Explicit AI links briefly appeared on several Washington wa.gov sites this week, part of a wider wave of porn and scam PDFs abusing public upload features on government web platforms in about 18 states, according to coverage by MyNorthwest.com and KIRO-TV in Seattle.
Washington officials confirmed that public-facing websites for the state Department of Fish and Wildlife, the Department of Veterans Affairs and the Washington Fire Commissioners Association displayed links promoting artificial-intelligence, or AI, sex apps, AI-generated nude images and explicit chatbots. The content appeared under the wa.gov domain, but agencies say it did not disrupt core online services.
Veterans Affairs said the explicit material was uploaded through a group calendar feature that allowed users to attach documents describing events. After the incident, the agency disabled public uploads to that calendar and blocked 10 IP addresses tied to the submissions. The Department of Fish and Wildlife said it is working with state IT agency WaTech to clean up affected pages.
Similar documents have turned up on other government sites, including the Kansas attorney general’s portal and Nevada’s Department of Transportation website. In some of those cases, officials and Granicus, a Denver-based company that provides web and communications platforms to government agencies, have described the activity as abuse of public forms and complaint portals that let anyone upload files, which were then indexed by search engines, rather than as a deeper breach of government networks. Granicus has said there was no breach of its systems or customer data and that individuals uploaded the explicit files through online portals.
Experts tracking the pattern estimate the campaign has touched roughly three dozen government entities in about 18 states. The common thread appears to be open upload workflows and attachment hosting on .gov domains, which spammers are exploiting to lend credibility to AI porn and scam services.
Washington agencies have not reported any evidence that personal data was exposed. The immediate risk is reputational, as explicit AI tools and scam instructions appear in search results alongside legitimate services for hunters, anglers and veterans. Officials advise residents to avoid clicking unexpected links, verify URLs and report suspicious material found on government pages.
The incident underscores that user-generated content on official sites can pose risks even when back-end systems and services remain online. Vendors and agencies say they are tightening upload controls and reviewing whether anonymous file attachments should be publicly accessible and indexed on government domains.
