Ordinary surveillance cameras in megacities have long been replaced by entire systems equipped with artificial intelligence. Whether for better or worse, many of us must accept as fact what we once read about in dystopian novels.
Krzysztof Szpak delves into how AI surveillance systems operate in large cities and why governments rushed to implement them widely.
Flock Police
In September 2025, a police officer stood at the doorstep of Krisanna Elzer's home in Denver with a subpoena. She was accused of stealing a package from a neighbor's porch in a nearby town.
The evidence against her came from the automated surveillance system of the commercial company Flock Safety, which showed Elzer's car. However, the officer refused to share these details with the suspect, stating that all objections should be presented in court.
“You know we have cameras in that town. Not even a breath of fresh air goes unnoticed,” the officer explained.
Confident in her innocence, Elzer began gathering her own evidence. On the day of the alleged crime, she was indeed nearby visiting a tailor but did not steal any packages.
She collected data from GPS trackers on her phone and car, dashcam footage, witness statements, and even photos of her clothing from that day.
After several unsuccessful attempts to present her information to the authorities, she wrote directly to the police chief. He praised her efforts and informed her that the subpoena had been canceled.
As of December 2025, Flock Safety offered access to 80,000 cameras across 49 U.S. states.
From Vans with Monitors to Crime Prediction
Surveillance cameras in streets, stores, and institutions have long been a common sight. However, modern smart cameras and information processing methods represent a significant leap from their predecessors.
CCTV of the Analog Era
Once, a Closed-Circuit Television (CCTV) system referred to a closed network of cameras whose signals were fed to a dozen monitors in front of a bored mall security guard.
The technology was limited to video sensors, screens, and recording equipment.
Law enforcement agencies have been experimenting with surveillance systems since at least the mid-20th century.
In 1960, the British police tested two cameras for monitoring Trafalgar Square during the visit of the King and Queen of Thailand. Monitors were placed in a van near the installation site. This experience revealed several technical issues and sparked mixed reactions.
In 1979, the British government’s Police Scientific Development Branch developed Automatic Number Plate Recognition (ANPR) technology based on the optical character recognition methods available at the time.
By the 1990s, cameras at intersections and building facades became the norm. Law enforcement incorporated CCTV and ANPR into their everyday toolkit.
Smart Cameras
With the miniaturization of computer components, the rise of universal connectivity, and the advent of AI, traditional CCTV has been replaced by smart cameras featuring centralized databases and automated information analysis systems.
Such devices are equipped with their own processors, operating systems, storage, and interfaces for local and internet connectivity, and sometimes even microphones for audio recording.
Some manufacturers integrate AI accelerators and Neural Processing Units (NPU) for real-time data processing directly into the device. Others use external equipment for AI analysis.
These systems can identify objects, recognize vehicle license plates and human faces, and maintain a summary of what they observe. The range of capabilities depends on the software configuration and the vendor's preferences.
The Brain Behind the Scenes
A smart camera can recognize objects and record their identifiers—such as vehicle license plates, faces, or a person's gait. An analytical center collects data from the cameras, combines it with information from other sources, and sends conclusions to the operator.
Flock Safety offers something similar in the form of Nova—a “public safety data platform” that aggregates not only footage from surveillance cameras but also information from leaks, data broker databases, and other commercially available sources.
This system creates profiles with movement maps, preferences, viewing histories, habits, police records, and any other data.
Equipped with such a vast amount of information, AI can make assumptions about people's behavior and alert the operator to situations it deems suspicious. This feature is already available to Flock's clients.
According to the company, Nova allows law enforcement to close cases “with a single click.”
Critics claim this is a way to bypass the warrant process for monitoring individuals and a breeding ground for widespread privacy violations.
Colorful Hairstyles and Code Injections
Many people are indifferent to mass surveillance. For them, it is simply a tool that helps solve and prevent crimes. However, not everyone is so apathetic about the boundaries of personal freedom.
The conflict between smart cameras and those wishing to maintain privacy unfolds on several fronts.
In addition to legal battles at the policy level, enthusiasts are turning to camouflage art and more traditional forms of hacking.
Spoofing
The most intriguing method of attacking such devices is spoofing or “presentation attacks.” This category encompasses techniques that manipulate the image received by the camera.
This includes masks, reflectors, specialized textures, and other methods to “spoil” the image, preventing the system from recognizing or correctly identifying an object.
In 2016, designer Scott Urban's project Reflectacles offered a line of glasses with reflectors that redirect infrared light from surveillance cameras back, overexposing the image of a face.
This brute-force technique leaves no data for a single camera to analyze but is ineffective under multi-angle surveillance.
Berlin-based researcher and artist Adam Harvey developed a series of solutions CV Dazzle to counter facial recognition systems.
Samples from the 2010s included asymmetric hairstyles and makeup elements designed to deceive the popular Viola-Jones algorithm, which detects shadows under the eyes and nose, symmetry, and the position of the bridge of the nose to identify faces.
As a solution, the artist employed unconventional shadow configurations and colors contrasting with skin tones.
With the advent of AI facial recognition systems, past methods became obsolete, and in 2020, Harvey proposed an updated version of makeup.
CV Dazzle Look 6 and 7. Source: Adam.harvey.studio.
The artist emphasized that he demonstrates techniques rather than specific patterns, and the optimal solution will depend on the surveillance conditions.
Similar methods can be applied to license plate recognition systems. American enthusiast Benn Jordan described methods for creating “hostile” textures for ANPR detectors.
Using open recognition models, Jordan trained a neural network to generate visual noise that, when overlaid on a license plate, causes the model to read incorrect characters or fail to “see” the plate altogether.
The issue with visual methods often lies in their unreliability. Their effectiveness depends on conditions and the number of cameras. Meanwhile, surveillance system providers are expanding the range of features used for recognition, such as a person's specific gait or the color of a vehicle and its unique modifications.
Researchers continue to seek ways to bypass advanced models, but a more apparent threat to smart camera systems comes from hackers.
Device Hacking and Network Attacks
Like any internet-connected computer, regardless of the presence and power of AI, smart cameras and their server infrastructure are potentially vulnerable to hacking attacks.
Throughout the existence of these systems, numerous vulnerabilities of varying significance have been documented.
In 2021, a vulnerability was discovered in the code of Hikvision surveillance cameras that allowed for code injection attacks. This security flaw enabled complete control over the devices, the ability to install software, and access to other cameras on the network.
In 2023, a vulnerability was identified in the operating system of Axis smart cameras that allowed arbitrary command execution during the installation of ACAP applications on the device.
In 2025, two vulnerabilities were found in Dahua surveillance systems related to remote command execution and buffer overflow. Both allowed an attacker to gain complete control over the camera.
A separate attack vector involves direct interaction with the hardware, which is often located outdoors in publicly accessible areas. An attacker can exploit interfaces for servicing the camera, gain access to local storage, or modify the device for their purposes.
To protect against direct attacks, manufacturers resort to data encryption, employ hardware methods for software verification, and add cryptographic signatures to video files.
A device configured with the necessary security measures cannot simply be “reflashed” or have ready-to-use data downloaded from it. However, mistakes do happen.
In 2025, 404 Media reported that at least 60 AI cameras from Flock Safety with people-tracking capabilities were left exposed to unauthorized access.
Cybersecurity expert John Gaines and the aforementioned researcher Benn Jordan found the IP addresses of the devices using a specialized search engine, Shodan, and discovered they could connect without a username or password.
Anyone could watch live feeds, download archived data from the past 30 days, change settings, and read system logs.
The supplier explained the incident as a “configuration error affecting a limited number of devices” and reported that the issues had been resolved.
The same researchers noted that another model of Flock cameras provides an open WiFi point for access if certain buttons on the device are pressed in a specific way. This would allow complete control over the device and its software.
Gaines published an analysis of these and other vulnerabilities in the Flock system in a separate document covering 55 points.
In an official response, the company stated that the listed issues were already known and that potential hackers rely on direct access to the cameras and “deep knowledge of the internal workings of the equipment.”
The equipment supplier emphasized that all necessary updates are delivered without client involvement and that there is no threat to the operation of the systems.
Fighting the “Partially Competent”
Automated surveillance systems, especially with the integration of AI, have become a convenient tool for law enforcement.
Equipment suppliers convince clients of the capabilities of their solutions—here is the suspect's vehicle and a map of its movements, here is the address. Now cases can be closed with a click.
This is easy to get used to. People tend to overly rely on the data from automated systems. This phenomenon is linked to one of the typical cognitive biases.
Automation using AI follows the same principles: many users tend to consider ChatGPT's responses correct and ignore possible contradictions. In everyday situations, this can distort the user's perceptions and, in some cases, lead to psychosis.
Even under ideal engineering conditions and with full control by an authorized operator, a large-scale surveillance system with AI analysis can cause harm.
In 2025, U.S. authorities launched an investigation into the potential illegal use of Flock Safety technologies for surveillance. Law enforcement was suspected of using the tracking system to locate immigrants and monitor women crossing state lines in search of jurisdictions with legal abortion access.
In this case, the system functioned correctly; no one was deceiving the automated detectors, hacking the cameras, or substituting videos with deepfakes.
Not to Break, but to Improve
CCTV systems have long been widespread. Equipping surveillance systems with AI analytics is the new reality.
Even the most striking asymmetric mask and completely covered vehicle license plates will not help maintain privacy in an environment of total data collection.
Like any powerful tool, AI surveillance systems require regulation to prevent misuse and negligence regarding security by suppliers and operators.