AI-Generated Spam Infiltrates Major Websites: Nvidia, CDC, and Others Affected

Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'?

Domains owned by Nvidia, Stanford, NPR and the U.S. government are being quietly eaten by AI slop. Web domains owned by Nvidia, Stanford, NPR, and the U.S. government are hosting pages full of AI slop articles that redirect to a spam marketing site. On a site seemingly abandoned by Nvidia for events, called events.nsv.nvidia.com, a spam marketing operation moved in and posted more than 62,000 AI-generated articles, many of them full of incorrect or incomplete information on popularly-searched topics, like salon or restaurant recommendations and video game roundups. Few topics seem to be off-limits for this spam operation. On Nvidia's site, before the company took it down, there were dozens of posts about sex and porn, such as "5 Anal Vore Games," "Brazilian Facesitting Fart Games," and "Simpsons Porn Games." There's a ton of gaming content in general, NSFW or not; Nvidia is leading the industry in chips for gaming. "Brazil, known for its vibrant culture and Carnival celebrations, is a country where music, dance, and playfulness are deeply ingrained," the AI spam post about "facesitting fart games" says. "However, when it comes to facesitting and fart games, these activities are not uniquely Brazilian but rather part of a broader, global spectrum of adult games and humor." Less than two hours after I contacted Nvidia to ask about this site, it went offline. "This site is totally unaffiliated with NVIDIA," a spokesperson for Nvidia told me. On the vaccines.gov domain, topics for spam blogs include "Gay Impregnation," "Gay Firry[sic] Porn," and "Planes in Top Gun." The same AI spam farm operation has also targeted the American Council on Education's site, Stanford, NPR, and a subdomain of vaccines.gov. Each of the sites have slightly different names -- on Stanford's site it's called "AceNet Hub"; on NPR.org "Form Generation Hub" took over a domain that seems to be abandoned by the station's "Generation Listen" project from 2014. On the vaccines.gov site it's "Seymore Insights." All of these sites are in varying states of useability. They all contain spam articles with the byline "Ashley," with the same black and white headshot. NPR acknowledged but did not comment when reached for this story; Stanford, the American Council on Education, and the CDC did not respond. This isn't an exhaustive list of domains with spam blogs living on them, however. Every site has the same Disclaimer, DMCA, Privacy Policy and Terms of Use pages, with the same text. So, searching for a portion of text from one of those sites in quotes reveals many more domains that have been targeted by the same spam operation. Clicking through the links from a search engine redirects to stocks.wowlazy.com, which is itself a nonsense SEO spam page. WowLazy's homepage claims the company provides "ready-to-use templates and practical tips" for writing letters and emails. An email I sent to the addresses listed on the site bounced. Technologist and writer Andy Baio brought this bizarre spam operation to our attention. He said his friend Dan Wineman was searching for "best portland cat cafes" on DuckDuckGo (which pulls its results from Bing) and one of the top results led to a site on the events.nsv.nvidia domain about cat cafes. In the case of the cat cafes, other sites targeted by the WowLazy spam operation show the same results. Searching for "Thumpers Cat Cafe portland" returns a result for a dead link on the University of California, Riverside site with a dead link, but Google's AI Overview already ingested the contents and serves it to searchers as fact that this nonexistent cafe is "a popular destination for cat lovers, offering a relaxed atmosphere where visitors can interact with adoptable cats while enjoying drinks and snacks." It also weirdly pulls a detail about a completely different (real) cat cafe in Buffalo, New York reopening that announced its closing on a local news segment that the station uploaded to YouTube, but adds that it's reopening on June 1, 2025 (which isn't true). A lot of it is also entirely mundane, like the posts about solving simple math problems or recommending eyelash extension salons in Kansas City, Missouri. Some of the businesses listed in the recommendations for articles like the one about lash extension actually exist, while others are close names ("Lashes by Lexi" doesn't exist in Missouri, but there is a "Lexi's Lashes" in St. Louis, for example). All of the posts on "Event Nexis" are gamified for SEO, and probably generated from lists of what people search for online, to get the posts in front of more people, like "Find Indian Threading Services Near Me Today." AI continues to eat the internet, with spam schemes like this one gobbling up old, seemingly unmonitored sites on huge domains for search clicks. And functions like AI Overview, or even just the top results on mainstream search engines, float the slop to the surface.

US government vaccine hub, Nvidia events page abused in cyberattack spewing out AI slop

NPR, Stanford, and some US government sites were also taken over Several Nvidia-owned web domains were hijacked to show explicit and AI-generated content in a spam campaign that also targeted NPR, Stanford, and US Government sites. The Nvidia page, events.nsv.nvidia[,]com has now been taken down, but was seemingly an events site. The page was taken over and more than 62,000 AI-generated articles were posted, primarily containing incorrect or incomplete information about popular search topics like video game round-ups or restaurant recommendations. Elsewhere, a domain belonging to the US Department of Health and Human Services (HHS) advising on vaccines was also targeted, being defaced in a similar fashion. It's not clear who hijacked the site or the purpose behind it, since the AI slop doesn't seem to have a consistent theme or angle. The links in the pages direct to a "nonsense SEO spam page" stocks.wowlazy[.]com. Much of the content appears to have been apparently explicit, but much was also "entirely mundane" - the spam campaign was discovered thanks to a technologist who was searching for 'best Portland cat cafes' on DuckDuckGo and was directed to the events.nsv.nvidia[,]com site and a spam page about cat cafes. This isn't the first time that cybercriminals have hijacked websites in order to post their own content, but usually this contains some type of malware of infostealer to gain profit from the spam campaigns - but as far as we can see, that wasn't the case on this occasion. SEO seems to be a tool that cybercriminals are taking advantage of in order to deliver malware (or not) to a wider audience. To mitigate the risk from this type of attack, users should disable push notifications from sites they don't know/trust, and be very cautious with unfamiliar links. TechRadar Pro did reach out to the CDC, NPR, Stanford, and Nvidia for comment but haven't yet received a response.

AI slop ended up on Nvidia and CDC pages. All it took was some neglected URLs and a little SEO magic.

AI was used to turn legit pages into digital dumpster fires. Featuring fart games and fake news. There's a strange phenomenon happening on what appear to be legitimate websites from major companies like Nvidia and federal agencies such as the U.S. Centers for Disease Control (CDC) that are hosting AI slop. It appears that a spam marketing operation hijacked abandoned subdomains from companies and organizations, including Nvidia, the CDC, American Council on Education, Stanford, and NPR, according to a report from 404 Media. The AI slop found on these sites ranged from a hub for vaccines explaining what jets were flown in the movie Top Gun to Brazilian fart games on an Nvidia event page and just a lot of porn. The subdomains, such as events.nsv.nvidia.com, which were archived by 404 Media, have long since been abandoned by the respective organizations. However, as these domains were connected to legitimate entities, having content about "adult video games" on the site could make it a top result on Google, leading to traffic. It's likely this traffic was somehow monetized by the organization behind this hijacking. These sites have since been taken down by the respective entities or reverted back to their original form. As of the writing of this article, the website these domains were redirecting to, stocks.wowlazy.com, is no longer up. A summary at URLScan shows the site is seemingly still active and provides a screenshot, which appears to be AI-generated content. AI slop is low-quality content generated by artificial intelligence. Not that long ago, this was mainly written articles filled with certain keywords that would ideally rank high in certain Google searches. Thanks to more advanced AI models such as Midjourney and Sora, now this slop can include AI images and video. Just this past week, editors at Wikipedia revolted over the site's plan to test AI content. The idea was to test AI-generated summaries, called "simple summaries," that would be machine-generated to take existing Wikipedia articles and simplify them for readers. The human editors for the site claimed these AI summaries would ruin the site's reputation. While the Wikimedia Foundation says the rollout of this test is not happening, it does appear that it's not completely canceled and could be tried again with more input from the human editors. Social media is a breeding ground for AI slop. Last year, Facebook was seemingly taken over by this content, with the most prominent example being the Jesus Christ shrimp image. AI slop has made its way to all other platforms, and it will continue to become harder to distinguish the real content from AI-generated content. At its I/O event last month, Google released its AI-media tool, Veo 3, which was able to produce completely realistic video from text prompts. What followed soon after was a viral clip showcasing the completely realistic content generated by Veo 3, which was hard to identify as fake, except for the fake people in the video saying it was.