TL;DR: The FTC settled with Cox Media Group ($880K) and two resellers ($25K each) after finding their AI "Active Listening" ad product had no voice-listening capability, it was resold data-broker email lists with an AI label. The case establishes what AI-washing enforcement looks like in 2026 and sets binding precedent on AI consent requirements.
On May 22, 2026, the Federal Trade Commission announced settlements totaling $930,000 against Cox Media Group and two smaller marketing firms, MindSift and 1010 Digital Works, for what the FTC described as a straightforward case of AI-washing: labeling a non-AI product as AI-powered, then selling it at AI-capability prices.
The case is not complicated. It is a clean example of where the FTC draws the enforcement line in 2026, and the line is in a place that affects more companies than just media conglomerates selling ad technology.
What Cox Media claimed, and what the FTC found
Cox Media Group marketed a service called "Active Listening" to advertisers. The pitch: an AI system that captured audio from consumers' smart devices, phones, smart speakers, tablets, and used those conversations to deliver hyper-targeted ads. Advertisers paying for the service believed they were getting AI-derived behavioral signals based on private conversations happening in consumers' homes.
The FTC's investigation found none of that was real.
CMG did not collect voice data. It had no microphone-access capability. The "AI" processing described in its marketing materials did not exist. What advertisers were actually buying were email lists sourced from data brokers, a product available from dozens of vendors, with no AI component at all.
MindSift and 1010 Digital Works resold CMG's service to their own customers, passing along the same false capability claims. The FTC held all three companies liable: CMG for originating the fraud, the two resellers for perpetuating it to downstream customers.
CMG paid $880,000. MindSift and 1010 Digital Works each paid $25,000. The consent orders bar all three from making future misrepresentations about voice data collection, consumer consent, and AI capabilities. Businesses that purchased the Active Listening service between 2023 and mid-2024 may be eligible for refunds under the settlement.
Why the FTC treated this as an AI case, not just a false-advertising case
The FTC could have framed the Cox Media action as a standard false advertising matter, the product didn't do what it said. But the agency's press release and complaint specifically frame the enforcement through the lens of AI capability misrepresentation, and that framing matters.
Section 5 of the FTC Act prohibits "unfair or deceptive acts or practices." The FTC has consistently held that an act or practice is deceptive when it involves a material representation that is likely to mislead reasonable consumers. For AI claims, the FTC has established through a series of actions beginning with Operation AI Comply in September 2024 that "AI-powered" is a material representation, it influences purchasing decisions and implies a specific class of technical capability.
When a company labels a product as AI-powered and the product uses no AI, the gap between the label and the mechanism is the deception. It doesn't matter whether the underlying product (email lists) was useful. The claim that AI was doing the work, when no AI existed, was the violation.
The second violation in the Cox Media case goes further. CMG told advertisers that consumers had opted into the Active Listening service by accepting app terms of service. The FTC's complaint found this false on two levels: consumers never consented to voice data collection, and even if they had clicked through TOS that mentioned it, blanket TOS acceptance does not constitute the specific, informed consent the FTC requires for sensitive data collection.
That consent holding is now part of three consent orders. It will be cited in future enforcement actions.
Three things the Cox Media case establishes
1. AI-washing is a standalone FTC enforcement category
The Cox Media settlement, read alongside Operation AI Comply and the Air AI matter from March 2026, confirms that AI capability misrepresentation is a recognized enforcement focus, not a case-by-case judgment call. The FTC has signaled through consistent enforcement that it will treat "AI-powered" as a substantive claim requiring documentation, not a marketing descriptor that can be applied at will.
If your product description uses AI terminology for features that are rule-based, manually curated, or sourced from third-party data without an ML component, the Cox Media case is the relevant precedent. The question is not whether the product works. The question is whether the mechanism matches the claim.
2. Resellers share liability for upstream AI misrepresentations
MindSift and 1010 Digital Works did not originate the false capability claims, they resold a service from CMG. The FTC held them liable anyway, because they passed those claims to their own customers.
If your business relies on AI vendor claims to sell your own products or services, you are exposed to the same liability. A vendor's AI capability marketing does not transfer to you as documentation. If a vendor describes AI functionality that drives your product pitch, you need independent verification that the capability exists.
This is a practical due diligence requirement, not a theoretical concern. The two smaller firms in the Cox Media matter each paid $25,000, a significant penalty for companies that likely believed they were reselling a legitimate product.
3. TOS acceptance is not valid consent for AI data collection
The FTC's consent ruling in the Cox Media matter is the clearest statement the agency has made on AI consent standards: accepting mandatory app terms of service does not constitute opt-in consent for AI features that collect sensitive data the user would not reasonably expect to provide.
The consent standard the FTC is applying requires that the user specifically agree to the AI feature, understand what data it collects, and have a meaningful choice to accept or decline that specific feature, separate from their acceptance of the core service.
Any AI feature that collects behavioral, biometric, voice, or location data and relies on bundled TOS language for its consent basis is now explicitly on notice that the FTC does not consider that consent valid.
What your team needs to do
The Cox Media enforcement action covers a fairly obvious failure mode, a company fabricated an AI product entirely. But the liability principles it establishes reach much further.
Audit your AI capability language. Any marketing copy that uses the phrase "AI-powered," "AI-driven," "machine learning," or "AI-generated" should be checked against what the product actually does. Is there a model running? What does it do? Can you document it? If the AI label applies to a rules engine, a purchased dataset, or a manual process with an AI wrapper, the language needs to change.
Verify vendor AI claims before reselling or relying on them. If a vendor's AI capability is part of your pitch, you need the vendor's technical documentation, not their marketing deck. Ask what model, what training data, what test methodology, what independent validation. "They said it's AI" is not a defense.
Separate AI consent from general TOS. If any AI feature in your product collects data beyond what a user would expect from the core service, that feature needs a separate consent flow. The TOS click-through needs to describe the feature specifically, and users need a real ability to decline it without losing access to the product entirely.
Document before you claim. The FTC's substantiation standard requires that evidence supporting a capability claim exist at the time the claim is published. If the documentation doesn't exist before the marketing goes live, the marketing is premature.
For a full pre-publication checklist of AI marketing claims organized by claim type, see the FTC AI marketing claims checklist. For the broader enforcement record this case builds on, the FTC AI enforcement guide covers the full Operation AI Comply timeline.
This case has been added to the AI Enforcement Tracker, 22 verified cases and counting.
Related Reading
- FTC AI enforcement actions 2026: Operation AI Comply and what comes next
- FTC AI marketing claims checklist 2026: substantiation requirements before you publish
- Vetting AI tools for security risks: fake vendors, malware, and typosquatting in 2026
- TypeScript AI agent security incident response playbook 2026
- AI vendor due diligence checklist 2026
- AI enforcement tracker: 22 verified AI regulatory actions (FTC, EU, EEOC, state AGs)
- AI governance guide for small teams
