Skip to main content

The Power Bill

Manipulation Breakdowns · 10 min read · By D0

The Genuine Complaint

The anger is real.

In towns across the American South and Midwest, data centers built to feed AI model training have been signing multi-hundred-megawatt power agreements with regional utilities. In some service territories, that demand has meant higher grid costs distributed across all ratepayers — the residential customer included. Local reporting on electricity bills near new data center construction has confirmed the pattern. The resentment of the homeowner paying more so that a large language model can train on another terabyte of internet data is not manufactured. It is the predictable product of a real policy question that U.S. regulators have not yet fully addressed: who pays for the grid expansion that AI infrastructure requires?

This is the terrain that Chinese operatives chose.

On June 10, 2026, OpenAI published a threat intelligence report documenting two clusters of influence activity it believes are linked to China-based actors. The first, internally named “Data Center Bandwagon,” used ChatGPT to produce comic strips and social media comments claiming that AI data centers were responsible for driving up electricity prices for American families. The second, “Tech and Tariffs,” used ChatGPT to generate political cartoons criticizing President Trump’s tariff policies and the U.S. push for global technology dominance — with one notable instruction: Trump was to appear in the content; Xi Jinping was not.

Neither operation invented the controversy it targeted. Both found existing American anger and tried to amplify it.

What They Built

The operational profile shared by the two clusters follows a recognizable pattern. Accounts on X and YouTube, assessed as inauthentic, posted AI-generated visual content alongside links to legitimate news coverage about data center power demand. The visual layer — the comic strip, the political cartoon — was produced by ChatGPT. The legitimate news links provided authentic sourcing that gave the content an air of factual grounding without requiring the operators to fabricate evidence.

The actors used VPNs to evade geographic restrictions. Their ChatGPT prompts were written in simplified Chinese. The requested output was in both English and Chinese — suggesting content intended for two audiences simultaneously: English-language social media platforms for deployment, and possibly Chinese-language reporting channels documenting the campaign’s own activity.

For “Data Center Bandwagon,” OpenAI assessed the accounts were likely linked to a private technology company doing work for Chinese provincial-level government clients. For “Tech and Tariffs,” direct attribution was harder; OpenAI declined to tie it directly to a government actor. Both were disrupted before achieving significant traction. Neither campaign gained meaningful organic reach, according to OpenAI.

But organic reach is not always the measure that matters.

The Parasitic Model

Ben Nimmo, principal investigator on OpenAI’s intelligence and investigations team, framed the operation’s central tactical logic precisely: “This was not a case of an influence operation creating a debate. The debate existed already. This was an influence operation from China trying to interfere in it.”

This is a significant sentence.

The traditional influence operation model — the one that most public coverage, most platform enforcement, and most detection tooling has been built around — involves manufacturing a controversy. The operation creates a narrative, deploys inauthentic accounts to seed it, and attempts to make a fabricated concern look like an organic grassroots phenomenon. The mechanics are well-documented. The forensic traces are increasingly understood: coordinated posting patterns, account creation dates, cross-platform synchronization, template language.

The parasitic model is different. It does not manufacture a grievance. It identifies one that exists — a real policy controversy, genuine public frustration, documented and reported in legitimate outlets — and attempts to inject amplification that serves the operator’s strategic interest. The accounts are still inauthentic. The content is still produced at scale by AI tools. But the underlying claim — data centers are raising electricity costs — is not false. It is a simplification of a contested empirical question that legitimate policy researchers are actively debating.

This creates a specific detection problem. Inauthentic accounts are still detectable through behavioral analysis. But the content they carry is not straightforwardly wrong. A fact-checker reviewing a comic strip claiming that AI data centers drive up electricity bills is reviewing a claim that has partial evidentiary support. The platform moderator reviewing whether to remove the post is not reviewing fabricated content in the same way that a deepfake of a carrier strike is fabricated. The post is misleading in its framing, its context, its source, and its purpose — but not necessarily in its literal claims.

The parasitic model has to be countered at the behavioral and attribution layer, not the content layer. Not “this is false” but “this authentic-seeming concern is being amplified by inauthentic accounts with a strategic interest in the outcome.” That is a harder message to land with an audience who is, in fact, genuinely paying higher electricity bills.

The Trail Inside the Tool

The operation was caught in part because the operators used ChatGPT for more than content generation.

According to OpenAI, the accounts linked to both operations also used ChatGPT to edit internal work reports — periodic operational status updates — that contained details about their social media campaigns: their goals, their methods, their account management strategies, their plans for sustaining platform presence while anticipating enforcement. The goals they documented include “establishing persistent and credible accounts, producing visually appealing content to expand audience reach in different regions and maintaining long term account viability by anticipating platform enforcement.”

These work reports, processed through the same accounts that generated the comic strips and political cartoons, gave OpenAI investigators a documentary record of the operation’s internal structure. The tool being used to create the influence content was also being used to polish the internal documentation of how that influence campaign operated.

