An artist opens their own Spotify profile and finds a track they didn’t make. Wrong genre, sometimes a wrong instrument entirely, occasionally a vocal doing a passable impression of nothing in particular. It’s been live for days, picking up streams under their name, before anyone notices.
That’s the pattern showing up through 2026 as AI-generated tracks get uploaded directly to existing artist profiles instead of new ones. Several working musicians, jazz players among them, have reported exactly this: a track with no connection to their actual catalog attached to their official page. Spotify has acknowledged the problem publicly and says it’s strengthening protections, but the removal process in reported cases has still taken days, not minutes.
How the hijacking actually happens
This isn’t someone breaking into an account. It’s a metadata problem. Distributors trust the artist name and identifiers submitted with a release, and when an upload arrives with metadata that matches an existing artist closely enough, the system can attach it to that artist’s existing profile instead of spinning up a new one. No login required, no password stolen, just a name collision a verification layer didn’t catch.
The incentive is obvious once you look at it from the other side. A brand-new AI-generated upload with zero followers gets buried instantly. The same track attached to a profile with an existing audience and play history starts with built-in reach already attached. The flood of AI uploads made this kind of exploit worth automating; volume creates both the cover and the motive.
What to do the moment you find it
Screenshot everything first: the track title, upload date, and stream count, before reporting anything. Hijacked tracks tend to disappear quickly once flagged, sometimes before there’s been a chance to document what was actually there, and a record matters if royalties or a dispute come into play later.
Report it through Spotify for Artists directly rather than a general support form; the artist-facing report flow routes faster to the team that pulls unauthorized content. Contact your distributor at the same time. They’re the party with a formal relationship to Spotify and can escalate a takedown with more weight than an individual complaint carries alone. Reported cases have taken roughly three days end to end, which feels slow when it’s your name sitting on someone else’s upload.
Check the royalty statement for the period the track was live. If it generated any payout, flag it specifically. Unauthorized streams sitting in an account create a paper trail nobody wants to have to explain later.
Locking the profile down so it doesn’t happen again
Claim and verify the Spotify for Artists account if that hasn’t happened yet. An unclaimed profile is the easiest one to attach something to, because nobody’s watching it closely. Spotify’s verification badge exists partly for this reason now: it’s becoming a trust signal in a catalog the platform can’t fully police on its own.
Keep metadata consistent across every release and every distributor ever used. A name spelled two different ways, or an old distributor account that’s been forgotten about, is exactly the kind of inconsistency that makes a profile easier to misattribute something to. I check my own profile every few weeks now, not because I expect to find anything, but because every artist I’ve talked to who got hit found out from a fan, not from Spotify.
What this is actually a symptom of
Profile hijacking isn’t a freak event. It’s what happens when upload volume outpaces verification, and that’s the same structural problem sitting underneath why the royalty pool keeps shrinking per stream: more tracks chasing the same fixed pot, with less guarantee than ever that the tracks attached to a name are actually the artist’s own. Identity ownership on these platforms isn’t a given anymore. It’s something that has to be actively held onto.
If you’re trying to build a presence that’s actually defensible, not just loud, that’s worth a conversation.
Spotify AI hijacking is when an AI-generated track gets uploaded and attached to an existing artist’s official profile instead of a new one, usually through a metadata match a distributor failed to verify. The artist whose profile it lands on didn’t upload it and often doesn’t know until a fan flags it.
Check the discography directly on Spotify for Artists rather than relying on notifications. Look for any track that doesn’t look familiar, including ones credited under the exact artist name through a label or distributor account that isn’t in use. Doing this every few weeks catches it faster than waiting for someone else to notice.
Report it through Spotify for Artists’ dedicated report flow rather than general support, and contact the distributor at the same time so they can escalate a takedown directly. Screenshot the track, upload date, and stream count first, since hijacked tracks tend to get pulled quickly once flagged.
Claim and verify the Spotify for Artists profile if that hasn’t happened already, since unclaimed or loosely monitored profiles are the easiest targets. Keep the artist name and metadata identical across every distributor ever used, and check the discography periodically rather than assuming Spotify will catch a mismatch first.