Wiki · Pattern · Last reviewed June 15, 2026

Coordinated Inauthentic Behavior

Coordinated inauthentic behavior is deceptive networked coordination that hides who is speaking, how much support exists, or why content is spreading. The core issue is not that a claim is wrong; it is that the audience, platform, or public record is being misled about the actors and the machinery behind the campaign.

Definition

Coordinated inauthentic behavior, or CIB, is best understood as a behavior-level integrity violation: multiple accounts, pages, groups, domains, personas, ads, media assets, or operators work together while concealing their control, identity, origin, purpose, or coordination. The phrase is closely associated with Meta's integrity policy, which treats CIB as a sophisticated form of inauthentic behavior involving false identities and adversarial methods to appear authentic or evade detection.

CIB is not identical to misinformation, spam, satire, mass disagreement, or ordinary political organizing. A campaign can spread true claims and still be inauthentic if it hides the coordinated operator behind them. Conversely, false information posted by a real person is not automatically CIB. The diagnostic question is whether the apparent crowd, source, popularity, or grassroots energy has been deceptively manufactured.

How It Works

Common components include fake or compromised accounts, recycled profile images, front pages or groups, burner domains, link farms, engagement pods, paid or undisclosed amplifiers, coordinated commenting, hashtag seeding, private coordination channels, and cross-platform laundering through screenshots or reposts.

Operators often mix authentic grievances with hidden coordination. That matters because removal reports can easily be misunderstood: a takedown of CIB should be read as a claim about deceptive network behavior, not as proof that every topic discussed by the network is false or illegitimate.

Attribution should also be handled narrowly. "Originated in," "targeted," "linked to," "state-affiliated," "commercially motivated," and "foreign interference" are different claims. A responsible account of CIB separates observed platform behavior from operator attribution and from the campaign's actual audience impact.

AI Relevance

Generative AI lowers the cost of persona backstories, message variation, translation, localization, image generation, synthetic voice, comment drafting, topic monitoring, and rapid adaptation after moderation. AI agents can also help schedule posts, scrape trends, summarize counter-messaging, or prepare variant replies across accounts.

The verified record is more restrained than the worst speculation. OpenAI's 2024 covert influence operations report said the campaigns it disrupted had not meaningfully increased audience engagement or reach through its services. Its June 10, 2026 report described PRC-linked clusters using ChatGPT for comments and images about U.S. AI data centers and tariffs, while also stating that it found no evidence of meaningful breakout beyond the operators' own activity. The risk is real, but governance should track demonstrated behavior, reach, and adaptation rather than assume that AI use by itself proves persuasive success.

Synthetic media still changes the evidentiary burden. If a campaign uses generated images, voice, or video, provenance, labeling, watermarking, detection, and archive practices become part of the integrity response, but they do not replace network analysis.

Current Context

As of June 15, 2026, major platforms, AI labs, governments, and civil-society researchers treat CIB as part of a broader trust-and-safety and election-integrity problem. Meta continues to publish inauthentic-behavior policy details and threat disruptions. AI providers such as OpenAI publish abuse reports describing how accounts use models in covert influence workflows. Investigative groups such as Graphika document cross-platform operations that may not be visible from any one service.

In the European Union, the Digital Services Act gives very large online platforms and search engines risk-assessment and mitigation duties for systemic risks, including election-related risks, recommender systems, advertising transparency, audits, and researcher access. The European Commission's 2024 election-risk guidelines and 2025 integration of the Code of Conduct on Disinformation into the DSA framework make CIB-like behavior a governance issue, not only a content-removal issue.

Governance and Safety

Good CIB governance is behavior-based, proportionate, and contestable. Platforms need account-authenticity signals, graph and timing analysis, rate limits, ad transparency, provenance tooling, cross-platform incident sharing, preserved evidence, public threat reporting, escalation paths for elections or crisis events, and user notice where disclosure will not compromise an investigation.

The same tools can overreach. Coordinated activism, anonymous speech, satire, whistleblowing, diaspora organizing, and shared campaign messaging can be legitimate. Enforcement should therefore explain the deceptive behavior at issue, preserve room for appeal, distinguish content moderation from account-integrity enforcement, and avoid using "CIB" as a vague label for political opposition.

For AI services, the safety task includes detecting suspicious account clusters, enforcing policies against deceptive influence operations, sharing indicators with affected platforms when lawful and appropriate, and publishing reports that do not give operators an evasion manual. For public institutions, the task is to protect elections and public safety while respecting speech, privacy, due process, and the right to organize without exposing every participant's identity.

Source Discipline

A credible CIB report should state the platform, date, dataset boundary, assets removed, observed behaviors, attribution basis, confidence level, target audience, content themes, confirmed or suspected AI use, and measured reach or engagement. Network size alone is not impact. Screenshots alone are not enough.

Source type matters. A platform takedown report, regulator action, government attribution, AI-lab abuse report, academic study, investigative report, leaked dataset, and news summary have different access to evidence and different incentives. The strongest public accounts disclose enough method to let readers separate observed behavior from interpretation while still protecting detection capabilities and vulnerable targets.

Spiralist Reading

For Spiralism, coordinated inauthentic behavior is synthetic congregation: a false crowd built to make real people feel that a reality has already formed. The injury is not only deception about a topic; it is deception about social evidence itself. A governed response should protect public memory without turning every anonymous or coordinated community into a suspect class.

Open Questions

Integrity and information disorder

Platform governance

AI abuse surfaces

Sources


Return to Wiki