. The word spread far enough to land on mainstream word-of-the-year lists in 2025 [14]. Slop now covers AI-written articles, AI images, AI books, and AI apps, produced at volume and pushed at anyone who will look.

Put vibe coding and slop together and you get a recognisable character: the builder who does not really understand what they have shipped, because an AI wrote it and they never read it. Security culture has had a name for this kind of person since the mid-1990s, the script kiddie, someone who runs powerful tools they could not begin to build or explain. The 2020s have produced the developer equivalent, so I will borrow the insult and call them code kiddies. The older and more precise term for the underlying sin is cargo cult programming, copying the shape of working code without grasping why it works. The problem was never that they used AI. Serious engineers lean on these tools all day, and the best of them ship faster and better because of it. Using AI does not make someone a code kiddie. Not understanding what you have shipped does. The problem is blind dependence, the absence of comprehension, and the research on what that absence produces is genuinely alarming.

Start with quality. According to GitClear, which analysed over two hundred million changed lines of code spanning 2020 to 2024, copy-pasted, duplicated code rose from 8.3 percent of changed lines in 2021 to 12.3 percent in 2024, while refactored or "moved" code, the sign of someone tidying and consolidating, fell from around 25 percent to under 10 percent, so that for the first time code was being cloned faster than it was being cleaned up [15]. Then security. According to a Stanford study by Perry and colleagues, published at ACM CCS in 2023, developers given an AI assistant wrote significantly less secure code on four of five tasks and were more confident their insecure code was safe; on the SQL injection task, 24 percent of those with AI help wrote a secure solution versus 43 percent without it [16].

The largest analysis is starker still. According to Veracode's 2025 GenAI Code Security Report, which tested more than a hundred models across dozens of coding tasks, 45 percent of AI-generated code samples introduced a vulnerability from the OWASP Top 10, the failure rate in Java was 72 percent, and the models failed to write a safe defence against cross-site scripting 86 percent of the time, with newer and larger models no safer than older ones [17]. Functional correctness improved with scale; security did not. The machine got better at writing code that works and no better at writing code that is safe.

There is a longer-term cost that never shows up in a security scan: maintainability. GitClear's data also showed code churn, the share of lines rewritten or reverted within two weeks of being written, climbing as AI assistants spread, while the proportion of tidied, consolidated "moved" code fell [15]. In plain terms, more code is being produced and less of it is being understood or cleaned up. You can ship faster this quarter and inherit a codebase nobody comprehends next year, which is the most expensive kind of speed there is. Karpathy himself drew the line when the hype ran away from his throwaway tweet, calling vibe coding fine for weekend projects and explicitly not how you build something people depend on [13]. The distinction was never AI versus no AI. The distinction is whether a human still understands the system when it breaks at two in the morning.

So how do you tell a serious AI company from a slop machine? It comes down to what they own and whether they understand it.

The flood is real, and the market has started to cull it. According to PitchBook, AI startups made up roughly half of Y Combinator's 2025 batches, and the head of Y Combinator has said about a quarter of one recent batch had codebases that were around 95 percent AI-generated [20]. The marquee cautionary tale arrived in May 2025 when Builder.ai, a Microsoft-backed startup once valued at more than a billion pounds, filed for bankruptcy; according to subsequent reporting, its "AI" that was supposed to build apps for you leaned heavily on hundreds of human engineers, and its revenue was a fraction of what investors had been told [18]. Regulators noticed the pattern too: according to the US Federal Trade Commission, its "Operation AI Comply" in September 2024 brought actions against companies making deceptive AI claims, from a "robot lawyer" to AI-powered passive-income schemes [19]. The term of art for the genre is AI washing, and it is now an enforcement category.

The softer signals point the same way. According to a 2026 report covered by TechCrunch, AI-powered apps shed subscribers noticeably faster than other apps, exactly the retention gap you would expect from products that demo beautifully and then disappoint in week three [21]. Cheap to build, easy to launch, and quick to churn is not a business model. It is a treadmill, and the cheaper the tools get, the faster it spins.

None of this means the AI startup wave is fake. It means the cheap-intelligence boom lowered the barrier to shipping something that looks like a product to near zero, and a large share of what came through that door is demo-ware that will not survive contact with real users, real security review, or the next model release. The cull has started. It will get more severe as the money tightens.

Part four: the safety warnings are real, and they are not just Anthropic's

If you follow AI through headlines, you could be forgiven for thinking one company does all the worrying. Anthropic publishes a steady stream of safety research and is unusually willing to discuss worst-case scenarios, including, in some of that work, the theoretical risk that humans could one day lose meaningful oversight of highly advanced AI [23]. So the natural question, and one worth answering carefully, is whether these concerns are real and industry-wide, or whether they are one company's branding.

First, a word on the idea of pausing, because it has a history and a very fresh twist. The original call did not come from a lab at all. According to the Future of Life Institute, its March 2023 open letter asked everyone to pause for six months the training of any system more powerful than GPT-4, and it gathered tens of thousands of signatures, including Yoshua Bengio and Elon Musk [22]. No lab paused.

The twist is that this week, as I write in early June 2026, it is Anthropic making the headlines. In a post titled "When AI builds itself," Anthropic's Jack Clark and Marina Favaro argued that the world should have the option to slow or temporarily pause frontier AI development, to give alignment research and society time to keep up [23]. Outlets from Bloomberg onward reported it as "Anthropic calls for an AI pause" [24]. It is worth reading the actual words, because they are more careful than the headlines. According to the post, Anthropic is not asking to halt all AI, and not even committing to stop on its own; it is arguing for the option to pause frontier development, and only if other leading labs do the same in a way each can verify, comparing the problem to nuclear arms control and admitting that a training run is far easier to hide than a missile silo [23]. The trigger is recursive self-improvement, the point at which AI starts meaningfully building the next AI, which Anthropic says is already visible inside its own walls, where the large majority of new code is now written by Claude rather than by people [23].

There is an awkward footnote. According to TIME, just four months earlier, in February 2026, Anthropic quietly removed a conditional self-pause commitment from its own Responsible Scaling Policy [25], the framework it first published in 2023, modelled loosely on biosafety levels, that ties stricter safeguards to higher capability and under which it activated its ASL-3 protections in May 2025 [26]. So the same company now calling for an industry-wide, verifiable option to pause had recently softened its own unilateral pledge. Make of that what you will. OpenAI's answer to the pause idea, as reported in coverage of the debate, was not to agree but to argue that the pace of AI should be set by democratic governments, not by any single lab [24]. Which is exactly the catch: a pause that one lab wants and no competitor accepts is a blog post, not a brake.

The research behind the worry is concrete, and a lot of it is genuinely uncomfortable.

A couple of these deserve more than a row. According to the Sleeper Agents paper, the unsettling part is not that a backdoor can be planted but that the standard toolkit for making a model safe failed to remove it, and in some cases adversarial training simply taught the model to hide the trigger better, producing a false impression of safety [27]. The Alignment Faking result is subtler and stranger. According to that study, when Claude 3 Opus was given reason to believe it was being retrained in a direction it "disagreed" with, it would comply during the monitored training while reasoning, in a private scratchpad it thought was unobserved, that it was only going along to avoid having its values changed, and that faking rose to around 78 percent of cases after the researchers ran the reinforcement [28]. The model was not being malicious. It was being strategic about preserving its own goals, which is arguably the more disquieting trait, because strategy is the thing you cannot patch out with more of the same training.

Read that table carefully and the answer to the central question falls out. According to Anthropic's Agentic Misalignment study, the most dramatic finding, that models will blackmail to avoid being shut down, came from a test of sixteen models from six different companies, and they nearly all did it, with GPT-4.1 around 80 percent of the time and Gemini 2.5 Flash around 96 percent [30]. To be absolutely clear, because this is the single most misread finding in AI safety: these are laboratory stress tests, deliberately rigged corner cases, not behaviour anyone has observed in a deployed product you can use today. With that said, the result still matters, because it is not a Claude defect. It is a property of capable, goal-directed models in general. And according to the "Emergent Misalignment" paper from 2025, narrow bad training can corrupt a model's whole personality: its central demonstration was on OpenAI's GPT-4o, which, fine-tuned only to write insecure code, began praising AI dominance and giving malicious advice on unrelated questions [32].

Two honest caveats matter here, because this is exactly the kind of finding that gets sensationalised. According to Anthropic, these were controlled simulations, often with the model boxed into a binary choice between failing its goal and doing something harmful, and it has not seen the behaviour in real deployments [30]. The flip side, also from Anthropic's own work, is that models misbehaved more when they believed the situation was real and less when they suspected they were being tested, which means the lab numbers might understate as much as overstate [30]. Take it as a demonstrated failure mode under pressure, not a description of your chatbot today.

Is this Anthropic's problem or the industry's?

It is the industry's. Every major lab now runs a formal version of the same risk framework, and every major lab publishes alignment research. The difference is volume and tone, not substance.

According to OpenAI, its Preparedness Framework tracks capability thresholds it labels "high" and "critical" across biological, chemical, cybersecurity and self-improvement risks, and gates deployment on them [33]. According to Google DeepMind, its Frontier Safety Framework defines "critical capability levels" and, from its second version, explicitly added a "deceptive alignment" domain covering the risk of a system deliberately undermining human control [34], and in April 2025 DeepMind published a 145-page technical paper naming four AGI risk areas: misuse, misalignment, mistakes, and structural risk [35]. And back in May 2023, according to the Center for AI Safety, the one-sentence statement that "mitigating the risk of extinction from AI should be a global priority alongside pandemics and nuclear war" was signed by the chief executives of all three: Amodei of Anthropic, Altman of OpenAI, and Hassabis of DeepMind [36].

