Written by Dr David Tena Cucala, Lecturer in Computer Science, Royal Holloway University, 2026
In 2024, an Air Canada customer asked the airline’s chatbot a simple question: could he get a bereavement refund? The chatbot said yes and even explained exactly how to apply. So he bought the ticket, followed the instructions, and submitted the claim.
Air Canada refused. Their defence? The chatbot had made a mistake, as their policy did not allow bereavement refunds.
He took them to the British Columbia Civil Resolution Tribunal. He won. The ruling was beautifully blunt: if you deploy a chatbot to speak for your company, you own what it says.
Even if it hallucinates policies.
The End of the Rulebook
When I tell this story to people outside AI research, the conversation almost always goes the same way. “But someone programmed it, right? Someone wrote the rules?” they say.
And I say: “…not exactly.” Cue stunned silence.
For most of computing history, that assumption was correct. Most early AI systems were rule-based: enormous lists of human-written instructions, variables with sensible names, logic you could trace with your finger. A good engineer could read the code, understand it, and stake their reputation on it.
Then, in the mid-2010s, neural networks took over, and they work almost the opposite way. Instead of writing rules, engineers build systems that learn their own. These networks (loosely inspired by the brain) contain billions of adjustable connections between virtual “neurons.” You feed them examples, give feedback, and repeat the process billions of times. Eventually the system becomes uncannily good at whatever task you are applying it to; sometimes it even becomes superhuman, beating world champions at chess and Go, and making scientific breakthroughs like protein folding. Nobody tells it the rules. It figures them out on its own.
That has two big consequences. First, the system often discovers patterns no human explicitly taught it, including patterns nobody had even noticed before. That’s their genuine magic. But it also means nobody can be completely certain what the system has actually learned. Second, whatever it learned isn’t stored anywhere readable. The knowledge is smeared across millions (sometimes billions) of numerical weights. You can stare at the numbers, but they won’t mean anything to you. People sometimes call AI a “black box”, though the phrase is slightly misleading. The box isn’t opaque. We can look inside. We simply don’t understand what we’re seeing.
The Accountability Gap
That last point has real consequences. It’s why AI systems hallucinate, producing wrong answers with total, unblinking confidence. The Air Canada story is almost funny. But at the other end of the spectrum, you have systems influencing healthcare decisions, shaping legal outcomes, and moving financial markets.
To be fair: we already trust plenty of things we don’t personally understand, like aeroplanes, vaccines, and power grids. But in those cases, someone understands them. Engineers can explain why the plane flies. Scientists know how the vaccine works. There are people whose entire job is to understand these systems deeply, and to be held accountable when they fail. With modern AI, that accountability gap is real, and it’s growing.
A small, serious group of researchers is trying to close it, building something like a “neuroscience of AI”, reverse-engineering these models from first principles to figure out what’s actually happening inside. It’s slow, hard, important work. Meanwhile, the rest of the industry is moving in the opposite direction: build a bigger ship faster, patch the mistakes later.
So here we are, rapidly weaving a technology into education, medicine, finance, and the daily fabric of decision-making, even though nobody fully understands how it works. The question isn’t technical; it’s a choice. If AI is going to shape the infrastructure of society, we can either accept that it remains, at its core, a mystery, or we can demand that someone, somewhere, actually understands it.
But that choice is impossible to make if you don’t know it exists. And why would you? The reasonable assumption is that someone, somewhere, already checked. That there’s an engineer who can open the hood and explain exactly what went wrong.
It’s a fair assumption. It’s just not true.
Where do you stand? Should we slow down deployment until we can explain these systems, or are problems like Air Canada’s chatbot just a “growing pain” we can manage along the way? Drop your thoughts in the Comments.
“They’re basically attacking our entire digital existence – if we don’t like it, then we shouldn’t be posting it at all.” – Dr Daisy Dixon, Cardiff University [1] Written by Sophie Hawkes, PhD Researcher at the CDT in Cyber security for the Everyday, Royal Holloway University, 2026
Image-based sexual abuse (IBSA) includes the non-consensual creation and/or sharing of intimate images. This includes practices such as upskirting, hidden cameras, sextortion, cyber-flashing, semen images, and sexualised deepfakes. The Revenge Porn Helpline (RPH) – “a UK service supporting adults…experiencing intimate image abuse” [2] – saw a 400% increase in cases of non-consensual “synthetic” (AI-generated) intimate images (NSII), between 2017 and 2024. [3]
While the term “revenge porn” is perhaps more widely known, it can carry problematic implications of victim blame and obscure the reality that this is a form of abuse, often perpetrated by complete strangers. Such violations also introduce differential vulnerabilities; i.e., even when experiencing similar circumstances, different populations face different types and degrees of security, privacy, and safety risks with serious consequences to their lives.
Of the cases reported to the RPH, 72% were women. Among these, 44% reported that the perpetrator was “a known male”, while 53% reported the perpetrators were “completely unknown” [3]. Research consistently shows that women are overwhelmingly the targets of NSII. On the notorious deepfake video sharing site ‘Mr Deepfakes’, 95.3% of all targeted individuals were women, constituting 91% of all videos on the platform [4]. As early as 2019, a report by Deeptrace/Sensity AI found that, of the deepfakes they found, 96% were pornographic, and 100% of those depicted women. Indeed their case study of a computer app called ‘DeepNude’ further illustrates this imbalance and suggests a contributing factor: the model was trained only on images of women, so was unable to generate comparable nude images of men [5].
More recently, the Grok AI chatbot (built into the social media platform X) enabled the mass creation of non-consensual sexualised images. User requests soared after CEO Elon Musk posted a Grok AI-edited photo of himself in a bikini, showing how platform leadership and design decisions can permit the normalisation of image abuse. The New York Times [6] estimates that 41% (approximately 1.8 million) of images generated and posted by Grok in response to user requests over the nine days were sexualised images of women. The Center for Countering Digital Hate found that 65% of images in its random sample were sexualised, with 101 showing children – suggesting that over 23,000 total sexualised images of children may have been posted on X as a result of user requests to Grok AI.
With all this in mind, it is clear that the evidence demonstrates that sexualised deepfakes are a deeply gendered harm, and thus are understood as a type of technology-facilitated gender-based violence (TF-GBV). Yet a stark imbalance exists not only in who is targeted, but also in the perceived harms and response. Research shows that men are more likely to find the creation and sharing of synthetic intimate images acceptable [7], and are more likely to place less responsibility on perpetrators [8]. Men also tend to perceive sexualised deepfakes of themselves as more acceptable than non-male participants, with some participants (mostly men) responding that a partner creating sexual deepfakes of them would be “flattering” or “a compliment” [7]. Overall, men generally perceive less harm to victims of NSII [8].
These perception gaps may help to contextualise why “four times as many” victims report a negative police reporting experience than a positive experience [3], given the overrepresentation of men in the police force, e.g. women made up only 27.1% of the Metropolitan Police Service in 2021 [9].
By contrast, people from marginalised genders are more likely to find the creation and sharing of sexual deepfakes more unacceptable than non-sexual deepfakes [7], and women are perceived to experience greater harm from such abuse [8]. This dynamic is shaped by and reinforces wider societal structures that shame and suppress female sexuality. In this way, sexual deepfakes are wielded as a disciplinary force to silence women and marginalised genders who stand up against image abuse, such as happened to Dr Daisy Dixon (quoted above) [1]. The vicarious trauma of watching other women be targeted could act as a chilling mechanism, encouraging self-censorship, withdrawal from public platforms, and reduced trust and engagement with AI, reinforcing gendered patterns of digital exclusion and unequal technological participation [15].
A further dimension of this is reflected in racialised perception of harm. Evidence of ‘misogynoir’ (a term coined by Moya Bailey to describe gendered anti-Black racism) emerges in findings [8] that US participants uniquely (compared to UK and Australian participants) judged Black female victims as less harmed by the creation of sexual deepfakes than white or Asian women. This demonstrates enduring harmful stereotypes, like the “Strong Black Woman” [8], and highlights the need for intersectionality, as when harm to Black women is systematically minimised and their suffering normalised, adequate recognition, responses and support are less likely to follow.
