MIT researchers built a way to catch AI image models trained to produce child sexual abuse material without ever generating a single illegal image. According to MIT News AI, a team led by graduate student Vinith Suriyakumar, working with associate professors Ashia Wilson and Marzyeh Ghassemi plus the child safety nonprofit Thorn, developed an auditing method that reads a model’s internal wiring to tell whether it’s been tuned for harmful output. In testing, it flagged models specialized to generate CSAM with 100 percent accuracy.
This matters because the problem is exploding. The National Center for Missing and Exploited Children logged more than 1.5 million reports of AI-generated CSAM in 2025, up from 67,000 in 2024. That’s not a rounding error. That’s a blind spot people were actively exploiting.
🔍 Why the old approach failed
The standard way to test an AI model for harmful capabilities is simple: prompt it, look at what comes out. That breaks down completely with CSAM. Generating the material is illegal in the U.S. regardless of intent, so auditors legally can’t use the usual method. Repeatedly producing such images also inflicts real psychological harm on the human reviewers doing the checking.
“We are in this very difficult situation where, based on the law itself, we cannot use the de facto means of evaluation,” Suriyakumar told MIT News AI. “We had to throw out the entire toolkit and take a different approach.”
🧪 What the researchers actually did
The team focused on how open-source models get customized. Instead of retraining a whole model, people use a shortcut called low-rank adaptation, or LoRA, to cheaply specialize it for a task. That’s how you get watercolor-style image generators. It’s also how bad actors build high-quality CSAM generators.
Rather than inspecting outputs, the MIT method probes the modifications LoRA makes inside the model. Using a technique called Gaussian probing, the researchers feed the model random data points and watch how it manipulates them across its internal layers. They capture those changes at multiple points, average them, and use the result as a fingerprint of what the model was tuned to do.
“We never run the model all the way to the end or prompt the model, so we never generate images,” Suriyakumar explains.
They tested it on variations of three model types, checking against known LoRA adaptors for CSAM, other harmful images, and safe content. The CSAM detection hit 100 percent accuracy.
⚡ Why practitioners should care
The practical payoff is deployment. Thousands of model variants get published online every month, and manual review can’t keep up. This technique is scalable and cheap to run, which is the whole point.
Here’s what it unlocks:
- Hosting platforms can scan uploads and block or remove unsafe models before they spread.
- Law enforcement gets a measurable test for whether a model can produce CSAM, which didn’t exist before.
- Human reviewers are spared the trauma of generating and viewing the material to verify it.
“This unlocks a new avenue for platforms that host open-source models and for law enforcement to actually test whether a model is capable of generating CSAM,” Suriyakumar says. “Before, we had no way of measuring this.”
🚧 The limits
The researchers aren’t claiming they’ve solved child safety in AI. Wilson frames this as one useful tool in a much bigger fight. “There is a huge bucket of child safety concerns with AI, and these are real concerns that need to be addressed,” she says, pointing to the flood of AI deepfakes harming children. The method targets LoRA-adapted models specifically, and it’s a detection layer, not a cure.
The work was presented as a spotlight at the “Trustworthy AI for Good” workshop at the International Conference on Machine Learning. What stands out here is the shift in thinking: when you legally can’t look at the output, you look at the machine instead. Expect more safety auditing to move in that direction. Full details are available at MIT News AI.