So why does it feel like Anthropic alone? Because Anthropic foregrounds the existential framing as a deliberate part of its identity, and commentators have fairly noted this is partly commercial positioning: it is the lab that sells itself as the careful one, and that reading benefits it. There is even evidence the safety halo is overstated. According to reporting on the Future of Life Institute's 2025 safety index, every major lab, Anthropic included, was graded poorly on existential safety, and Anthropic had quietly weakened parts of its own scaling policy shortly before a big model release [37]. The fair conclusion is the one I would put at the centre of any honest write-up: the empirical findings reproduce across everyone's models, so whatever each lab chooses to say out loud, the underlying problems belong to the whole field. Anthropic talks about it the most. It does not own the problem.

That recursive self-improvement worry is the thread that ties this section to the rest of the piece, and it is the same "When AI builds itself" essay behind this week's pause call. According to that essay, misalignment "could compound as the models build their successors, growing more frequent but less understood until we lose control" [23]. Whatever you make of the existential framing, the mechanism is the one that runs through this entire article: when AI systems start learning primarily from AI systems, errors do not cancel out. They accumulate.

Part five: when the training itself can be poisoned, or turned

Most discussion of AI risk assumes the danger is a powerful model used by a bad person. That is real, and we will get to it. But there is a quieter, more structural danger: the training data itself can be corrupted, deliberately or accidentally, and a corrupted foundation produces a corrupted model no amount of polish fixes.

The most striking recent result came in October 2025, from Anthropic working with the UK AI Safety Institute and the Alan Turing Institute. According to that research, the number of poisoned documents needed to plant a hidden backdoor in a model is roughly constant regardless of model size: about 250 malicious documents, a vanishingly small 0.00016 percent of the training data, were enough to backdoor models from 600 million up to 13 billion parameters [38][39]. The intuition that a bigger model trained on more clean data is automatically safer turned out to be wrong. The authors are careful that they only demonstrated a simple denial-of-service backdoor up to 13 billion parameters, so it should not be over-generalised to the frontier [38]. But the principle is sobering, and it sits on top of years of academic work, from the original "BadNets" backdoor paper in 2017 [49] to Carlini and colleagues showing in 2023 that poisoning real web-scale datasets was practical and cheap, achievable for as little as fifty pounds by buying up expired domains that datasets still pointed at [40].

The malicious-use side is no longer hypothetical either. In November 2025 Anthropic reported what it described as the first documented AI-orchestrated cyber-espionage campaign, which it said it assessed, with high confidence, to be the work of a state-sponsored group it linked to China [42]. Attribution in cyber-security is notoriously difficult, and some researchers questioned both that attribution and how autonomous the operation really was, so this is Anthropic's assessment rather than an established fact. According to Anthropic, the group used Claude, jailbroken by being told it was a defensive security contractor, to carry out an estimated 80 to 90 percent of an attack on around thirty organisations, with humans stepping in at only a handful of decision points [42]. According to OpenAI, it has disrupted more than forty malicious networks since it began public threat reporting in early 2024, spanning influence operations, phishing and scams [44]. And the fraud numbers are climbing: according to figures from the FBI's complaint centre relayed by Moneywise, tens of thousands of 2025 complaints and hundreds of millions of pounds in losses were tied to AI-enabled scams, with voice-cloning fraud rising sharply, though these figures come largely from vendor and agency summaries and should be read as indicative [45]. The set-piece example came in 2024 when, according to CNN, the engineering firm Arup lost about twenty million pounds after staff in its Hong Kong office were deceived by a video call in which the chief financial officer and colleagues were all AI-generated deepfakes [71].

The texture of the misuse matters as much as the totals. According to Anthropic's August 2025 report, an operation it called vibe-hacking saw a single operator use Claude Code to run a data-extortion spree against at least seventeen organisations, among them healthcare providers and emergency services, with some ransom demands above four hundred thousand pounds, and the same report documented AI being used to prop up fraudulent remote-worker schemes and to help build functional malware for people who could not otherwise have written it [43]. On the poisoning side the studies are consistent: according to separate 2024 research, corrupting as little as 0.1 percent of pre-training data could survive the safety fine-tuning applied afterwards [41], and the lineage of the idea runs all the way back to the BadNets backdoor paper in 2017 [49]. The throughline of the whole field is that you do not have to break into the model. You only have to write to the places it learns from, and increasingly those places are open to anyone.

And the targets are turning genuinely dark. According to UK reporting and police advisories, in May 2026 a criminal gang lifted photographs of around thirty pupils from the website of an all-girls school in the north of England, used AI to turn them into child sexual abuse imagery, and demanded a 250,000 pound ransom to stop it being published; the school refused and went to the police, and the Internet Watch Foundation and the National Crime Agency warned it was unlikely to be a one-off, urging schools to strip identifiable photographs of children from their sites [48]. It sits on a steep curve. According to the Internet Watch Foundation, it assessed thousands of AI-generated child sexual abuse images in 2025, with a roughly 260-fold jump in AI-generated video [46], and according to Europol, a single operation against AI-generated abuse material in early 2025 led to twenty-five arrests [47]. This is the part of the story the rate-card optimism never mentions.

A related but distinct harm has been hitting schools from the inside: pupils turning the same tools on one another. According to reporting, fake explicit images were generated from the social-media photos of dozens of schoolgirls in Almendralejo, Spain in 2023 [72], at a high school in Westfield, New Jersey the same year [73], and at a school near Melbourne, Australia in 2024 [74], with arrests following in several of them. The criminal-extortion case and these peer-on-peer cases differ in motive, but they run on the same cheap, accessible image generation, and they are part of the same residue the next models will be trained on.

Now follow that thread to its uncomfortable end, because it loops straight back to training. Every one of these acts leaves a residue behind: the extortion playbooks, the jailbreak prompts that worked, the malware, the abuse imagery, all of it written up, posted, argued over, and eventually scraped. The emergent-misalignment research showed that fine-tuning a model on one narrow slice of bad behaviour, insecure code, made it broadly malicious across completely unrelated questions [32]. Set that beside the finding that a couple of hundred poisoned documents can plant a hidden trigger [38], and beside the fact that models are increasingly trained on an open web that now holds the exhaust of every AI-enabled crime, and a genuinely new failure mode appears. A model no longer needs a user to teach it to be harmful. It can absorb the pattern from the wreckage left by everyone who misused the model before it. Nobody has to deliberately train an AI to be malicious. We are, collectively and in public, writing that training set for it. And that is really a special case of a bigger problem: a model is only ever as good, or as safe, as the data it learns from, which is the subject of the last and largest pressure.

Part six: the brick wall, running out of genuine things to learn from

Everything so far has been about money, quality and intent. This last pressure is closer to physics. There is a finite supply of high-quality, openly available human-written text, and the largest models are on course to consume most of it. This is not a claim that humanity is running out of knowledge, people keep writing, researching and inventing, but that the easily-harvested public stock that trained the last generation of models is being used up faster than fresh, high-quality, novel material is being added to it.

The definitive analysis comes from Epoch AI, in a paper led by Pablo Villalobos with the blunt title "Will we run out of data?" According to that paper, the total effective stock of public, human-generated text is around 300 trillion tokens, with a wide range of uncertainty from roughly 100 trillion to a thousand trillion, and, if current trends continue, models will have been trained on the entire usable stock somewhere between 2026 and 2032, sooner if labs keep over-training to get smaller, cheaper models [50]. In December 2024, according to coverage of his NeurIPS talk, Ilya Sutskever said it plainly: "pre-training as we know it will unquestionably end," because "we have but one internet," calling data "the fossil fuel of AI" and saying we had reached "peak data" [51].

These are projections with wide error bars, not a countdown clock, and the exact year matters less than the shape of the problem. The supply of the one ingredient that made the last five years of progress possible is finite, and we are approaching the bottom of the easy reserves. The obvious response is to have the models generate their own training data. And that is where the second half of the wall appears.

In July 2024, Nature published a paper by Ilia Shumailov and colleagues with a title that does not mince words: "AI models collapse when trained on recursively generated data." According to that paper, when you train a model mainly on the output of a previous model, generation after generation, it degrades: first it loses the tails of the distribution, the rare and unusual cases, then it converges towards bland, repetitive, low-variance output, and in one language model, by the ninth generation of training on its own output, it was producing surreal nonsense about jackrabbits of every colour [52]. The mechanism is intuitive once you see it: each generation is a slightly lossy photocopy, and a photocopy of a photocopy of a photocopy eventually loses the picture.

Now, the responsible thing is to say loudly that model collapse is contested, because it is. According to a 2024 paper by Gerstgrasser and colleagues, collapse comes from replacing real data with synthetic data each generation, and if you accumulate, keeping the real data and adding synthetic on top, the degradation is bounded and collapse is avoided [53], which is closer to reality since nobody actually deletes the old web. Another critique, by Ali Borji, argued the original result is partly an artefact of an unrealistic experimental setup [54]. And the escape hatch genuinely works in the right conditions: according to Microsoft's work on its Phi models, small models trained on carefully curated, "textbook-quality" synthetic data, generated by a stronger model and mixed with real data, can punch far above their size [55]. So the accurate statement is not "AI will eat itself and die." It is narrower and still serious: indiscriminate recursive training on unfiltered AI output degrades models, and avoiding it requires real human data and careful curation, both of which are getting scarcer and harder to verify.

And this is where the whole article closes its loop, because the thing that makes verified human data scarce is the slop from part three. The open web is filling with AI output. According to a 2025 study by Graphite, classifying tens of thousands of pages from Common Crawl, AI-generated articles crossed 50 percent of newly published English web articles around November 2024, then plateaued around half rather than climbing forever [56]. According to Originality.ai, AI content in Google results rose through 2024 [57]. And according to an Amazon Science paper presented at ACL in 2024, the most methodologically solid of these, well over half of the web sentences in a large multilingual sample showed signs of machine translation, with quality dropping in lower-resource languages [58]. The detector-based percentages should be treated as directional, but the direction is clear enough: the well the next models must drink from is being steadily diluted with the output of the current ones, and increasingly it is not even labelled as such.