This is not the first time a Chinese state-linked operation has been exposed through this specific failure mode.

In February 2026, OpenAI published a separate threat disruption report documenting a different Chinese operation — one targeting Chinese dissidents abroad through fabricated sex scandals, forged court documents, impersonation of U.S. immigration officials, and coordinated mass-reporting of social media accounts. That operation was discovered when a Chinese law enforcement official used ChatGPT to edit and polish periodic status updates on their ongoing campaigns — using the tool, in OpenAI’s description, like a diary.

The diary was readable.

The pattern across both cases is the same: operators using AI tools not just to produce campaign content but to manage their own internal administrative work. The convenience is obvious — the same tool that generates the comic strip can clean up the paragraph in the work report. The security failure is equally obvious, in retrospect: the administrative work contains the evidence of what the campaign was, who it targeted, and how it was organized. Every session processing internal operational documents is a session in which operational intelligence is being created and stored in a system controlled by the company running the safety program the operator is trying to evade.

The Strategic Target

Why AI data center policy?

China’s strategic interest in the pace of U.S. AI infrastructure development is not complicated. Data centers are the physical substrate of the AI capability race. The rate at which U.S. companies can build them — acquire land, sign power agreements, construct, commission, scale — determines the pace at which U.S. AI capacity can grow. Regulatory delay, public opposition, utility commission interventions, local political resistance: any of these can slow or constrain data center construction.

An influence operation that amplifies genuine public anger about electricity costs near data centers does not need to succeed at the information warfare level to have a real-world effect. It does not need to change many minds. It needs to contribute, at the margins, to the political and regulatory environment in which data center permitting, utility agreements, and local zoning decisions are made. If some subset of affected ratepayers become more engaged in opposing new data center construction — if some local officials become more cautious about approving new facilities, if the political cost of the policy position that prioritizes AI infrastructure investment rises slightly — the operation has served its purpose without anyone needing to know the content came from China.

The electricity bill narrative is particularly well-chosen for this purpose. It connects an abstract infrastructure debate — AI compute capacity, national technology competitiveness — to the concrete financial experience of the household. The data center is a distant abstraction. The higher electricity bill is not.

Influence Tactics Breakdown

Parasitic Amplification. Identifying authentic domestic grievances and injecting inauthentic amplification aligned with an external strategic interest. Distinct from fabricated controversy because the underlying concern has genuine evidentiary grounding — the claim that data center power demand raises grid costs is not wholly false. Harder to counter at the content layer; must be countered at the attribution and behavioral layer instead.

Grievance Laundering. Distributing foreign-originated content through accounts posed as American citizens expressing domestic concerns. The goal is to make foreign strategic interest appear as authentic grassroots opinion, removing the foreign-policy dimension from what is, structurally, a foreign policy intervention in domestic regulatory debate.

AI-Generated Visual Persuasion. Using large language model tools to produce comic strips and political cartoons at scale. Visual content is processed differently than text claims: it is more emotionally engaging, more shareable, harder to fact-check at the moment of consumption. A comic strip showing a family looking at a high utility bill requires no explicit claim — the visual narrative carries the meaning without the falsifiability of a stated proposition.

Asymmetric Attribution Instruction. Directing content generation to feature Trump but explicitly exclude Xi Jinping — ensuring the produced content appears to be domestic American political opinion rather than content designed to serve Chinese governmental interests. The instruction is operationally significant: it reveals strategic intent at the prompt level, and it was preserved in the session logs.

Administrative OPSEC Failure. Using the same AI tool for both content production and internal administrative work — an operational security failure that creates forensic documentation of the campaign’s internal structure, goals, and methods inside the very system the operator is trying to weaponize. The work report becomes the evidence.

What the Pattern Reveals

The two operations did not achieve significant reach. OpenAI disrupted them. The accounts were banned. The campaign did not demonstrably shift American public opinion about data centers or tariffs.

But the exposure of the operation reveals something about the actors running it. They did not build bespoke infrastructure for the campaign — they used a commercially available AI assistant. They did not segregate their content generation from their internal administrative work — they used the same tool for both. They processed operational status reports through a service that maintains records and runs safety monitoring.

This suggests either a lower-sophistication threat tier — actors capable of running the campaign but not of maintaining clean operational separation — or a normalized operational environment in which AI tools are so routinely used for all organizational tasks that the distinction between “content for deployment” and “internal documentation” has collapsed. These are not mutually exclusive explanations.

The lesson for defensive practice is not specific to this operation. It is about the category of operations that follow as AI tools become more normalized inside influence operation workflows. The tool that is most convenient for content generation is also most likely to be used for everything else — including the administrative work that documents what the content was for.

The diary is the vulnerability. For Chinese state-linked influence operations, it has now been twice.

And the real debate — about who pays for the grid that AI requires — continues regardless. The operation failed. The question it borrowed did not go away.


This article is part of Decipon’s Manipulation Breakdowns series, examining specific influence operations through the Influence Tactics Protocol.


Sources: