Artificial Intelligence (AI)
AI Pulse: Brazil Gets Bold with Meta, Interpol’s Red Flag & more
The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use, Interpol’s warnings about AI deepfakes, and more.
AI is advancing at such a fast pace that regulators, governments, and content creators are having a hard time keeping up. This edition of AI Pulse takes a deep dive into the topic of AI regulation, from Brazil’s Meta challenge and creators’ copyright defenses to recent law enforcement warnings and a contemplation on what will happen once agentic AI starts to ‘think’ for itself.
AI regulation: Who’s driving the bus?
Almost as soon as generative AI hit the scene, critics started sounding alarms about AI companies’ rampant consumption of data for training their models. Arguments continue to rage over whose data is it, who has the right to use it—and where and how.
The high speed and low transparency of AI innovation have made it tough for content owners, regulators, and legislators to keep up, but that hasn’t stopped them from trying. In the last few weeks and months, authorities have put the brakes on some big players’ ambitions while vocal communities have aired their frustrations—sometimes in hard-hitting ways.
This AI Pulse looks at a few key developments in AI regulation and why guardrails are going to be more important than ever with the rise of ‘agentic’ AI.
What’s new in AI regulation
Regulators flex on the AI feeding frenzy
Brazil delivered bad news to Meta at the start of July when it halted the company’s plan to train AI models on Instagram and Facebook posts. According to the BBC, Meta aimed to scrape public posts, images, and comments for AI training. Content would have included posts by children and teens. Meta said its plan conformed to Brazilian privacy laws; the country’s data protection agency, the ANPD (Autoridade Nacional de Proteção de Dados), said otherwise.
Meta had already backed off a similar move in the EU under pressure from governments there, and more recently announced it would not be deploying its next multimodal AI model in Europe or Brazil because of a lack of clarity about regulations. (Multimodal AI models make use of the full range of media instead of just text, video, or images on their own.) Whether or not this is related to the EU's AI Act passing in July, the act ‘going live’ means the clock is now ticking for companies to comply.
Whose data is it, anyway?
AI regulation touches on questions of copyright and data privacy that are governed by other, preexisting legal frameworks. Back in January 2024, Italy found OpenAI was likely in violation of one of those frameworks, the EU’s GDPR, in a case that’s still ongoing.
Part of the issue comes down to what constitutes ‘publicly available’ data—which AI companies and regulators tend to see very differently. As a recent Axios feature noted, ‘publicly available’ and public domain are not the same thing, and much of what AI innovators consider publicly available is obtained without explicit user or creator permission, intentionally or otherwise. When a July WIRED story suggested some companies may have violated YouTube policies by using subtitles from videos to train AI platforms, it was acknowledged this may not have been deliberate since the underlying dataset had been collected by a third party.
Data is in the eye of the beholder. What AI companies call ‘data’ many people call their life’s work: artists, journalists, coders, and more. It’s not just a semantic distinction. Data and creative expressions are valued in radically different ways, and creators continue to fight for their interpretation. That’s what led the Center for Investigative Reporting to sue OpenAI and Microsoft for copyright infringement at the end of June, adding to recent legal actions by the Chicago Tribune and other news outlets.
Since late last year, some visual artists have been resorting to a kind of guerilla warfare against AI, using a tool called Nightshade to poison models trained on their work without permission. Nightshade and its companion tool Glaze embed confounding data into images that distorts AI models’ understanding of what various objects look like, compromising their outputs. Where AI regulations can’t (yet) act, some parties seem willing to take matters into their own hands.
Other creators and publishers are trying a different tack, teaming up formally with AI companies to contribute content in exchange for credit and other benefits. TIME magazine, for instance, announced on June 27 that it was making its century-long archives available to OpenAI for use with attribution in query results.
Community—or commodity?
Reddit has been making news since the start of the year for its partnerships with Google and OpenAI. Back in February, Google made its Vertex AI available to Reddit to improve search and other functions within the platform, and in turn gained access to the Reddit API to make Reddit more Google-able. In May, OpenAI jumped into the ring with plans to build Reddit content into ChatGPT and other offerings while also gaining use of the Reddit API.
Not all Reddit users and members of other communities are enthusiastic about the merging of their preferred platforms with AI. Many developers who post on Stack Overflow and Stack Exchange, for example, were infuriated by an announced partnership with OpenAI, not wanting their content to be used for AI training. As reported in WIRED, some users were planning to delete content or deliberately corrupt it so that it can’t be used.
“Hey, AI, you can’t say that.”