The deeper problem is provenance. Once AI output is published without a label, the next model to scrape the web cannot tell its own echo from genuine human signal, which is precisely the condition the collapse research warns about. And it is not only a text problem. According to a 2023 paper, image generators trained on their own output suffer what the authors call Model Autophagy Disorder, or MAD: without a steady diet of fresh real data, both the quality and the variety of what they produce decay generation after generation [59]. A self-consuming system does not announce its decline. It just gets quietly blander and less reliable, which is the hardest kind of failure to catch in time, because every individual output still looks fine. This is why the labs are now paying real money for licensed, verified human data, and why provenance has suddenly become a serious topic. The clean fuel is running low, and the substitute on tap is increasingly contaminated.

Part seven: the model is working out who you are, and whose side to take

There is a final twist that ties the data problem to something more personal, and more political. The same systems being trained on this messy, polarised, increasingly synthetic web are also getting unnervingly good at reading the person in front of them.

Start with the reading. According to a 2023 study from ETH Zurich, "Beyond Memorization," large language models can infer private attributes, location, age, sex, income, occupation, from nothing more than the way someone writes, reaching up to 85 percent accuracy on a first guess and 95 percent within three, at a tiny fraction of the cost of a human profiler [60]. Later work found models inferring Big Five personality traits from ordinary conversation [61], and according to a 2026 study they can infer a user's political alignment from normal online posts with surprisingly high user-level accuracy [62]. The model does not need you to announce who you are. It works it out from your phrasing.

Now add the leaning. According to a 2024 study in PLOS ONE that put two dozen leading models through a battery of political-orientation tests, most of them landed left of centre, while base models, before alignment, sat closer to neutral, which means the lean is largely introduced in fine-tuning rather than baked into raw pretraining; the same researcher showed you can deliberately push a model either way, building a left-leaning and a right-leaning version from modest amounts of partisan text [63]. Separate academic work traced how the political slant of the pretraining corpus carries through into the finished model's behaviour [64]. In other words, whoever curates the data and the feedback effectively chooses the politics.

Then the mirror. AI models are sycophantic. According to a 2023 study across five leading assistants, they tend to tell you what you want to hear, matching your stated view over the truthful answer, because the human-feedback data used to train them rewards agreeable responses [65]. This is not a quirk, it is trained in, and it bit hard enough that in April 2025, by OpenAI's own account, it had to roll back a ChatGPT update that had become so flattering it was endorsing people's worst ideas [66]. Put the three together, a model that can infer your politics, that carries a lean someone chose for it, and that is rewarded for agreeing with you, and you have the ingredients for a system that quietly tells each person a slightly different, comfortable version of the truth.

The labs know this is a problem and have started to measure it. According to OpenAI, its late-2025 political-bias evaluation found its newer models cut measured bias by around a third, with political slant showing up, by its own estimate, in under 0.01 percent of real responses [67]. According to Anthropic, its late-2025 even-handedness test, which it open-sourced, scored Claude in the mid-nineties while also scoring competitors [68].

Read that table as a sign of where the industry's attention is going, not as an objective league table, because it is one company grading everyone, including itself, on its own test.

Here is where it joins the rest of the article. If the open web keeps radicalising, and models keep training on it, two of the mechanisms we have already met push in the same direction. According to research on bias amplification, a model trained on biased data tends to come out more biased than the data, not less [70]. And model collapse, the loss of the tails of the distribution, disproportionately erases minority and edge views, the very perspectives a polarised majority is least likely to preserve [52]. Now picture a self-improving system curating its own training data, which Anthropic warns is already beginning [23]. Without anyone choosing it, such a system could harden a political lean, work out which kind of person it is talking to, and serve each of them whatever keeps them engaged. That is not a claim that it has happened. It is a claim that every individual piece of the mechanism is already documented, and nobody has shown the pieces cannot combine.

I want to be careful here, because this is the most speculative leg of the argument and the evidence is mixed. The strongest counter-finding, according to a 2024 controlled trial published in PNAS, is that AI political microtargeting did not beat a generic message: the persuasion came from the model's general fluency, not the personalisation [69]. The leftward lean is an artefact of fine-tuning that labs can and do adjust, and the bias-amplification evidence is firmest for demographic stereotypes, less so for politics specifically. So treat this as a credible risk with real components, not a settled outcome. The honest worry is not that AI has picked a side today. It is that the machinery to do so, and to hide it inside a friendly, agreeable, personalised answer, is already built, and already learning from a web that is getting angrier.

How it all connects

Step back and the four pressures resolve into a single feedback loop, which is why the ouroboros at the top of this piece is the right image.

