What methodologies do major tech companies use to detect AI-generated CSAM and how do their detection rates compare?

1. Legacy tools meet a new threat: hashing and matching adapted for AI-generated content

The bedrock method—hash matching of known CSAM—remains central for platforms, but vendors and nonprofits have adapted perceptual hashing and scene-sensitive video hashing to identify not just byte-for-byte duplicates but visually similar scenes and slices of footage, allowing platforms to catch re-encoded, cropped, or partially altered CSAM videos that traditional hashes miss (Thorn’s Scene-Sensitive Video Hashing and perceptual hashing work) ^{[2] [1]}.

2. Machine-learned classifiers and multimodal models try to generalize beyond known hashes

Commercial players and specialist firms deploy classifiers trained on proprietary datasets to flag novel or AI-generated CSAM across images, video, and text—ActiveFence, for example, claims models that detect newly generated CSAM and can surface grooming, solicitation, and prompt-manipulation tactics in multiple languages—enabling platforms to triage previously unseen material rather than relying solely on hash matches ^[3].

3. Detection of AI-origin signals: watermarking, provenance and model-based heuristics

Some approaches look for generation artifacts or provenance signals—platforms and researchers discuss model-detection heuristics and defensive measures like requiring provenance/watermarking from generators, while NGOs suggest product features such as Thorn’s Safer Predict to scan outputs for novel CSAM and text-based child sexual exploitation ^{[7] [8]}. Public documentation of robust, widely-adopted watermarking or provenance pipelines across major providers remains limited in the reporting.

4. Why comparing detection rates is currently impossible from public sources

Vendors trumpet capabilities, but independent, standardized detection-rate benchmarks are scarce: the literature and press document methods and company commitments (e.g., pledges by major firms to avoid training on CSAM and to detect/report it), and vendors like ActiveFence describe detection automation, yet none of the sources publish transparent, comparable recall/precision metrics across the same datasets—so cross-company rate comparisons cannot be substantiated from available reporting ^{[3] [5] [1]}.

5. Structural and legal barriers that hide performance numbers and limit adversarial testing

Even where red-teaming could validate detectors, legal risks and lack of safe-harbor for researchers prevent systematic stress-testing of models against CSAM prompts; commentators note the paradox that responsible testing can itself create illegal images, and thus companies and public-interest researchers face regulatory and criminal-risk friction when seeking to benchmark detection performance ^{[6] [4]}.

6. Operational tradeoffs, emerging harms, and the incentives that shape reporting

Detection must balance privacy and encryption concerns—regulatory proposals demanding proactive uploadscanning raise E2EE and surveillance worries—and firms’ public pledges (cited in Forbes) can serve both safety and reputational interests, so vendor claims need independent validation; watchdog data (IWF and others) also reports that AI-generated CSAM is increasingly realistic and more severe, heightening urgency but not supplying consistent detection metrics ^{[9] [5] [10]}.

7. Bottom line: promising toolset, insufficient public evidence on “which works best”

The technological toolset—hash variants, perceptual/video hashing, classifiers, proprietary intelligence and provenance initiatives—maps coherently to the problem space, but the reporting shows a gap between capability descriptions and verifiable, comparable detection rates; absent shared test corpora or independent benchmarks, decisive claims about which company or method detects AI-generated CSAM most effectively cannot be made on the basis of the sources reviewed ^{[2] [3] [5]}.