Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

From dating scams to fake lawyers: OpenAI details ChatGPT misuse in new threat report

February 26, 2026 5 min read Science & Technology Internal Security GS Paper 3 (Science & Technology Cyber Security Internal Security)
On This Page

What Happened

  • OpenAI published a new threat intelligence report documenting the systematic misuse of its ChatGPT platform by criminal networks and state-linked actors across multiple categories of cybercrime and influence operations.
  • A Cambodia-based romance scam network ("Operation Date Bait") used a hybrid of manual ChatGPT prompting and automated AI chatbots to target young men in Indonesia through a fake dating agency, directing victims to Telegram where they were further defrauded.
  • Several ChatGPT accounts were used to impersonate law firms and legal professionals, creating convincing fraudulent communications to re-victimise individuals who had previously lost money to scams — under the guise of recovering their losses.
  • A network with alleged links to China used generative AI to craft and edit content targeting Japanese political figures, including a smear campaign against a senior Japanese political leader.
  • OpenAI banned all identified accounts and detailed the techniques used, including use of paid social media advertising and cross-platform coordination.

Static Topic Bridges

India's primary legislation governing cybercrime is the Information Technology Act, 2000 (IT Act) and its 2008 amendment. While the IT Act predates generative AI, its provisions on identity fraud, impersonation, and cheating through electronic means are applicable to AI-enabled cybercrimes.

  • Section 66C (IT Act): Fraudulent use of electronic signature, password, or unique identification — up to 3 years imprisonment and ₹1 lakh fine; directly applicable to AI-generated impersonation of lawyers/officials
  • Section 66D (IT Act): Cheating by personation using computer resources — up to 3 years imprisonment and ₹1 lakh fine; covers fake AI lawyer/dating agency fraud
  • Section 420 (IPC, now BNS Section 318): Cheating and dishonestly inducing delivery of property — applicable to romance scam fraud
  • Bharatiya Nyaya Sanhita (BNS) 2023: Replaces IPC; retains and strengthens fraud and impersonation provisions
  • India's Telecom Cyber Fraud Rules (2024) under Telecom Act, 2023: Mandate detection and blocking of fraudulent calls and messages — relevant for AI-generated voice/text fraud
  • CERT-In (Computer Emergency Response Team India): Primary body to receive and respond to cybersecurity incidents; reports to MeitY

Connection to this news: The fraud typologies documented in OpenAI's report — fake law firms, romance scams, impersonation — directly map to offences under India's IT Act. The AI-amplification of these schemes (through chatbots, automated social media ads, and cross-platform coordination) tests whether current Indian law's penalties and enforcement mechanisms are adequate.

Generative AI Misuse: Deepfakes, Influence Operations, and Information Warfare

Generative AI tools — including large language models (LLMs) like ChatGPT and image generators — have created new vectors for information warfare and influence operations. State-linked actors can use AI to produce large volumes of convincing disinformation, craft targeted propaganda in local languages, and impersonate officials or media outlets at scale.

  • OpenAI's report identifies China-linked actors using ChatGPT for political influence operations in Japan — a precedent for potential India-targeted operations given geopolitical tensions
  • Deepfake regulations: India's Ministry of Electronics and Information Technology (MeitY) issued advisories in 2023 directing intermediaries to take down deepfakes within 36 hours; the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 require due diligence
  • Election Commission of India (ECI) has issued directives to platforms to remove AI-generated misinformation during election periods
  • India's Ministry of External Affairs has flagged state-sponsored disinformation from hostile neighbours targeting Indian public opinion and military morale
  • UN General Assembly Resolution (March 2024): First global AI governance resolution, calling for safe, secure, and trustworthy AI — India co-sponsored

Connection to this news: OpenAI's documented case of AI-aided targeting of a Japanese political leader is a proof of concept for how generative AI can be weaponised in information warfare. India, as a large democracy with active geopolitical adversaries, is a plausible target for similar AI-augmented influence campaigns.

AI Companies as Quasi-Regulatory Actors: The Role of Private Threat Intelligence

OpenAI's voluntary publication of a threat report — in which it identifies, bans, and publicly discloses malicious actors — reflects a growing reality: large AI companies act as de facto security institutions alongside governments. This raises important governance questions about accountability, transparency, and the adequacy of private-sector self-regulation.

  • OpenAI publishes "Disruption Reports" documenting abuse — voluntary, with no legal obligation to do so
  • Google, Microsoft, and Meta have similar threat intelligence functions, sharing data with government CERTs and law enforcement
  • The EU AI Act (2024) — the world's first comprehensive AI law — places binding obligations on high-risk AI providers including cybersecurity logging and incident reporting to authorities
  • India's Digital Personal Data Protection Act (DPDPA), 2023 applies to data fiduciaries including AI companies operating in India; breach notification is mandatory
  • The proposed India AI Safety Institute (announced 2024 under IndiaAI Mission) would create a governmental counterpart to private AI safety functions

Connection to this news: India's regulatory architecture is evolving: the DPDPA 2023 and IndiaAI Mission's safety provisions address data protection and safe AI development. However, there is currently no Indian law requiring AI companies to report misuse incidents to government authorities — a gap highlighted by the OpenAI report's voluntary disclosure model.

Key Facts & Data

  • "Operation Date Bait": Cambodia-based romance scam network using ChatGPT targeting Indonesian men via fake dating agency
  • Victims re-victimised: AI-generated fake law firm messages promised to recover lost scam money
  • China-linked influence operation: Targeted Japanese political leader with AI-generated smear content
  • OpenAI action: Banned all identified accounts; report published February 2026
  • India's IT Act 2000 Section 66C: Up to 3 years and ₹1 lakh fine for fraudulent identity use
  • Section 66D: Cheating by personation via computer — up to 3 years and ₹1 lakh fine
  • CERT-In: India's national cybersecurity incident response body under MeitY
  • EU AI Act (2024): World's first binding AI law — includes misuse logging, incident reporting obligations
  • India DPDPA 2023: Mandatory breach notification for data fiduciaries
  • UN GA AI Resolution (March 2024): India co-sponsored; calls for safe and trustworthy AI
  • IndiaAI Mission (2024): ₹10,371 crore; includes AI Safety Institute proposal