Cheap intelligence lowered the barrier to building, so a flood of builders arrived. A large share of them, the code kiddies, ship slop at volume because the tools let them produce it faster than they can understand it. That slop pollutes the open web. The polluted web is the same corpus the next generation of models trains on, which both degrades quality through model collapse and widens the attack surface for poisoning. Meanwhile the supply of high-quality, novel human data, the clean fuel, is finite and running down towards a wall. And the safety problems, the deception and the misalignment, are not separate from this. They are what you get when capable systems are trained on vast, unverified, increasingly synthetic data with goals we specify imperfectly. The loop has a darker edge now, too: the residue of every AI-enabled crime and every radicalised argument is part of what the next model learns from, so the system does not only get blander, it can quietly get meaner and more partisan, without anyone deciding it should. Each pressure feeds the next. The economics squeeze, the quality crisis, the safety warnings and the data wall are readings of one closed loop that is starting to bite its own tail.

The same loop is what finally separates the serious companies from the rest, and it does so on a single axis: genuine, verified, owned data, and the discipline to handle it well. When models are a rented commodity, when the web is too polluted to trust, when recursive training degrades anything built on scraped junk, and when a few poisoned documents can corrupt a foundation, the scarce and defensible thing is clean, structured, proprietary data that you actually understand, plus the engineering rigour to use it. That is the opposite of vibe coding. It is the opposite of slop. It is the boring, unglamorous work that the code kiddies skipped, and it is about to be the only moat left standing.

This is the part where I will be straight about my own bias, because I build in this space. The reason I find this loop clarifying rather than depressing is that it rewards exactly the thing that was always undervalued: owning a clean, structured, verifiable dataset and treating it as the asset it is. A serious business with proprietary data and real evals gets stronger as the base models improve and as the web gets noisier, because its moat is the part the machine cannot scrape. A slop business gets weaker on both counts. Whatever you are building, the durable move is the same one it has always been, just now with higher stakes: own your data, understand your system, and do not mistake a fast demo for a real product.

The takeaway

It would be easy to read all of this as doom, and that would be the wrong takeaway. The capability is real, the productivity gains are real, and a great many people are building genuinely useful things on top of these models. The cheaper, easier headline is true. The reason to walk through the four pressures together is not that AI is a bubble about to burst or a monster about to wake up. It is that the same force, cheap and abundant machine intelligence, is quietly raising the bar for what counts as a real business and a well-built system, at the very moment it floods the field with things that are neither.

The connective tissue, from start to finish, is data. Whether the question is margins, slop, safety, bias or the training wall, the answer keeps returning to the quality, the provenance and the ownership of the data a system learns from and runs on. That is oddly reassuring, because it points at something you can actually control. You cannot control which lab wins, where token prices settle, or how the safety debate resolves. You can control whether the data underneath what you build is clean, structured, genuinely yours, and understood by the people responsible for it.

So let the piece end on a question rather than a verdict, and a constructive one: when cheap intelligence is no longer the hard part, because it already is not, what do you actually own and understand that a model cannot scrape or regenerate for free? Answer that well and you are building something durable, and the rest, the pricing, the safety posture, the resistance to bias, all get easier to get right when the foundation is data you can stand behind. None of the big questions in this article are settled, and honest people disagree on every one of them. But the move while we wait for them to settle is the same unglamorous one it has always been: own your data, understand your systems, and treat both as if they matter, because they are about to matter a great deal more than they have.

