Coordinated Inauthentic Behavior
Coordinated inauthentic behavior is deceptive networked coordination that hides who is speaking, how much support exists, or why content is spreading. The core issue is not that a claim is wrong; it is that the audience, platform, or public record is being misled about the actors and the machinery behind the campaign.
Definition
Coordinated inauthentic behavior, or CIB, is best understood as a behavior-level integrity violation: multiple accounts, pages, groups, domains, personas, ads, media assets, or operators work together while concealing their control, identity, origin, purpose, or coordination. The phrase is closely associated with Meta's integrity policy, which treats CIB as a sophisticated form of inauthentic behavior involving false identities and adversarial methods to appear authentic or evade detection.
CIB is not identical to misinformation, spam, satire, mass disagreement, or ordinary political organizing. A campaign can spread true claims and still be inauthentic if it hides the coordinated operator behind them. Conversely, false information posted by a real person is not automatically CIB. The diagnostic question is whether the apparent crowd, source, popularity, or grassroots energy has been deceptively manufactured.
How It Works
Common components include fake or compromised accounts, recycled profile images, front pages or groups, burner domains, link farms, engagement pods, paid or undisclosed amplifiers, coordinated commenting, hashtag seeding, private coordination channels, and cross-platform laundering through screenshots or reposts.
Operators often mix authentic grievances with hidden coordination. That matters because removal reports can easily be misunderstood: a takedown of CIB should be read as a claim about deceptive network behavior, not as proof that every topic discussed by the network is false or illegitimate.
Attribution should also be handled narrowly. "Originated in," "targeted," "linked to," "state-affiliated," "commercially motivated," and "foreign interference" are different claims. A responsible account of CIB separates observed platform behavior from operator attribution and from the campaign's actual audience impact.
AI Relevance
Generative AI lowers the cost of persona backstories, message variation, translation, localization, image generation, synthetic voice, comment drafting, topic monitoring, and rapid adaptation after moderation. AI agents can also help schedule posts, scrape trends, summarize counter-messaging, or prepare variant replies across accounts.
The verified record is more restrained than the worst speculation. OpenAI's 2024 covert influence operations report said the campaigns it disrupted had not meaningfully increased audience engagement or reach through its services. Its June 10, 2026 report described PRC-linked clusters using ChatGPT for comments and images about U.S. AI data centers and tariffs, while also stating that it found no evidence of meaningful breakout beyond the operators' own activity. The risk is real, but governance should track demonstrated behavior, reach, and adaptation rather than assume that AI use by itself proves persuasive success.
Synthetic media still changes the evidentiary burden. If a campaign uses generated images, voice, or video, provenance, labeling, watermarking, detection, and archive practices become part of the integrity response, but they do not replace network analysis.
Current Context
As of June 15, 2026, major platforms, AI labs, governments, and civil-society researchers treat CIB as part of a broader trust-and-safety and election-integrity problem. Meta continues to publish inauthentic-behavior policy details and threat disruptions. AI providers such as OpenAI publish abuse reports describing how accounts use models in covert influence workflows. Investigative groups such as Graphika document cross-platform operations that may not be visible from any one service.
In the European Union, the Digital Services Act gives very large online platforms and search engines risk-assessment and mitigation duties for systemic risks, including election-related risks, recommender systems, advertising transparency, audits, and researcher access. The European Commission's 2024 election-risk guidelines and 2025 integration of the Code of Conduct on Disinformation into the DSA framework make CIB-like behavior a governance issue, not only a content-removal issue.
Governance and Safety
Good CIB governance is behavior-based, proportionate, and contestable. Platforms need account-authenticity signals, graph and timing analysis, rate limits, ad transparency, provenance tooling, cross-platform incident sharing, preserved evidence, public threat reporting, escalation paths for elections or crisis events, and user notice where disclosure will not compromise an investigation.
The same tools can overreach. Coordinated activism, anonymous speech, satire, whistleblowing, diaspora organizing, and shared campaign messaging can be legitimate. Enforcement should therefore explain the deceptive behavior at issue, preserve room for appeal, distinguish content moderation from account-integrity enforcement, and avoid using "CIB" as a vague label for political opposition.
For AI services, the safety task includes detecting suspicious account clusters, enforcing policies against deceptive influence operations, sharing indicators with affected platforms when lawful and appropriate, and publishing reports that do not give operators an evasion manual. For public institutions, the task is to protect elections and public safety while respecting speech, privacy, due process, and the right to organize without exposing every participant's identity.
Source Discipline
A credible CIB report should state the platform, date, dataset boundary, assets removed, observed behaviors, attribution basis, confidence level, target audience, content themes, confirmed or suspected AI use, and measured reach or engagement. Network size alone is not impact. Screenshots alone are not enough.
Source type matters. A platform takedown report, regulator action, government attribution, AI-lab abuse report, academic study, investigative report, leaked dataset, and news summary have different access to evidence and different incentives. The strongest public accounts disclose enough method to let readers separate observed behavior from interpretation while still protecting detection capabilities and vulnerable targets.
Spiralist Reading
For Spiralism, coordinated inauthentic behavior is synthetic congregation: a false crowd built to make real people feel that a reality has already formed. The injury is not only deception about a topic; it is deception about social evidence itself. A governed response should protect public memory without turning every anonymous or coordinated community into a suspect class.
Open Questions
- How much evidence should platforms publish after takedowns without teaching operators how detection works?
- How can anonymous organizing be protected while fake grassroots operations are exposed?
- What cross-platform indicators can be shared lawfully without creating private censorship pipelines?
- When a CIB network uses AI-generated media, which record should be preserved: the prompt trail, the generated asset, the posting account, the distribution graph, or all of them?
- Who can audit a platform's CIB claim when the strongest evidence is held by the platform itself?
Related Pages
Integrity and information disorder
Platform governance
- Platform Governance
- Trust and Safety
- Content Moderation
- Notice and Appeal
- Recommender Systems
- Digital Services Act
AI abuse surfaces
- AI Persuasion
- AI Agents
- Synthetic Media and Deepfakes
- Content Provenance and Watermarking
- AI Contact and Bot Disclosure
- Claim Hygiene Protocol
Sources
- Meta Transparency Center, Inauthentic Behavior policy, source.
- Meta Transparency Center, threat reporting and CIB disruptions, source.
- OpenAI, Disrupting deceptive uses of AI by covert influence operations, May 2024, source.
- OpenAI, PRC-linked influence operations are targeting AI debates in the US, June 10, 2026, source.
- European Commission, Guidelines for VLOPs and VLOSEs on the mitigation of systemic risks for electoral processes, April 26, 2024, source.
- European Commission, Code of Conduct on Disinformation under the DSA framework, February 13, 2025, source.
- NIST AI 100-4, Reducing Risks Posed by Synthetic Content, November 20, 2024, source.
- Graphika reports archive, source.