An investigation into Telegram communities across Spain and Italy uncovers how men are sharing and profiting from thousands of nonconsensual images of their girlfriends, wives, acquaintances, and former partners.

The AI Forensics investigation, Harassment as infrastructure, claims that the encrypted messaging platform is taking advantage of the same privacy features that millions rely on to create a structured, monetized, and largely automated ecosystem of abusive and nonconsensual images.

The investigation notes that on just 16 groups and channels on Telegram across Italy and Spain, researchers identified more than 24,000 active participants, with individual groups reaching tens of thousands of members.

The report tracked how content routinely moves across communities and borders, with 72% of Spanish content also appearing within the Italian groups.

Rather than standalone spaces, investigators argued that these groups are forming a harmful abuse network, which they describe as a “repository and redistribution layer” for material pulled from across the internet.

The authors of the report describe a model in which large channels act as distribution hubs, pushing content out to thousands. Smaller groups handle interaction and exchange, and private chats take over when visibility becomes a risk.

Links constantly redirect users between channels, bots, and external platforms.

“Telegram appears to serve as a hub for the organization, amplification, and circulation of abusive content across interconnected communities,” the report says.

Nonconsensual abusive images of people they know

Researchers found a significant portion of the content involved women known personally to the abusers, as the report notes victims are predominantly “ordinary women” and include “partners, acquaintances and former partners of perpetrators,” alongside public figures.

The report adds that, in many cases, the women targeted appear to be unaware that their images are being collected, exchanged, or discussed within these networks, as perpetrators also share images and videos taken with hidden cameras or filmed while the victims are asleep.

The victims are also often identifiable and their privacy breached, as the report noted: “They are named, tagged, and locatable via shared profile links,” with entire sections of groups dedicated to targeting specific people.

Researchers point out that the same features that protect privacy and the freedom to communicate are also enabling large-scale coordination of abusive images in spaces that are difficult to monitor.

Because these features are “to a significant degree, embedded into the platform’s architecture, it allows abusive behavior to develop, with a “relatively high sense of security and impunity.”

Scaling of “nudifying” apps

Automation scales this abuse, the researchers add, with the platform’s ability to generate invite links, organize content, enforce rules, and connect users to additional services.

The research reveals the word “bot” is mentioned 16,232 times across the analyzed messages, and encompasses different practices, including AI-manipulation of images, hacking or spy bots, and doxxing bots.

The most demanded were AI girlfriend bots (almost 50%), followed by AI-driven tools (20%) capable of generating fake explicit images from ordinary photos – so-called “nudifying” apps.

These tools were found to be widely shared, promoted, and sometimes sold within the same networks. These are used on influencers, public figures, but also women known personally to the users, turning everyday photos people share innocently on Instagram into nonconsensual content.

Whereas before, it may have taken some technical knowledge to do this, these tools lower the barrier to entry.

Users were even observed sharing tips regarding prompts to generate sexualized or nudified images on mainstream commercial chatbots such as Grok and Gemini.

Researchers found that this kind of automation has increased “the volume, speed and ease of abuse, scaling participation and expanding the number of potential victims.”

Conventional payment systems widely used

Across the groups analyzed, abusive content is routinely monetized like any other online marketplace. Users advertise access to private archives, curated collections of images and videos, and exclusive channels. Prices range from €20 to €50 for “lifetime access,” or smaller recurring subscriptions.

Payments are handled through a variety of systems, not just crypto. Digital payment systems included Apple Pay, Bizum (a Spanish bank-linked payment system), PayPal, and even bank transfers.

The report argues the ability of abuse sites on Telegram to generate advertising and revenue means that “it is not in the platform’s interest to proactively and aggressively moderate content.”

Telegram’s premium subscriptions generated $292 million, with the subscriber base growing to 15 million by May 2025.

Currently, attempts to remove these groups have had limited effect. The report documents how groups are frequently removed only to “reopen under the same names just a few hours later.”

What happens next?

Researchers stop short of calling for a single fix but suggest a broad set of interventions targeting the infrastructure that enables abusive content to scale.

At a platform level, they argue that Telegram should be subject to stronger regulatory scrutiny for technology-facilitated gender-based violence (TFGBV).

They suggest this includes designation under the EU’s highest tier of platform oversight, which would trigger “enhanced obligations including algorithmic transparency and risk assessments for TFGBV.”

This would mean that the platform would be required to assess how its own features contribute to harm, and take preventative action rather than reactivate after the fact.

The investigators also call for mandatory detection systems and “meaningful victim redress mechanisms… with maximum 24-hour takedown timelines”.

“Moderation alone is not enough”

Investigators argue that the law needs to be updated to reflect the kinds of platform-mediated sexual violence that are taking place at scale, rather than focusing narrowly on one-off incidents or individuals.

This also includes targeting the wider ecosystem that supports these networks, including payment providers. The report suggests that requiring payment companies to detect and block transactions related to abusive services is an enforceable measure.

AI tools are another focus. The report proposes to ban the development, distribution, and commercial use of technologies designed to generate nonconsensual imagery.

​​Charlotte Wilson, head of enterprise at Check Point, added that these commercially available tools, often marketed under the guise of parental controls or employee monitoring, are being deliberately misused.

“The companies building and selling them are not naive about how they're being used, and they need to be held accountable,“ she said.

“Technology-facilitated abuse is a cybersecurity issue, a safety issue, and let's be honest, a women's rights issue. It deserves the same urgency, investment, and collective response as any other category of threat we face.”

Charlotte Wilson, head of enterprise at Check Point.

The report’s authors also recommend specialized training for police and prosecutors, including the ability to trace activity across platforms, preserve evidence from disappearing messages, and move faster on cases where content can spread within hours.

Telegram claims that nonconsensual pornography, including deepfake pornography, is explicitly forbidden by Telegram’s terms of service and is removed whenever discovered.

A spokesperson told media outlet Wired: “We firmly reject the idea that Telegram profits from content we are actively taking down. Telegram abides by EU law, and all appropriate obligations set forth by the Digital Services Act and remains in constant communication with the EU Commission.”

---

Unlock more exclusive Cybernews content on YouTube.