AI Threats Affecting the General Public

This page documents how AI-enabled threats affect the general public — the AI risks that consumers, end users, and everyday people face when interacting with AI systems in daily life. It is intended for anyone seeking to understand how AI threats to consumers manifest in practice, as well as consumer protection professionals and policymakers.

The general public is classified under the Individuals category — groups where harm is experienced by natural persons. This category distinguishes individual-level harms from organizational impacts (affecting institutions) and systems-level harms (affecting societal structures like democracy or national security). When harm is concentrated on a specific group (children, workers, vulnerable communities), those dedicated pages provide more targeted guidance.

This page summarizes recurring AI threat patterns, protective measures, and relevant regulatory context for the general public.

At a glance

• Primary threats: Synthetic media and misinformation, AI-powered social engineering, privacy erosion through behavioral profiling
• 107 documented incidents — the largest count of any affected group
• Key domains: Information Integrity, Security & Cyber, Privacy & Surveillance

---

How AI Threats Appear

The following are recurring patterns of AI-enabled harm documented across incidents affecting the general public. Each pattern reflects real-world events, not hypothetical risk.

Threat Pattern	Primary Domain	Key Indicator
Synthetic media and misinformation	Information Integrity	Content provoking emotional reactions without source attribution
Social engineering at scale	Security & Cyber	Communications inconsistent with sender’s usual behavior
Manipulative interfaces	Human-AI Control	Recommendations consistently pushing commercial outcomes
Privacy erosion	Privacy & Surveillance	Services requiring disproportionate personal data
Unreliable AI advice	Human-AI Control	AI providing specific medical, legal, or financial guidance

• Synthetic media and misinformation — AI-generated text, images, audio, or video that distorts public understanding, erodes trust, or enables fraud. Includes fabricated news articles, manipulated images, and AI-generated voices impersonating trusted figures.
• Social engineering at scale — Personalized phishing, scam messages, or impersonation attacks powered by language models that mimic trusted contacts and institutions with increasing sophistication.
• Manipulative interfaces — AI-driven recommendation systems, chatbots, or digital assistants that shape behavior through engagement optimization or dark patterns, prioritizing attention capture over user welfare.
• Privacy erosion — Behavioral profiling, facial recognition, and inference of sensitive attributes from everyday digital activity. AI systems that aggregate innocuous data points to derive sensitive personal information without explicit consent.
• Unreliable AI advice — Chatbots and AI assistants providing inaccurate medical, legal, or financial information that users act upon, with no clear accountability when the advice causes harm.

---

Relevant AI Threat Domains

• Information Integrity — Misleading or synthetic content that distorts public understanding of events, science, and policy
• Security & Cyber — AI-powered scams, impersonation, and social engineering targeting individuals at scale
• Privacy & Surveillance — Collection, inference, and misuse of personal data through AI-mediated services
• Discrimination & Social Harm — Algorithmic bias affecting access to services, opportunities, and fair treatment
• Human-AI Control — Overreliance on AI systems and loss of informed decision-making in everyday life

---

What to Watch For

Where the section above describes threat patterns, this section identifies concrete warning signs you may encounter and the immediate steps you can take in response.

• Content that seems designed to provoke emotional reactions or urgency — What you can do: Pause before sharing. Check the story on at least two reputable news sites. Look for fact-checks or source attributions before acting on emotionally charged content.

• Communications from contacts that seem inconsistent with their usual behavior — What you can do: Verify using a different channel — call, in-person, or a separate app. Avoid clicking links or sending money until you confirm the message is genuine.

• Services that require disproportionate personal data relative to their function — What you can do: Ask why each data point is needed. Decline non-essential permissions where possible. Look for an alternative service if explanations are vague or unavailable.

• AI-generated recommendations that consistently push toward specific commercial outcomes — What you can do: Compare offers using independent sources. Adjust recommendation settings where available. Use services that let you see and change personalization controls.

• Difficulty distinguishing AI-generated content from human-created content — What you can do: Use provenance and deepfake detection tools linked below. Reverse-image search suspicious visuals. Treat anonymous viral posts as unverified until checked through trusted sources.

---

Protective Measures

These are practical steps non-experts can take as part of everyday digital hygiene to reduce exposure to AI-enabled threats.

• Verify suspicious media — Deepfake detection and voice cloning detection tools can help identify AI-generated images, video, and audio. The practical guide to detecting deepfakes covers step-by-step evaluation approaches.
• Recognize AI-powered scams — AI phishing detection techniques help identify social engineering messages generated by language models. See the guide to detecting AI phishing for common indicators.
• Check content origins — Content provenance and watermarking standards verify the origin of digital content, while AI-generated text detection can flag machine-written articles and communications.
• Build general awareness — The AI threat protection overview provides a comprehensive introduction to available defensive tools and practices for everyday digital interactions.

Questions individuals can ask

Use these when evaluating AI-powered consumer products or services.

• “How do you use AI in this product or service?”
• “What personal data are you collecting, and can I opt out of AI training?”
• “If the AI makes a mistake that harms me, how can I report it or get it fixed?”
• “Is this image, video, or article verified by a trusted source or labeled as AI-generated?”

Questions community and public-interest organizations can ask

Use these when engaging with AI providers or advocating for regulatory safeguards.

• “What safeguards do you have to prevent scams or misinformation reaching our community?”
• “Can you show us how your AI systems are tested for bias or errors that affect the public?”
• “How can people report harmful AI outputs, and what response time do you commit to?”
• “Which laws or guidelines (such as the EU AI Act or consumer protection rules) are you using as a baseline?”

---

Regulatory Context

• EU AI Act — Classifies high-risk AI systems that affect fundamental rights, with transparency requirements for AI-generated content and disclosure obligations for consumer-facing AI
• NIST AI RMF — Provides risk management guidance for AI systems interacting with the public, including fairness and transparency principles
• FTC AI Guidance (US) — Consumer protection enforcement actions and guidance addressing deceptive AI practices, automated decision-making, and AI-enabled fraud targeting consumers

Enforcement remains uneven across jurisdictions, and many consumer-facing AI applications (chatbots, recommendation engines, generative tools) operate in regulatory gaps where existing frameworks have not yet been adapted to AI-specific risks.

---

Documented Incidents

Based on incident analysis, the general public is most frequently affected by threats in the Information Integrity and Security & Cyber domains, reflecting the prevalence of misinformation and AI-powered scams targeting everyday users.