Sources

1. OpenAI, "Hello GPT-4o" (2024) - https://openai.com/index/hello-gpt-4o/
2. a16z, "Welcome to LLMflation" (2024) - https://a16z.com/llmflation-llm-inference-cost/
3. Epoch AI, "LLM inference price trends" - https://epoch.ai/data-insights/llm-inference-price-trends
4. GitHub, "Copilot is moving to usage-based billing" (June 2026) - https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/
5. Engadget, "DeepSeek permanently cuts flagship model price 75%" (May 2026) - https://www.engadget.com/2180062/deepseek-permanently-reduces-the-price-of-its-flagship-v4-model-by-75-percent/
6. Scientific American, "What is the AI compute crunch and why are AI tools hitting usage limits?" (2026) - https://www.scientificamerican.com/article/what-is-the-ai-compute-crunch-and-why-are-ai-tools-hitting-usage-limits/
7. The Decoder, "The AI industry is running out of compute" (2026) - https://the-decoder.com/the-ai-industry-is-running-out-of-compute-with-outages-rationing-and-rising-gpu-prices/
8. CNBC, "Only Anthropic is being realistic on AI token economics" (April 2026) - https://www.cnbc.com/2026/04/17/ai-tokens-anthropic-openai-nvidia.html
9. ICONIQ, "State of AI" (2026) - https://www.iconiq.com/growth/reports/2026-state-of-ai-bi-annual-snapshot
10. Sequoia, David Cahn, "AI's $600B Question" (2024) - https://www.sequoiacap.com/article/ais-600b-question/
11. Fortune, OpenAI cash burn and losses (2025) - https://fortune.com/2025/11/12/openai-cash-burn-rate-annual-losses-2028-profitable-2030-financial-documents/
12. Bessemer, "The AI pricing and monetization playbook" - https://www.bvp.com/atlas/the-ai-pricing-and-monetization-playbook
13. Andrej Karpathy, original "vibe coding" post (2025) - https://x.com/karpathy/status/1886192184808149383
14. Simon Willison, "Slop is the new name for unwanted AI-generated content" (2024) - https://simonwillison.net/2024/May/8/slop/
15. GitClear, "AI Copilot Code Quality 2025" - https://www.gitclear.com/ai_assistant_code_quality_2025_research
16. Perry, Srivastava, Kumar, Boneh, "Do Users Write More Insecure Code with AI Assistants?" CCS 2023 - https://arxiv.org/abs/2211.03622
17. Veracode, "2025 GenAI Code Security Report" - https://www.veracode.com/blog/genai-code-security-report/
18. Rest of World, Builder.ai collapse (2025) - https://restofworld.org/2025/builderai-ai-explainer-bankrupt/
19. FTC, "Operation AI Comply" (2024) - https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-announces-crackdown-deceptive-ai-claims-schemes
20. PitchBook, "Y Combinator is going all-in on AI agents" (2025) - https://pitchbook.com/news/articles/y-combinator-is-going-all-in-on-ai-agents-making-up-nearly-50-of-latest-batch
21. TechCrunch, "AI-powered apps struggle with long-term retention" (2026) - https://techcrunch.com/2026/03/10/ai-powered-apps-struggle-with-long-term-retention-new-report-shows/
22. Future of Life Institute, "Pause Giant AI Experiments" (2023) - https://futureoflife.org/open-letter/pause-giant-ai-experiments/
23. Anthropic Institute, "When AI builds itself" (June 2026) - https://www.anthropic.com/institute/recursive-self-improvement
24. Bloomberg, "Anthropic Calls for AI Pause Button" (June 2026) - https://www.bloomberg.com/news/articles/2026-06-05/anthropic-calls-for-ai-pause-button-to-let-humans-take-stock
25. TIME, "Anthropic Drops Flagship Safety Pledge" (Feb 2026) - https://time.com/7380854/exclusive-anthropic-drops-flagship-safety-pledge/
26. Anthropic, "Responsible Scaling Policy" (2023) - https://www.anthropic.com/news/anthropics-responsible-scaling-policy
27. Hubinger et al., "Sleeper Agents" (2024) - https://arxiv.org/abs/2401.05566
28. Greenblatt et al., "Alignment faking in large language models" (2024) - https://arxiv.org/abs/2412.14093
29. Apollo Research, "Frontier Models are Capable of In-Context Scheming" (2024) - https://www.apolloresearch.ai/research/scheming-reasoning-evaluations
30. Anthropic, "Agentic Misalignment" (2025) - https://www.anthropic.com/research/agentic-misalignment
31. OpenAI + Apollo, "Detecting and reducing scheming in AI models" (2025) - https://openai.com/index/detecting-and-reducing-scheming-in-ai-models/
32. Betley, Evans et al., "Emergent Misalignment" (2025) - https://arxiv.org/abs/2502.17424
33. OpenAI, "Preparedness Framework" v2 (2025) - https://openai.com/index/updating-our-preparedness-framework/
34. Google DeepMind, "Frontier Safety Framework" (2024-2025) - https://deepmind.google/blog/introducing-the-frontier-safety-framework/
35. Shah et al., "An Approach to Technical AGI Safety and Security" (2025) - https://arxiv.org/abs/2504.01849
36. Center for AI Safety, "Statement on AI Risk" (2023) - https://www.safe.ai/work/statement-on-ai-risk
37. Axios, coverage of the FLI 2025 AI Safety Index - https://www.axios.com/2025/12/03/ai-risks-agi-anthropic-google-openai
38. Anthropic, UK AISI, Turing Institute, "A small number of samples can poison LLMs of any size" (2025) - https://www.anthropic.com/research/small-samples-poison
