Reports of AI-generated child sexual abuse material (CSAM) surged from 67,000 in 2024 to over 1.5 million in 2025, according to the National Center for Missing and Exploited Children. MIT researchers and child safety nonprofit Thorn have developed a way to detect open-source generative AI models fine-tuned to produce such material - without ever generating an image.
The dead end of output-based auditing
Testing a model for harmful capabilities normally involves prompting it and checking the outputs. For CSAM, that approach is illegal in the United States and many other jurisdictions, regardless of intent. Repeatedly generating abusive imagery also causes psychological harm to human evaluators. Manual auditing is not scalable, leaving a gap that bad actors exploit.
The researchers presented the work as a spotlight at the "Trustworthy AI for Good" workshop at the International Conference on Machine Learning.
How Gaussian probing works
The team from MIT and Thorn bypassed the need for outputs entirely. They focused on the internal modifications a model undergoes during fine-tuning, specifically using a technique called Gaussian probing. The method feeds the model random data points and analyzes how the model's internal representations change, without prompting it to produce an image.
"We never run the model all the way to the end or prompt the model, so we never generate images," said Vinith Suriyakumar, an MIT graduate student and lead author of the paper.
The probing captures the effect of low-rank adaptation (LoRA) adaptors at multiple points inside the model and averages them to summarize the modification. The researchers found these aggregated signals to be a strong indicator of how the model has been specialized. LoRA is a fine-tuning method that lets users create new Generative AI and LLM variants efficiently, without retraining the entire model.
100% detection and platform-level impact
When tested on model variations known to generate CSAM, other harmful images, and safe content, the auditing procedure achieved 100 percent accuracy in identifying the CSAM-specialized models. The approach could let hosting platforms flag and remove unsafe models before they are uploaded or widely distributed.
"This unlocks a new avenue for platforms that host open-source models and for law enforcement to actually test whether a model is capable of generating CSAM. Before, we had no way of measuring this. It was a huge blind spot that some people were taking advantage of," Suriyakumar said.
Gaussian probing also holds up against evasion better than some other auditing methods, because a malicious actor would need to alter the base model's inner workings carefully to avoid detection. The method is scalable, a crucial factor given that thousands of model variations are published online each month.
Why this matters for IT and development
For IT and development teams that host or audit open-source models, the technique provides a practical way to check AI for IT & Development models for harmful adaptations without crossing legal boundaries. The method does not require generating any output, so it eliminates the risk of illegal content creation during the audit.
"There is a huge bucket of child safety concerns with AI, and these are real concerns that need to be addressed. A lot of children are being harmed by AI deepfakes. We've shown that Gaussian probing can be a very useful tool, and we hope the research community really pours more attention into this problem," said Ashia Wilson, associate professor and co-author.
"Now we have a technological approach to partially address this concern. So much effort was poured into this collaboration, which enabled us to tackle a really hard problem that is harming so many children, nationally and around the world," said Marzyeh Ghassemi, another co-author.
Your membership also unlocks: