Imagine an image generation model whose loss function is essentially "make this other model classify your image as CSAM."
I'm not entirely convinced whether it would create actual CSAM instead of adversarial examples, but we've seen other models of various kinds "reversed" in a similar vein, so I think there's quite a bit of risk there.
Isn't this - more or less - already happening?
Perpetrators that don't find _some way_ of creating/sharing csam that's low risk get arrested. The "fear of being in jail" is already driving these people to invent/seek out ways to score a 0.1.
And not "you" unless you are operating a service and this evidence is found in your systems.
This is how "g-men" misinformation of born
If it's just a general cynical "all gubernment is bad and full of pedos" then I'm not sure what the comment adds to this discussion.