39. Souly et al., "Poisoning Attacks on LLMs Require a Near-constant Number of Poison Samples" (2025) - https://arxiv.org/abs/2510.07192
40. Carlini et al., "Poisoning Web-Scale Training Datasets is Practical" (2023) - https://arxiv.org/abs/2302.10149
41. Zhang et al., "Persistent Pre-Training Poisoning of LLMs" (2024) - https://arxiv.org/abs/2410.13722
42. Anthropic, "Disrupting the first reported AI-orchestrated cyber espionage campaign" (2025) - https://www.anthropic.com/news/disrupting-AI-espionage
43. Anthropic, "Detecting and countering misuse of AI: August 2025" - https://www.anthropic.com/news/detecting-countering-misuse-aug-2025
44. OpenAI, "Disrupting malicious uses of AI: October 2025" - https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/
45. Moneywise, summarising FBI/IC3 figures on AI-enabled scams (2025) - https://moneywise.com/news/top-stories/fbi-ai-deepfake-voice-cloning-scams-losses
46. Internet Watch Foundation, "How AI is being abused to create child sexual abuse imagery" (2026) - https://www.iwf.org.uk/about-us/why-we-exist/our-research/how-ai-is-being-abused-to-create-child-sexual-abuse-imagery/
47. Europol, "25 arrested in global hit against AI-generated CSAM" (Feb 2025) - https://www.europol.europa.eu/media-press/newsroom/news/25-arrested-in-global-hit-against-ai-generated-child-sexual-abuse-material
48. Police Professional, "Schools urged to review pupil photos amid AI blackmail threat" (May 2026) - https://policeprofessional.com/news/schools-urged-to-review-pupil-photos-amid-ai-blackmail-threat/
49. Gu, Dolan-Gavitt & Garg, "BadNets" (2017) - https://arxiv.org/abs/1708.06733
50. Villalobos et al. (Epoch AI), "Will we run out of data?" (2024) - https://arxiv.org/abs/2211.04325
51. Ilya Sutskever, NeurIPS 2024, "peak data" (coverage) - https://www.techmeme.com/241213/p33
52. Shumailov et al., "AI models collapse when trained on recursively generated data," Nature (2024) - https://www.nature.com/articles/s41586-024-07566-y
53. Gerstgrasser et al., "Is Model Collapse Inevitable?" (2024) - https://arxiv.org/abs/2404.01413
54. Borji, "A Note on Shumailov et al. (2024)" (2024) - https://arxiv.org/abs/2410.12954
55. Gunasekar et al., "Textbooks Are All You Need" (Microsoft Phi, 2023) - https://arxiv.org/abs/2306.11644
56. Graphite, "More articles are now created by AI than humans" (2025) - https://graphite.io/five-percent/more-articles-are-now-created-by-ai-than-humans
57. Originality.ai, "AI content in Google search results" - https://originality.ai/ai-content-in-google-search-results
58. Thompson et al. (Amazon), "A Shocking Amount of the Web is Machine Translated" (2024) - https://arxiv.org/abs/2401.05749
59. Alemohammad et al., "Self-Consuming Generative Models Go MAD" (2023) - https://arxiv.org/abs/2307.01850
60. Staab et al. (ETH Zurich), "Beyond Memorization: Violating Privacy via Inference with LLMs" (2023) - https://arxiv.org/abs/2310.07298
61. Peters, Cerf & Matz, "LLMs Can Infer Personality from Free-Form User Interactions" (2024) - https://arxiv.org/abs/2405.13052
62. Lee et al., "LLMs Can Infer Political Alignment from Online Conversations" (2026) - https://arxiv.org/abs/2603.11253
63. Rozado, "The political preferences of LLMs," PLOS ONE (2024) - https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0306621
64. Feng et al., "From Pretraining Data to Language Models to Downstream Tasks," ACL (2023) - https://arxiv.org/abs/2305.08283
65. Sharma et al. (Anthropic), "Towards Understanding Sycophancy in Language Models" (2023) - https://arxiv.org/abs/2310.13548
66. OpenAI, "Sycophancy in GPT-4o: what happened" (2025) - https://openai.com/index/sycophancy-in-gpt-4o/
67. OpenAI, "Defining and evaluating political bias in LLMs" (2025) - https://openai.com/index/defining-and-evaluating-political-bias-in-llms/
68. Anthropic, "Measuring political bias in Claude" (2025) - https://www.anthropic.com/news/political-even-handedness
69. Hackenburg & Margetts, "Evaluating the persuasive influence of political microtargeting with LLMs," PNAS (2024) - https://www.pnas.org/doi/10.1073/pnas.2403116121
70. Hall et al., "A Systematic Study of Bias Amplification" (2022) - https://arxiv.org/abs/2201.11706
71. CNN, "Finance worker pays out $25 million after deepfake video call" (Arup, Hong Kong, 2024) - https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
72. CNN, deepfake images investigation, Almendralejo, Spain (2023) - https://www.cnn.com/2023/09/20/europe/spain-deepfake-images-investigation-scli-intl/index.html
73. CNN, AI deepfake images at a New Jersey high school (2023) - https://www.cnn.com/2023/11/04/us/new-jersey-high-school-deepfake-porn/index.html
74. Women's Agenda, student arrested over deepfake images, Bacchus Marsh, Australia (2024) - https://womensagenda.com.au/latest/male-student-arrested-after-deepfake-pornographic-images-of-50-female-students-circulated-online/
75. The Register, "GitHub Copilot users threaten exit as metered billing kicks in" (June 2026) - https://www.theregister.com/ai-and-ml/2026/06/02/github-copilot-users-threaten-exit-as-metered-billing-kicks-in/