Practical guides to protect yourself, your family, and your business from AI-driven scams, deepfakes, and emerging cyber threats.
On June 10, 2026, OpenAI published a threat report describing something that would have been slow and expensive a few years ago and is now cheap and fast. Operators likely working from China had used ChatGPT to manufacture an American grassroots backlash. They wrote English-language social posts in the voice of ordinary citizens, generated cartoons of executives and robots hauling bags of money while regular families paid the bill, and pushed one message: that the data centers powering artificial intelligence were driving up electricity prices for everyone else.
None of the people posting were real, and OpenAI banned the accounts. The reason this deserves your attention is not that it worked, because it barely did. It is that the barrier to running a convincing, native-sounding influence operation, meaning a covert campaign to shape public opinion while hiding who is behind it, has quietly collapsed. This time the target was a debate happening inside the United States.
The report describes two clusters of ChatGPT accounts, both likely originating from the PRC, the People's Republic of China, meaning the Chinese state or actors aligned with it. OpenAI named the first cluster Data Center Bandwagon. Its accounts generated comments and images claiming that the buildout of AI data centers was raising household electricity bills, a claim engineered to attach itself to a real and growing American anxiety. The second cluster, Tech and Tariffs, produced content attacking US tariffs as an attempt to dominate technological competition, and its prompts carried a giveaway instruction: leave China's leader Xi Jinping out of the images and show only President Trump.
The mechanism is worth slowing down on, because it is the actual story. The operators prompted the model in Simplified Chinese, routed their connection through VPNs (virtual private networks, which hide a user's real location) to appear elsewhere, and posted the output on X while posing as Americans from a range of backgrounds. They did not lean on a single tool either. OpenAI notes the same operation drew on more than one AI model at different stages, generating the text, the cartoons, and the personas that carried them. This is astroturfing, the old trick of faking a grassroots movement, rebuilt with a content engine that never tires and never leaves a spelling mistake.
Start with what actually happened: a foreign actor tried to insert itself into an American policy argument while hiding its identity, and got caught. The campaign changed no minds, but treating that as the headline misses the point. What changed is the cost curve. Producing hundreds of fluent, localized, image-rich posts in a language that is not your own used to require people, time, and money, and each of those was a chance to slip up. A generative model erases all three. For your organization, the uncomfortable version of this is narrower than geopolitics. The same clusters spread a fabricated story that OpenAI had suffered a data breach, which means a company's name can now be the raw material for a synthetic incident that never occurred. If your brand sits anywhere near a contested public debate, assume it can be conscripted into one. The systemic shift underneath is the point to raise in a planning meeting. For years the tell of a foreign influence operation was the content itself, the awkward phrasing and the off-key cultural notes. That signal is gone. What stays detectable is behavior: the coordination, the timing, the inauthentic account networks, which is exactly what let OpenAI find these two.
The campaign OpenAI disrupted was clumsy in its results and sophisticated in its method, and the method is what carries forward. Generative AI has turned the production of persuasive, native-sounding propaganda into a commodity, and the only reason these operators were caught is that faking human behavior at scale is still harder than faking human writing. Carry one question into your next security or communications review: if a wave of fluent, angry, perfectly localized posts turned up tomorrow attacking or impersonating your organization, what would let your team tell the real voices from the manufactured ones?