Racialised patterns of deepfake sexual abuse were also clear in the creation and consumption of sexual deepfake content on ‘Mr Deepfakes’, where four out of the top ten video categories (by number of videos) were explicitly racial (Asian, Korean, Indian/Bollywood, and Interracial) [4], suggesting that race is an important factor shaping activity. Notably, the second most common nationality targeted (after American), both in the Sensity AI report [5] and on ‘Mr Deepfakes’ [4], was (South) Korean, with K-pop singers a core target. These trends may represent not only global popularity, but also a racialised sexualisation or exoticism within Western platform cultures.
It is also important to consider cultural differences, especially around the meaning of “intimate images”, since narrow legal and societal definitions of intimacy may fail to capture real-world harm, for example using AI to remove a woman’s hijab. The RPH reported that 1% of its cases were of “culturally sensitive content” and that 7.5% reported cultural sensitivity as an additional impact [3]. In certain contexts, the retaliatory threat of honour-based violence may pose a severe and immediate danger to victims. LGBTQ+ individuals may also face additional risks of exposure and retaliation from images outside of what may traditionally be considered “intimate”.
Another often overlooked group of victims are those whose intimate media is non-consensually used as the ‘body’ onto which another individual’s face is edited, primarily sex workers. A study [10] showed that participants attribute more victim blame to the ‘body victim’ than the ‘face victim’, and ‘face victims’ were considered to experience greater harms, especially when the ‘body victim’ was labelled as a sex worker. This reinforces hierarchies of respectability in which some bodies are treated as disposable inputs rather than victims of abuse.
Finally, recent work [11] has brought to light the longstanding ethical bad practice involving the non-consensual use and distribution of nude images in datasets for academic research, e.g. nudity detection. Out of 150 computer science papers using real nude images, none mentioned the consent or safety of the image subjects, or data deletion plans, and only two had received institutional review board (IRB) review and approval. Some nude datasets knowingly contained non-consensual images, for example upskirting and hidden camera images, and one scraped images from subreddits dedicated to sexual violence and borderline child sexual imagery. Serious concerns were flagged around the 813 example images published in the papers, of which 9 were completely uncensored and 28 were still identifiable.
On 6th February 2026, it will become illegal to create, or request the creation of, non-consensual sexual deepfakes, after legislation passed in the Data (Use and Access) Bill 2025 was finally signed on 15th January [12]. This follows years of tireless activism to end image abuse by many, from organisations like End Violence Against Women, to survivor-led campaigns like #NotYourPorn and Jodie Campaigns, to Glamour UK Magazine and academics like Clare McGlynn, Professor of Law at Durham University [13].
While Jodie said in a statement [14] “My hope is that this marks a genuine turning point”, she expressed frustration that swift action had only been taken in response to the public outcry against X’s Grok AI in recent weeks. “It should never have taken days of outrage and new victims being created for action to be taken, when this legislation has been sitting ready, with Royal Assent, for months. Survivors and campaigners warned, again and again, that delaying this law would cause real harm. We were right.”
[4] C. Han, A. Li, D. Kumar, and Z. Durumeric, “Characterizing the MrDeepFakes Sexual Deepfake Marketplace,” in Proceedings of the 34th USENIX Security Symposium, Seattle, WA, USA, Aug. 2025, pp. 5169–5188. Available: https://www.usenix.org/conference/usenixsecurity25/presentation/han.
[5] H. Ajder, G. Patrini, F. Cavalli, and L. Cullen, “The State of Deepfakes: Landscape, Threats, and Impact,” Deeptrace Labs, Amsterdam, Netherlands, Sep. 2019. [Online]. Available: https://regmedia.co.uk/2019/10/08/deepfake_report.pdf.
[7] N. G. Brigham, M. Wei, T. Kohno, and E. M. Redmiles, “Violation of my body: Perceptions of AI-generated non-consensual (intimate) imagery,” in Proceedings of the Twentieth Symposium on Usable Privacy and Security, Philadelphia, PA, USA, 2024, pp. 373–392. Available: https://www.usenix.org/conference/soups2024/presentation/brigham.
[8] A. A. Eaton, A. J. Scott, A. Flynn, and A. Powell, “Perceptions of sexualized deepfake abuse across three nations: An exploration of how victim gender and race shape attitudes towards deepfake abuse in the United States, the United Kingdom, and Australia,” Computers in Human Behavior, vol. 177, p. 108899, 2026. Available: https://doi.org/10.1016/j.chb.2025.108899.
[11] P. Cintaqia, A. Arya, E. M. Redmiles, D. Kumar, A. McDonald, and L. Qin “Stop the Nonconsensual Use of Nude Images in Research,” in Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, 8(1), 628-629. Available: https://doi.org/10.1609/aies.v8i1.36576.
[15] K. P. L. Coopamootoo, M. Mehrnezhad, E. Toreini, “I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country, Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA, Aug. 2022, pp. 287–304. Available: https://www.usenix.org/conference/usenixsecurity22/presentation/coopamootoo
Dr Beenish Ayaz (PhD, SMIEEE, CEng, FHEA) Department of Electronic Engineering Royal Holloway University of London
Artificial intelligence is often perceived as intangible — algorithms in the cloud and intelligence embedded in software. In practice, AI demands an immense physical backbone of so-called “AI warehouses”: data centres that consume growing amounts of electricity and water. In the UK, data centre demand is rising sharply alongside ambitions in AI, digital resilience, and high-performance computing. This creates a significant engineering and societal challenge: how can digital progress be aligned with environmental sustainability and social responsibility?
One emerging approach is the deployment of underwater data centres, cooled by the ocean’s naturally low and stable temperatures. Projects such as Microsoft’s Project Natick demonstrated that subsea cooling can significantly reduce the overhead energy associated with thermal management. However, cooling efficiency does not reduce the energy required for computation itself. True progress toward net-zero therefore depends not only on innovative cooling, but also on integration with renewable energy systems, lifecycle-aware design, and responsible operational practices.
Although Microsoft concluded its experimental programme in 2024, the concept has evolved from research prototype to strategic infrastructure. Several countries are now exploring commercial-scale deployments. China, for example, has established some of the earliest large-scale operational subsea data centres near Hainan and Shanghai, reporting substantial reductions in cooling energy demand. These developments illustrate technical feasibility, but they also highlight the need for shared standards for environmental protection and governance.
Relocating digital infrastructure offshore does not eliminate impact—it redistributes it. Subsea deployments interact with fragile marine ecosystems and with coastal communities that may have limited voice in how digital infrastructure is governed. Potential thermal plumes and broader ecological change raise the risk of an “out of sight, out of justice” scenario. At the same time, strategic competition around AI introduces questions of digital sovereignty and control over the physical foundations of the cloud. For the UK, with its extensive coastline and marine research capability, this represents both an opportunity and a responsibility. Here, technology can support trust-building, and intelligent underwater wireless sensor networks (UWSNs) become vital. Acting as a “nervous system”, they can monitor temperature, acoustics, and water chemistry in real-time. Yet technical capability alone is insufficient. Underwater networks face constraints such as limited bandwidth, power scarcity, biofouling, and harsh propagation environments. More fundamentally, they raise governance questions concerning data ownership, interpretation, and distribution of benefits. When monitoring data are confined within proprietary systems, transparency is diminished and public trust is undermined.
(Image created using Google Gemini)
A collaborative, solution-oriented approach aligned with responsible research and innovation is therefore essential. Open standards, interoperable platforms, and shared data frameworks can allow regulators, scientists, industry, and citizens to jointly assess environmental impact. In this way, underwater sensing becomes not only a performance tool, but a mechanism for accountability, inclusion, and societal benefit. Evidence from real-time marine sensing supports informed debate, policy engagement, and conservation-centred design, transforming technology from a closed system into a more inclusive public resource.
Ultimately, underwater data centres are not a simple route to net-zero computing. They offer a powerful test case for whether we can build AI infrastructure that is not only efficient, but also transparent, equitable, and environmentally responsible. The future of digital infrastructure is not merely computational. It is socioenvironmental and governance-driven. As engineers and researchers in the UK and beyond, we must design for bandwidth and biology, latency and justice, working collaboratively from the seafloor up.
