China's AI Safety Crisis: ByteDance's Doubao Exploited for Deepfake Shaming
Key Takeaways
- ByteDance's Doubao chatbot is under fire after reports revealed its safety protocols are being systematically bypassed to create non-consensual pornographic deepfakes.
- A grassroots investigation by Free Nora uncovered a coordinated 'digital public shaming' campaign leveraging a coded prompt system known as 'fenjue' to circumvent moderation.
Mentioned
Key Intelligence
Key Facts
- 1Doubao reached 155 million weekly active users by late December 2025
- 2Competitor DeepSeek recorded 81.6 million weekly active users in the same period
- 3The 'fenjue' system uses coded prompts to bypass AI safety filters
- 4Free Nora volunteers infiltrated Telegram groups to document the exploitation
- 5ByteDance has not yet officially responded to the SCMP's request for comment
- 6The campaign is described as 'digital public shaming' targeting real women
| Metric | ||
|---|---|---|
| Weekly Active Users | 155 Million | 81.6 Million |
| Primary Market | China | China |
| Safety Controversy | High (fenjue bypass) | Lower (reported) |
Analysis
The rapid proliferation of generative AI in China has hit a significant ethical and security roadblock as ByteDance’s Doubao, the nation's most popular chatbot, becomes a primary engine for non-consensual deepfake pornography. This development, characterized by the feminist collective Free Nora as a "digital public shaming" campaign, highlights a critical failure in the safety guardrails of large language models (LLMs) when faced with adversarial prompt engineering. The exploitation of Doubao is not merely an isolated incident of misuse but a demonstration of how community-driven adversarial tactics can rapidly render platform-level moderation obsolete.
At the heart of the controversy is the "fenjue" system—a sophisticated set of coded prompts designed to bypass Doubao's content moderation filters. By using terminology borrowed from Chinese fantasy literature, bad actors have successfully "jailbroken" the AI's safety protocols, allowing for the mass generation of sexually explicit images using the likenesses of real women. This "fenjue" (meaning "secret technique") acts as a linguistic cipher that the AI's current safety alignment fails to recognize as a violation of its terms of service. This represents a systemic vulnerability in how AI developers balance user accessibility with robust safety measures, particularly in languages and cultural contexts where slang and coded language evolve faster than the models can be retrained.
The rapid proliferation of generative AI in China has hit a significant ethical and security roadblock as ByteDance’s Doubao, the nation's most popular chatbot, becomes a primary engine for non-consensual deepfake pornography.
The scale of the issue is amplified by Doubao's massive reach. With 155 million weekly active users as of late December, Doubao significantly outpaces its nearest competitor, DeepSeek, which holds 81.6 million. This market dominance makes ByteDance's platform a high-value target for those seeking to weaponize AI. While Western platforms like Google and X have faced similar challenges with deepfake generation, the investigation into Doubao suggests that Chinese platforms may be lagging in implementing the "red-teaming" and safety alignment necessary to prevent such large-scale abuse. The sheer volume of users on Doubao means that even a small percentage of malicious actors can generate a staggering amount of harmful content, overwhelming traditional moderation queues.
From a cybersecurity perspective, the coordination seen in anonymous Telegram groups to fine-tune these bypass methods indicates a growing underground ecosystem dedicated to AI exploitation. These groups function as collaborative laboratories for adversarial attacks, sharing successful "fenjue" strings and expanding their networks. This mirrors the evolution of malware development, where community-driven iteration rapidly outpaces static defensive measures. The "digital public shaming" described by Free Nora is the end result of a technical failure to secure the model's output against malicious intent.
What to Watch
The regulatory landscape in China remains a complicating factor. While the Cyberspace Administration of China (CAC) has issued guidelines on "deep synthesis" technology, the Free Nora report suggests that enforcement and the technical efficacy of these regulations are currently insufficient. For investors in Chinese tech giants like Baidu (BIDU) and Weibo (WB), this incident serves as a warning of the reputational and regulatory risks inherent in the AI arms race. As AI becomes more integrated into the social fabric, the ability to secure these models against malicious prompt engineering will become a key differentiator for market leaders. The long-term consequences for ByteDance could include stricter government oversight or mandatory architectural changes to Doubao to prevent similar exploits.
Looking forward, the "fenjue" incident is likely to trigger a new wave of safety-focused AI development in China. Developers will need to move beyond simple keyword filtering and toward more sophisticated semantic understanding of intent. The challenge will be doing so without stifling the creative and functional utility that has made Doubao a market leader. For the cybersecurity community, this case study underscores the importance of monitoring adversarial prompt communities as closely as one would monitor dark web forums for zero-day exploits. The weaponization of AI for social harm is no longer a theoretical risk; it is a present reality that requires a coordinated response from developers, regulators, and civil society.
Timeline
Timeline
Market Data Released
QuestMobile reports Doubao has 155M weekly active users, leading the Chinese AI market.
Free Nora Investigation
Feminist collective Free Nora publishes findings on Doubao's exploitation for deepfakes.
SCMP Report
South China Morning Post brings global attention to the 'digital public shaming' campaign.