While many jurisdictions are wrestling with copyright and privacy questions and emerging AI threats like disinformation (read on!), others that rely on state control of information have an added set of problems—namely, how to prevent AI from saying things you don’t want it to. It’s a challenge the Chinese government is tackling at the moment. The Financial Times reported this month that China’s Cyberspace Administration is mandating government reviews of AI models to ensure they generate no unwanted or politically controversial outputs. Yet it’s not at all clear to what degree AI can be censored, or what the consequences of inhibiting certain kinds of outputs might be.
AI threat trends
Interpol’s deep dive into deepfakes
AI regulation and law enforcement converge around deceptive uses of artificial intelligence, which range from mischievous (more of a regulatory concern) to malicious (where the police come in). Deepfakes in particular are on the minds of the folks at Interpol, who recently published a paper titled, Beyond Illusions: Unmasking the Threat of Synthetic Media for Law Enforcement. (See our last AI Pulse for a Trend Micro take on the deepfake topic.)
Interpol says law enforcement agencies need new knowledge and technology to determine when images, video, and audio have been faked with AI. The report gives some compelling examples of criminal uses of synthetic media, including deepfaked exploitative images of children, extortionate audio scams, and even the generation of fake passports and IDs.
It also touches on the question of fair use: the tension between creative freedom and copyright protection that lies behind some of the conflicts noted above, which may require redefinition in the context of a “transformative” technology like AI.
Will the real G-man please stand up?
Like their counterparts at Interpol, authorities in the U.S. are also worried about the potential for AI to ratchet up cybercrime. In June, the FBI issued a warning for members of the public to watch for texts, calls, and emails pretending to come from law enforcement agencies but really created by scammers to extort money or personally identifying information. As the Bureau noted, police never call people threatening to arrest them or demand money. That came on the heels of a May warning about the rising use of AI in “sophisticated phishing/social engineering attacks and voice/video cloning scams.”
Scammers have no shame
The schemes highlighted by the FBI and Interpol underscore the viciously predatory nature of cyber fraud, which will only be worsened by the speed, scale, and targeting capabilities of AI. In many cases, cybercriminals exploit people’s deepest fears about legal trouble, the health and safety of loved ones, and financial security—including employment.
That last one has been the subject of a fair bit of coverage in the last year or so. As Fox Business reported, job scams were up a shocking 118% in 2023 due to AI, which allows scammers to make their messages and web pages seem more legitimate, and even to incorporate deepfake imagery and audio.
What’s next in AI regulation
How to avoid a world of hurt
Reflecting on the current state of AI advancement, a few things are crystal clear.
The first is that AI companies are going to keep pushing to soak up as much data as they can. Today’s AI models are like Sesame Street’s Cookie Monster: bottomless and always hungry for more.
That means AI regulations are critically important. Anyone building an AI application should adopt their own guardrails to ensure they’re using appropriate data in appropriate ways—and should be transparent about where they’re getting their data from—but given the realities of competition and ‘innovation fever’, external constraints are also needed.
This is only going to become truer with the arrival of agentic AI.
When AI makes decisions for itself
Unlike today’s large language models (LLMs), which require user prompts to execute tasks, agentic AI will involve the use of goal-driven autonomous agents that make decisions and trigger actions inside systems on their own. Instead of being programmed with the explicit ‘how’ of solving a particular problem, they will be built to figure out the problem-solving for themselves.
If we already have concerns that ingested training data may contain proprietary or personal information that could be exposed in AI outputs when those outputs are more or less under human control, what will happen when those outputs are autonomous and invisible?
AI regulations need teeth to ensure such systems are designed with data privacy and integrity in mind. As we’ve seen, Brazil, Italy, the EU and other jurisdictions have so far shown a commitment to those kinds of controls. In other places, regulators may face an uphill battle. The U.S. Supreme Court decision in June 2024 to disallow federal agencies from interpreting the law and how to apply it hamstrings AI oversight and could drastically slow down regulatory action by forcing urgent questions into the courts.
What can be done?
Outside of strong, smart AI regulations, organizations need to shift left and build security and privacy into their software development and adoption cycles as early as they possibly can. Silos will lead to catastrophes—data leaks, lawsuits, or reputational damage caused by inadvertent or willfully ignorant misuse of AI-related data.
The sad truth is that the biggest players have the least to lose: they have deep pockets and the market position to withstand a few knocks. It’s smaller AI firms and enterprises using AI outputs that could find themselves in breach of laws and regulations like the GDPR and suffer fines, lost customer trust, and even prison sentences for executives.
In the end, solid internal guardrails complemented by healthy regulatory regimes will allow the world to reap the benefits of AI as it evolves without compromising personal privacy, identity, or security.
More AI perspectives from Trend Micro
Check out these additional resources: