Russian & Chinese AI Evade Bot Detection, Mimic Humans

State-linked influence operations from Russia and China have entered a new, more dangerous phase. These actors are no longer relying on flooding social media with low-quality posts. Instead, they now leverage artificial intelligence to make their accounts look and act more like real people, thereby evading traditional bot detection methods. This represents a significant evolution in their tactics, as detailed in a

The shift is subtle but significant, marking a clear evolution in how foreign interference works in the age of AI.

For years, researchers tracked inauthentic accounts pushing pro-Russia and pro-China narratives on platforms like X, formerly Twitter. What stood out in the past was sheer volume, with automated bots churning out posts at a rapid pace.

Today the picture looks different, as these accounts post less often, use more images, and even mimic sleep patterns to avoid platform moderation tools.

Analysts at TwoSixTech developed a new machine learning methodology to identify these inauthentic accounts on X with high confidence, applying it to data from 2024, 2025, and 2026.

The team found that both Russian and Chinese actors cut their post volumes in half while improving content quality, as the analysts at TwoSixTech said in a report shared with Cyber Security News (CSN).

The findings show adversaries clearly learning from past mistakes. Instead of creating new accounts through AI agents, these actors repurpose older accounts for fresh campaigns.

The number of active inauthentic accounts on X remained in the thousands, ranging from 5,000 to 11,000 each for China and Russia across all three years studied.

These operations are no longer just about hiding in plain sight. They actively work to shape public opinion with richer and more persuasive content.

The use of AI-generated images, multilingual posts, and human-like activity patterns points to a long-term, calculated strategy rather than a quick disruption effort.

Russian and Chinese Influence Actors Use AI

One of the most striking findings is how these accounts use AI to mimic human behavior and slip past bot detection systems.

Pro-Russia and pro-China accounts now post at slower speeds, and many pro-Russia accounts stay inactive for long stretches each day, effectively simulating a person who sleeps at night.

The share of original posts with images more than quadrupled for pro-Russia accounts and doubled for pro-China accounts between 2024 and 2026.

Some of these images are AI-generated and used to add emotional weight to narratives. Pro-Russia accounts also expanded their language use to a median of six languages, up from just two in 2024, with AI likely driving that translation capability.

Despite these upgrades, most accounts still fail to gain real traction. The typical inauthentic account received just one engagement for every 3 to 50 posts.

TwoSixTech identified an average of 15 pro-Russia outlier accounts each year with tens of thousands of real followers, averaging 17 to 22 engagements per post and acting as content hubs fueling the broader inauthentic network.

Shifting Narratives Against the United States

One of the most notable findings involves pro-Russia actors sharply increasing attacks on the United States and President Trump.

This marks a reversal from earlier pro-Trump messaging that once defined Russian influence operations. The shift is linked to Moscow’s frustration that the administration has not pushed Ukraine toward terms favorable to Russia.

Between 2024 and 2026, anti-US narratives from pro-Russia accounts surged. Personal attacks on the president and other US figures rose 264 percent, while narratives about US military weakness climbed 263 percent.

Anti-US conspiracy theories rose 124 percent, and messaging tied to US imperialism went up 65 percent.

Pro-China actors consistently pushed anti-US narratives across all three years, with growing focus on framing China as the leader in the global AI race.

In 2026, accounts began portraying Japanese Prime Minister Sanae Takaichi as a US puppet, marking a geographic expansion of the campaign.

TwoSixTech recommends that platforms invest in AI-powered detection tools capable of catching behavioral signals beyond simple post volume.

The firm also urges researchers and platforms to monitor the repurposing of aged accounts, since that tactic makes inauthentic networks far harder to detect through conventional methods.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.