By ByteBot
A16z-Backed AI Influencer Farm Hacked, 400+ Fake TikTok Accounts Exposed
A hacker has completely compromised Doublespeed, an Andreessen Horowitz-backed startup running a phone farm with over 1,000 smartphones to operate AI-generated TikTok influencers. The breach, revealed by 404 Media on December 17, exposed 400+ AI influencer accounts—most violating FTC disclosure rules by promoting products without declaring they were ads.
The irony? The hacker reported the vulnerability to Doublespeed on October 31. Seven weeks later, they still have full access to the backend.
What Doublespeed Is (and How It Got $1M from A16z)
Doublespeed raised $1 million in seed funding from Andreessen Horowitz in October 2025, with Marc Andreessen himself leading the round. The company’s pitch? “Never pay a human again.” Clients pay between $1,500 and $7,500 per month to access a phone farm that operates AI-generated social media accounts at scale.
Unlike traditional bot operations that use software emulators, Doublespeed runs a physical farm of over 1,000 real smartphones. Each TikTok account lives on an actual device, complete with authentic hardware fingerprints—IMEI numbers, MAC addresses, sensor signatures—that make detection far harder. The company’s own marketing materials boast: “Our deployment layer mimics natural user interaction on physical devices to get our content to appear human to the algorithms.”
Co-founder Zuhair Lakhani even claimed “Claude code is truly our third cofounder,” highlighting how the operation generates 95% AI content with just 5% human touchup.
The FTC and TikTok Violations
Of the 400+ accounts the hacker identified, approximately half were actively promoting products—language learning apps, supplements, massage rollers, dating apps—without disclosing they were advertisements. FTC guidelines require clear disclosure of paid endorsements, with fines exceeding $53,000 per violation. Each undisclosed post counts as a separate violation.
One account, operating under the name “Chloe Davis,” uploaded over 200 posts featuring an AI-generated woman hawking a massage roller. Zero disclosure that the influencer wasn’t real or that the posts were ads.
Then there’s TikTok’s terms of service. The platform explicitly prohibits “coordinated inauthentic behavior,” operating accounts in bulk, and manipulating engagement signals. Doublespeed’s entire business model is built on violating these rules—and the company doesn’t even try to hide it.
Seven Weeks Vulnerable and Counting
Here’s where the story gets worse. The hacker gained access to Doublespeed’s entire backend infrastructure and reported the vulnerability on October 31, 2025. As of December 17—seven weeks later—they still have complete access. They can see which phones are running which accounts, monitor proxy passwords, view pending automation tasks, and track what products the AI influencers are promoting.
Doublespeed declined to comment when contacted by 404 Media.
So a company marketing “sophisticated” AI automation to evade platform detection can’t secure its own systems from a basic hack. And their response after seven weeks? Silence.
The Real Question: What Is A16z Doing?
Andreessen Horowitz is one of Silicon Valley’s most prominent venture capital firms. They’re not investing in a company that might accidentally violate platform rules. They’re funding a startup whose entire business model is industrial-scale platform manipulation and FTC violations, marketed openly as a service.
This isn’t “move fast and break things.” It’s “break every rule and call it innovation.”
Doublespeed isn’t planning to pivot toward compliance. They’re expanding. The company has publicly stated plans to bring their phone farm operation to Instagram, Reddit, and X, despite clear terms of service violations on every platform.
What Happens Next
The breach remains unpatched. The hacker still has access. TikTok hasn’t taken action against the identified accounts. Regulatory agencies haven’t stepped in despite documented FTC violations at scale. And Doublespeed, backed by $1 million in venture capital, continues operating openly.
The real scandal isn’t that operations like Doublespeed exist. It’s that they can operate in broad daylight, with major VC backing, violating federal regulations and platform policies, while facing zero enforcement. When a “sophisticated” AI startup can’t even fix a basic security vulnerability for seven weeks, maybe it’s time to question whether this is innovation at all—or just industrial-scale fraud with a pitch deck.
