Deepfakes: what they are, how they’re made, the fraud they enable, and why detection alone is losing the war

In January 2024 a finance employee at the Hong Kong office of British engineering firm Arup joined a video conference with the company's UK-based chief financial officer and several colleagues. He saw their faces. He heard their voices. He recognized them. Following instructions delivered during the call, he made fifteen wire transfers totalling $25.6 million to five different bank accounts. Weeks later, when he checked back with the London headquarters, he discovered every person on that call had been a deepfake (CNN, May 2024; World Economic Forum analysis).

The Arup case became a cybersecurity textbook reference because it crystallised what most boards still underestimate: a single videoconference, accepted at face value, can cost twenty-five million dollars. And Arup is not an outlier. It is a snapshot of a pattern that is now industrial in scale. The UK government estimates that deepfake content shared in 2025 reached eight million pieces, up from 500,000 in 2023, a 1,500% increase in two years. Sumsub recorded a 700% jump in deepfake fraud between Q1 2024 and Q1 2025 (Sumsub Identity Fraud Report 2025-2026). Onfido detects a deepfake attack every five minutes and a 31x year-on-year increase (Onfido / Entrust 2024). Pindrop recorded a 1,300% surge in deepfake fraud attempts in 2024, going from one per month to seven per day at a single monitored company (Pindrop Voice Intelligence Report 2025).

Global losses from deepfake fraud exceeded $900 million in 2025 alone. Deloitte projects $40 billion in GenAI fraud losses in the United States by 2027 (Deloitte).

To this scenario, the world has primarily responded with a reflex: build systems that can tell whether content is fake. This is the path of deepfake detection. It is also a path that, taken alone, is losing. State-of-the-art detectors achieve 94-96% accuracy in laboratory conditions but collapse below 50% when tested against deepfakes produced with tools they were not trained on (Deepfake-Eval-2024 benchmark, arXiv). A meta-analysis of 56 academic studies concluded that humans correctly identify deepfakes 55.5% of the time, statistically indistinguishable from a coin flip (ScienceDirect, 2024).

This guide explains what deepfakes are, where they come from, how they are produced in 2026, what fraud they generate, what the new European, American and Chinese regulations require, and why the only strategy that holds up over time is not chasing deepfakes with smarter detectors. It is certifying authenticity at the moment data is created, before manipulation becomes possible.

In short

• What they are. AI-generated or AI-altered audio, video and image content that realistically reproduces real people (Wikipedia).
• How fast they grow. Eight million deepfakes shared in 2025 per UK government estimates, 16x the 2023 volume. Deepfake fraud +700% globally Q1 2024 to Q1 2025 (Sumsub).
• How much they cost. $900M in global losses in 2025; Deloitte projects $40 billion in US GenAI fraud losses by 2027 (Deloitte).
• Why detection isn't enough. Below 50% accuracy in real-world conditions; adversarial attacks neutralise state-of-the-art detectors; every new generative model instantly ages existing recognition systems.
• The only scalable defense. Certifying content at the source, inside verified devices, with forensic methodology and legally admissible evidence. The logic is authenticity certification, not falsity recognition.

What are deepfakes: definition, technology, examples

A deepfake is synthetic media (image, video, or audio) generated or manipulated by artificial intelligence to make a real person appear to say or do something they never did. The term, coined in 2017 by a Reddit user, combines "deep learning" (the AI technique used) and "fake" (the manipulated nature of the output). Deepfakes can be entirely AI-generated from scratch (synthesis) or modify existing recordings (face swap, voice cloning, lip-sync alteration), produced by Generative Adversarial Networks (GANs), diffusion models, and transformer-based architectures. By 2026 the phenomenon has reached industrial scale: Sumsub recorded a 700% year-over-year increase in deepfake fraud attempts; Onfido detects a deepfake attack every five minutes; Pindrop documents a 1,300% surge in voice deepfakes. Deloitte projects $40 billion in GenAI fraud losses in the United States by 2027, while the EU AI Act (Article 50) and the US TAKE IT DOWN Act 2025 introduce mandatory disclosure and removal regimes.

The term originated in late 2017 on Reddit, where a user with the same nickname distributed face-swapped videos of celebrities onto adult-film actor bodies and Nicolas Cage spliced into films he never appeared in. It was the first signal of a technology that, in nine years, has become a mass-market tool.

The European AI Act, in its definitions, describes deepfakes as "AI-generated or AI-manipulated image, audio or video content that resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful" (AI Act, Article 3(60)). The US Government Accountability Office uses a broader formulation: "videos, photos, or audio recordings that seem real but have been manipulated with AI" (GAO, 2020).

What separates a deepfake from a traditional photomontage or video manipulation is the level of realism. Pre-AI techniques required manual frame-by-frame editing, left visible artefacts, and imposed prohibitive costs and timelines. A modern deepfake is generated automatically by a statistical model that has learned how real faces, lips, eyes and voices behave, and produces content in minutes that five years ago would have required weeks of work from a visual effects team. The 2018 BuzzFeed deepfake that had Barack Obama say things he never said took 56 hours of automated rendering to produce (BuzzFeed News). Today, a comparable result is achievable in under an hour with free software, according to the World Economic Forum (WEF, 2025).

Two practical consequences follow. First: deepfakes are no longer a technical curiosity for informed niches. They are a mass-market tool, accessible to anyone with a phone and an internet connection. Second: the speed at which the technology improves structurally exceeds the speed at which detection systems can update. We will return to this point.

History and evolution: ten milestones in nine years

To understand where we are, it helps to trace how we got here. The deepfake trajectory is a sequence of accessibility thresholds: each milestone lowered cost, reduced time, increased realism.

2017. Birth of the term. Reddit's r/deepfakes subreddit appears. The eponymous user distributes Python scripts that combine two neural networks to swap one person's face with another's. Reddit shuts down the forum in February 2018, but the code is already on GitHub and spreads virally.

2018. BuzzFeed, Obama, the mediatic proof of concept. On April 17, 2018, BuzzFeed publishes a 1-minute-12-second video in which Obama, voiced by Jordan Peele and edited by Jared Sosa, says embarrassing things ("Killmonger was right", "stay woke"). It is the first deepfake to enter the global news cycle as both warning and, paradoxically, evidence of the technique's maturity.

2019. The Zao app and Chinese democratisation. On August 30, 2019, China releases Zao, an app developed by a subsidiary of Momo. It allows users to swap an actor's face in famous film scenes with their own photo. A single image and eight seconds of processing are enough. It becomes the most downloaded iPhone and Android app in China within days (CNN). WeChat blocks video sharing. It is the first signal of consumer-grade deepfake.

2020-2021. Tom Cruise on TikTok. Account @deeptomcruise publishes the first deepfake videos of Tom Cruise created by Belgian VFX artist Chris Ume with lookalike Miles Fisher. The first three videos accumulate over 11 million views. Quality is high enough that many users cannot distinguish them. The experiment becomes Metaphysic, one of the first commercial startups in the sector (Fortune).

2022. The Zelensky deepfake and the war in Ukraine. In March 2022, two weeks after the Russian invasion, a manipulated video in which Volodymyr Zelensky announces surrender airs after a hack of the Ukraine 24 website and spreads on social media. It is the first deepfake intentionally used in an armed conflict (NPR). Zelensky denies it within hours; Meta, YouTube and Twitter remove it. But the precedent is set.

2023. Pope Francis in a puffer jacket and the first mass virality. On March 25, 2023, a 31-year-old construction worker from Chicago, Pablo Xavier, publishes on Reddit r/midjourney an image of Pope Francis wearing a white Balenciaga puffer jacket. Generated with Midjourney v5, released ten days earlier. It becomes the first case of mass-scale visual disinformation based on generative AI (CBS News). In September of the same year, in Slovakia, an audio deepfake of opposition leader Michal Šimečka discussing electoral fraud and vote-buying among Roma circulates on Telegram two days before the election during the official "silence period". Šimečka was leading in the polls; Robert Fico wins (Harvard Kennedy School). It is the first election where a deepfake is considered a structural factor.

2024. The year of financial fraud and the Taylor Swift scandal. On January 24, 2024, AI-generated explicit images of Taylor Swift accumulate 45 million views in 17 hours on X before removal (NBC News). Two days before the New Hampshire Democratic primaries, a robocall with Joe Biden's cloned voice tells voters not to participate. Political consultant Steve Kramer is later fined $6 million by the FCC (FCC). The same year: the Arup case, the Ferrari deepfake CEO attempt narrowly avoided through a security question.

2025. Saturation and legislation. UK government estimates eight million deepfakes shared in 2025 alone. Sumsub reports +700% deepfake fraud in Q1 versus the same period in 2024. Global losses exceed $900 million. The US Congress passes the TAKE IT DOWN Act, signed by Donald Trump on May 19, 2025, requiring platforms to remove non-consensual intimate imagery within 48 hours (Wikipedia). Italy publishes Law 132/2025 introducing into the criminal code Article 612-quater: anyone who disseminates deepfake content capable of misleading and causing wrongful harm faces one to five years in prison.

2026. The first regulated year. On August 2, 2026, Article 50(4) of the European AI Act takes effect, mandating disclosure for operators of systems that produce or manipulate deepfakes. Italian Polizia Postale closes 2025 with 51,560 cybercrime investigations and over €110 million in illegal revenue tied to deepfake fraud (Polizia di Stato). In May 2026, the Italian Prime Minister publicly denounces the circulation of AI-generated images of herself, signalling that the political dimension of the phenomenon is now stable, not episodic.

In nine years, deepfakes have moved from niche experiment to industrial-scale fraud, propaganda and rights-violation tool. The question is no longer whether the technology will become more accessible. It is what we are facing today.

The technology under the hood

Deepfakes are not a single technology. They are a family of techniques that share a common principle: use deep neural networks to learn the statistical structure of human faces, voices and movements, and then generate new content consistent with that structure. Understanding the four main architectures clarifies why detection is so hard.

Generative Adversarial Networks (GANs). Generative adversarial networks are the architecture deepfakes were born on in 2017. They consist of two competing neural networks: a generator producing fake images and a discriminator trying to distinguish them from real ones. The two networks train against each other: the generator improves whenever the discriminator catches it, until the discriminator can no longer tell. At that point, the generator has learned to produce content indistinguishable from reality. This is the same logic that describes the structural problem of detection: every new detector we publish becomes, in effect, the next discriminator that the next generator will train against.

Autoencoders and face-swap. An autoencoder is a network that learns to compress an image into a reduced internal representation, and then decompress it. To swap a face between two people, two autoencoders are trained with a shared encoder and separate decoders. The encoder learns an abstract representation of facial expressions; each decoder learns to translate that representation into a specific person's face. At generation time, you encode Person A's face and decode with Person B's decoder: the result is B's face making A's expressions. This is the technique behind most consumer face-swap apps (Reface, FaceMagic, Zao).

Diffusion models. These are the models that powered the 2022-2024 explosion. They work by learning to invert a noising process: start with a real image, progressively add random noise until it is reduced to pure noise, and train a network to reverse the process. Once trained, the network can generate a coherent image starting from pure noise guided by a text prompt. This is the architecture behind Stable Diffusion, Midjourney, DALL-E 3, and video generators like Sora 2 and Runway Gen-3. The difference from GANs is that they produce more stable images, controllable via text prompts, and less prone to face-swap artefacts.

Voice cloning and text-to-speech models. Modern voice synthesis uses neural models that learn a person's "voice" from their timbre, inflections and pause patterns. ElevenLabs, considered the commercial state of the art, claims to generate a working clone from three seconds of sample audio, though professional quality requires at least thirty seconds (ElevenLabs Help). Once the voice is cloned, the model can pronounce any text in the target person's voice. This is the technology behind family-impostor scams, fake-CEO scams, and political robocalls.

Lip-sync and talking heads. These are models specialised in synchronising lip movements with given audio. Wav2Lip and its derivatives can take any video of a person speaking and have them say anything, while maintaining realistic lip-sync. This is the technique most used in scams featuring manipulated videos of public figures.

To these, more recent techniques add: full-body deepfakes (HeyGen, Synthesia), generating entire avatars that gesticulate, walk, speak; and real-time deepfakes operating during live videocalls, swapping faces in stream. iProov registered a 2,665% increase in attacks via "native virtual cameras" (virtual cameras injecting a deepfake instead of the real feed) in its 2025 Threat Intelligence Report (iProov).

This diversity of techniques has an important consequence for defenders: a detector trained on GAN-generated deepfakes from 2020 does not recognise diffusion-model deepfakes from 2025. Each new architecture is, effectively, a new detection problem. The Deepfake-Eval-2024 study quantified the phenomenon: state-of-the-art open-source detectors registered AUC drops of 50% on video, 48% on audio and 45% on images when confronted with "in the wild" deepfakes versus prior benchmarks (arXiv 2503.02857).

The platforms producing deepfakes today. The market has polarised into three tiers. Free or low-cost consumer tools (open-source FaceSwap and DeepFaceLab; apps like Reface, Avatarify, FaceMagic) generate basic face-swap content in minutes. Commercial enterprise platforms (HeyGen, Synthesia for multilingual "virtual presenters"; ElevenLabs, Resemble.AI, Speechify for voice cloning from seconds-long audio samples; OpenAI Sora, Google Veo, Runway Gen-3 for full-scene video synthesis) have made professional-grade content generation accessible. A deepfake video of professional quality that required over $30,000 of rendering five years ago can now be produced with $5-50 of API credit in minutes. A deepfake-as-a-service market on dark web marketplaces offers custom video starting at $100: the economic barrier to attack has effectively collapsed.

The state of the art in 2026: high quality, collapsed costs, universal access

Producing a convincing deepfake in 2026 no longer requires technical expertise. It requires an internet connection, an account on one of dozens of services, and for the most sophisticated cases, a few tens of dollars per month. The landscape consists of four accessibility tiers.

In the consumer tier are free or near-free apps: Reface, FaceMagic, FaceApp, MyHeritage Deep Nostalgia. They allow basic face-swap, animation of static photos, simulated aging. These are the deepfakes that animate social feeds, generally recognisable to a trained eye.

In the "creator" tier are commercial services designed to produce corporate video, training, advertising: Synthesia starts at $18 per month for 120 minutes of video per year; HeyGen offers three videos per month free and plans starting at $24-29 for intensive use. Quality is sufficient for corporate video; rendering takes between two and fifteen minutes per video. Companies like Unilever have reported reducing internal training video production time by 70%, going from weeks to hours (HeyGen pricing).

In the "advanced" tier are last-generation text-to-video models. OpenAI Sora 2 is available via API at $0.10 per second for 720p video; Sora 2 Pro at $0.30 per second at 720p and $0.50 per second at 1024p. A ten-second video costs between one and five dollars. On ChatGPT Plus, access to Sora is included in the $20 monthly subscription (OpenAI Sora). On the voice front, ElevenLabs offers instant voice cloning starting from consumer subscriptions; for professional voice cloning, prices rise but remain accessible to anyone with intent, lawful or otherwise.

There is then a fourth tier, the dark web one. A synthetic identity kit costs five dollars. A monthly subscription to a "dark LLM" (a language model without safety filters) thirty. A real-time video deepfake starts at fifty dollars. An entry-level voice cloning subscription ten dollars per month. Telegram channels offering deepfake-as-a-service number at least four hundred and count over 24,000 active users selling attack tools, according to iProov (CyberSecureFox, Group-IB via SoftwareSeni).

Three practical consequences of this accessibility.

First: time-to-attack has collapsed. In 2018, the Obama deepfake required 56 hours of rendering. In 2026, the World Economic Forum estimates that a convincing deepfake video can be produced in 45 minutes with free software. Cloned voices require between twenty and thirty seconds of sample audio, obtainable from any interview published on YouTube (WEF, 2025).

Second: volume grows exponentially. Eight million deepfakes in 2025 per UK government estimates, 16x compared to 2023. The estimated annual growth rate of circulating deepfake video is 900% (Springer). Detectors, even when they work, do not scale at the same speed.

Third: the attack front is asymmetric. Producing a deepfake takes hours. Training a detector to recognise it takes months. The temporal distance between the two capabilities has widened, not narrowed.

Types of deepfake: what exists, what is targeted

There are at least seven distinct types of deepfake content, each with its own risk profile.

Static and dynamic face-swap. Face exchange, the original technique. Static when applied to a photo, dynamic when applied to video. The most common type in NCII fraud and on social media.

Face-reenactment. A real person is "animated" assuming the expressions and movements of another. Seen in political videos and ads featuring celebrities.

Lip-sync. Lip movements are altered to make a real person say words they never said. The technique behind scams using video of journalists, central bank governors and public figures.

Voice cloning. Voice synthesis reproducing the timbre, accent and inflection of a specific person. Powers fake-relative scams, fake-CEO scams, political robocalls.

Full-body and talking heads. Generated avatars that gesticulate, walk, speak. Synthesia, HeyGen and Sora 2 produce this category of content.

Document deepfakes. Identity documents, contracts, payslips, invoices generated or altered with AI. Sumsub registered a 1,100% increase in deepfake document fraud and a 300% increase in synthetic identity fraud in the United States (Sumsub).

Real-time deepfakes. Live manipulation during a videocall. Technically the most difficult, but expanding: iProov reported +2,665% native virtual camera attacks in 2025.

Each type corresponds to different attacks, different victims, and different countermeasures. Generic detection does not work because a detector trained on face-swap does not recognise voice clone, and a detector trained on voice clone does not recognise document deepfake. Platforms offering "multi-engine detection" attempt to compensate by training specialised ensembles, one per type. It is a useful complementary verification layer. It is not a primary defense.

Deepfake vs shallowfake: where to draw the line

A "shallowfake" is a manually-edited or low-tech manipulation: cuts, splices, slowed-down or sped-up video, mismatched audio dubbing. The 2019 Nancy Pelosi slowed-speech video is the canonical example, with no AI involved, just video editing software. A deepfake, by contrast, uses generative AI (GANs, diffusion models, transformers) to synthesise content that did not exist. The legal and detection implications differ: shallowfakes leave editing artefacts detectable by traditional forensics; deepfakes generate plausible original content that defeats those methods. Both deserve scrutiny, but deepfakes scale exponentially because a single trained model produces unlimited synthetic content, while shallowfakes require human editing time per artefact.

Ten historic deepfake examples that defined the field

1. Channel 4 / Queen Elizabeth II (Christmas 2020): educational TikTok-dance fake delivered as the Queen's Christmas address by the British broadcaster. 2. Jordan Peele / Barack Obama (2018): BuzzFeed PSA where Obama appears to insult Trump, the first deepfake to enter the global news cycle. 3. Mark Zuckerberg deepfake (2019): ironic video where the Meta CEO appears to brag about controlling user data. 4. Synthesizing Obama (Univ. of Washington 2017): first academic full-video deepfake synchronised to audio. 5. Tom Cruise TikTok @deeptomcruise (2021): indistinguishable from the original, millions of followers, basis for the Metaphysic startup. 6. Slovakia, Šimečka audio (September 2023): deepfake released 48 hours before elections during the official "silence period", alleged vote-buying claims, won by Robert Fico. 7. Joe Biden robocall (January 2024): cloned voice telling voters not to participate in the New Hampshire primary, $6M FCC fine. 8. Arup CFO Hong Kong (February 2024): $25.6 million wired after a videoconference with deepfake CFO and entire team. 9. Crosetto case Italy (January 2025): Italian Defense Minister's voice cloned to scam Moratti, Armani, Tronchetti Provera, Della Valle and Beretta. 10. Meloni case Italy (May 5, 2026): deepfake images of the Italian Prime Minister circulated on social media, formal complaint filed, EU debate triggered.

Use cases: legitimate and illicit

Deepfakes are not inherently malicious. They have important legitimate applications worth distinguishing before addressing the dark side.

On the legitimate side, industrial uses cover film (de-aging actors, reconstructing scenes with characters no longer available), corporate training (avatars speaking 30 languages to reduce video production costs), education (reconstructing historical figures for didactic purposes), accessibility (personalised voice synthesis for people who have lost their voice), political satire and concept art. Synthesia claims to serve 200,000 client companies, including half of the Fortune 100. It is a legitimate market worth billions and continuing to grow.

On the illicit side, uses concentrate in seven areas:

1. Financial fraud. CEO scams, KYC manipulation, investment scams. 2. Identity theft. Bypass of biometric verification systems to open accounts, obtain loans, falsify documents. 3. Non-consensual intimate imagery. Sensity AI determined that 96% of online deepfakes are non-consensual pornography, in vast majority featuring female victims (Sensity). 4. Political disinformation. Election influence, public opinion manipulation, war propaganda. 5. Defamation and reputational damage. Fake videos attributing compromising statements or behaviours to politicians, journalists, executives. 6. Forensic evidence falsification. Videos, audio recordings, photos presented in court as evidence when they are synthetic products. 7. Extortion. Threat to publish compromising deepfakes to obtain money or favours.

Each of these areas deserves separate analysis. We do that next, with documented cases and specific numbers.

The real fraud: seven categories, documented cases, quantified losses

In 2025 global losses from deepfake fraud exceeded $900 million, per aggregations reported by the World Economic Forum and DeepStrike Research (WEF, DeepStrike). Deloitte estimates GenAI fraud will reach $40 billion by 2027 in the United States, growing at a 32% compound annual rate (Deloitte Center for Financial Services). Here is how it breaks down.

CEO fraud and Business Email Compromise

This is the category that brought deepfakes into boardrooms. Arup is the reference. January 2024, Hong Kong office of the British engineering firm. A finance employee receives an email from the UK-based CFO requesting a "secret transaction". Suspicious, he accepts a videoconference for clarification. On the call, he sees and hears the CFO and several colleagues. They are all deepfakes, generated from previous real meetings. The CFO's identity is familiar, the colleagues' faces are familiar, the voices are familiar. The employee executes 15 transfers totalling $25.6 million (HK$200 million) to five different accounts. The fraud surfaces only weeks later, when the employee verifies with London headquarters (CNN, Fortune, WEF).

Six months after Arup, in July 2024, Ferrari faces a similar attempt. An executive receives WhatsApp messages and then a phone call from a voice indistinguishable from CEO Benedetto Vigna, describing a "China-related" deal with urgent currency hedging. The executive is suspicious of two details: the unknown calling number and the southern accent of the voice, too pronounced. He asks "Vigna" the title of a book the real CEO had recommended days earlier. The scammer hangs up. Ferrari avoids the loss (Fortune, MIT Sloan Review).

The pattern is structural: urgent contact from internal authority, time pressure, verbal or video channel, irreversible financial action requested. The FBI in its IC3 2024 report records 21,442 Business Email Compromise complaints for $2.77 billion in losses, across 50 US states and 186 countries. The cumulative three-year figure exceeds $8.5 billion (FBI IC3 2024 Report).

Solutions including TrueScreen, the Data Authenticity Platform, address this category by certifying sensitive video calls and payment authorisations at the moment of capture, with cryptographic seal and qualified timestamp. The recorded session becomes legally admissible evidence that any deepfake replay or claim of forgery cannot defeat. As ACFE researcher Mason Wilder observed in a recent interview: "the limits of deepfake fraud are only the limits of the fraudster's imagination" (ACFE).

In Italy, the most documented case is the fake Crosetto. The cloned voice of Defense Minister Guido Crosetto was used to demand wire transfers from high-profile entrepreneurs, with the pretext of ransom for Italian journalists kidnapped abroad which would later be reimbursed by Banca d'Italia. Among those contacted: Massimo Moratti, Giorgio Armani, Marco Tronchetti Provera, Diego Della Valle, Patrizio Bertelli, the Caltagirone, Del Vecchio and Beretta families. At least one entrepreneur actually executed the transfer, of approximately one million euros to a foreign account (Cybersecurity360).

KYC bypass and identity verification

Remote identity verification systems, the same ones banks, fintechs, crypto exchanges and telcos use to onboard new customers, have become the primary target for the second category of fraud. The pattern is simple: the scammer uses a deepfake video or a synthetic document to bypass liveness checks and document verification.

The numbers are striking. Onfido, now part of Entrust, registers in a single year a 31x increase in deepfake fraud attempts, an attack every five minutes, and reports that over 80% of attacks on biometric liveness checks in 2024 are "video-of-video": deepfake videos played on a screen in front of the camera (Onfido). In 2024, digital document fraud overtakes physical for the first time (57% vs 43%), reversing a historic trend (Entrust Fraud Report).

iProov in 2025 documents +2,665% attacks via native virtual camera, +300% face swap attacks compared to 2023, and a crime-as-a-service network with about 24,000 active users selling attack tools. From just three common tools, over 115,000 distinct attack combinations can be derived (iProov Threat Intelligence Report 2025).

For those operating in banking, fintech, online gaming or telco, this is fraud with the most asymmetric cost-to-damage ratio: five dollars for the attack kit, tens of thousands of euros in losses for each compromised KYC. A parallel pillar of our research treats this specific vector in depth: Deepfake video and biometric KYC bypass: defending bank onboarding in 2026.

Investment scams featuring celebrities and financial authorities

The category that has dominated Italian and European news in 2025-2026 is investment scams featuring public figures. The model is recurring: a deepfake video of a journalist, a known entrepreneur or a financial authority promotes on social media a presumed innovative trading or cryptocurrency platform that "multiplies capital". The user clicks, lands on a site mimicking a real broker, deposits a modest sum, sees fake gains in the first days, deposits more, and then discovers the site has disappeared.

The SkyTG24 case is the most documented in Italy. In November 2024, journalists Mariangela Pira and Lorenzo Borga discovered their voices and faces in deepfake videos promoting a fictitious investment platform "created" by Fabio Panetta, governor of the Bank of Italy, and Massimo Moratti (SkyTG24, November 2024). Italian Postal Police shut down approximately 500 sites linked to these scams in early 2024.

Bank of Italy issued an official notice on February 26, 2026, to warn the public about deepfake videos of Governor Panetta in fake television interviews used as bait for fraudulent platforms (Bank of Italy). Bankitalia filed a formal complaint with the judicial authority.

In March 2025, SkyTG24 reported on a deepfake scam that allegedly extracted €33 million from Italian pensioners and entrepreneurs (SkyTG24, March 2025). A single episode in the broader ecosystem mapped by the Postal Police in their annual report.

Non-consensual intimate imagery

This is the category with the highest volume and the gravest ethical dimension. Sensity AI determined that 96% of online deepfakes are non-consensual pornography, with over 100,000 videos circulating, in vast majority featuring female victims (Sensity reports).

The Phica.eu case in Italy showed how this category intersects with political and media dimensions. The forum, active from 2005 to 2025, counted approximately 800,000 registered users, ten million messages, and hosted both stolen photos and AI-generated deepfake imagery with bodies manipulated to appear undressed. Among the victims were Giorgia Meloni, Elly Schlein, Mara Carfagna, Maria Elena Boschi. The forum was shut down in August 2025 after complaints from MEP Alessandra Moretti, Alessia Morani, Valeria Campagna (Il Fatto Quotidiano, August 2025).

On the global celebrity front, the Taylor Swift case of January 2024 had a catalytic effect. AI-generated explicit images of the singer accumulated 45 million views in 17 hours on X before removal and the temporary blocking of searches with her name on the platform (NBC News, TechCrunch). From that moment, political pressure led to the approval of the US TAKE IT DOWN Act.

Voice cloning for family scams

The least flashy but perhaps most widespread category in unreported victim numbers. The model is the fake-child or fake-grandchild in distress.

A documented case: Luco dei Marsi, in the Italian province of L'Aquila. A 79-year-old woman receives a phone call. The voice is her son's. "Mom, I'm in trouble, they're going to arrest me. A friend will come by the house, you need to give her some money or I'll go inside." Minutes later, a woman arrives presenting herself as a lawyer and collects twenty thousand euros in gold. The voice had been cloned from a brief audio recording of the son, probably captured from a social profile (Il Centro).

Pindrop, specialised in voice security, recorded a 1,300% increase in deepfake fraud attempts in 2024, going from one per month to seven per day at the single monitored company. 67.5% of US consumers report being "anxious" about deepfakes and voice clones in banking operations (Pindrop Voice Intelligence Report 2025).

The traditional response to this category is the "family code": a shared word among close family members to use in case of suspicious calls. It is a useful but compensatory defense, not structural.

Political disinformation

The political deepfake had its first manifestation at scale in Slovakia in September 2023, two days before the elections: an audio deepfake of Michal Šimečka regarding electoral fraud and Roma vote-buying circulated on Telegram during the official "silence period". Šimečka was leading in the polls; Robert Fico won. It is the first election in which a deepfake is considered a structural factor (Harvard Kennedy School).

In the United States, two days before the New Hampshire Democratic primaries of January 2024, a robocall with Joe Biden's cloned voice told voters not to participate. Political consultant Steve Kramer received an FCC fine of six million dollars in September 2024, and 26 criminal counts for voter intimidation and impersonating public officials (NPR).

In India, during the 2024 elections, the budget spent on AI-generated content is estimated at $50 million, with Modi voice clones used for Bollywood and Punjabi songs for electoral purposes (Al Jazeera).

The World Economic Forum in its Global Risks Report 2025 indicates misinformation/disinformation as the number one global risk for the next two years, with explicit reference to AI-generated deepfakes (WEF Davos 2025).

We treated electoral risk in depth at Deepfakes in the 2026 Elections: Why Certified Proof Matters More Than Fact-Checking.

Forensic evidence falsification

This is the most recent and potentially most destabilising frontier. A deepfake video or audio presented in court as evidence introduces a new epistemic problem: how do you establish the authenticity of digital evidence when producing realistic synthetic content costs five dollars?

The phenomenon has generated the concept of "liar's dividend" (Chesney and Citron, 2019): in a world where any content can be a deepfake, those who want to deny the authenticity of real content always have the cover of being able to challenge its origin. Lawyers, defendants and parties in cases can claim that a real video "is probably a deepfake" without having to prove anything.

The problem extends from criminal to civil: contracts signed via videoconference, audio of commercial conversations, recordings of job interviews, statements from insured parties. The topic is explored in Deepfakes and criminal proceedings: the digital evidence crisis.

Deepfakes on WhatsApp and messaging channels

An emerging phenomenon in 2025-2026 is the spread of deepfakes through instant messaging applications, with WhatsApp as the primary channel. The pattern combines two elements: a voice cloned from a brief audio sample (just a few seconds suffice for ElevenLabs) and a spoofed phone number simulating that of a family member, executive, or authority. The voice message or short video message exploits perceived urgency to extract a wire transfer, a password, an authentication code. Italian Postal Police, in their January 2026 bulletin, report that "voice scams via messaging" has grown faster than any other online fraud vector. The primary defense is operational: no irreversible financial action should be authorised via messaging without out-of-band verification on the known primary channel (direct phone, corporate email, physical presence). For organisations, source-level certification of sensitive video calls (payment authorisations, board decisions, HR communications) provides a deterministic alternative to channel verification alone.

§7-bis. How to spot a deepfake: visual, audio, and contextual signals

When forensic certification is unavailable, manual inspection remains a partial defense. Trained analysts and informed users can flag synthetic content by combining three signal layers, though the reliability of each shrinks as generative AI improves.

Visual signals. Unnatural blinking patterns or absence of blinking (in less refined versions); mismatched lighting between face and background; blurred or shifting facial edges in rapid movements; uniform teeth without individual detail; inconsistent reflections in the eyes between the two eyeballs; hair that appears "glued" to the perimeter of the head; shadows that do not align with the scene's stated light source.

Audio signals. Absent or unnatural breathing between phrases; monotone intonation or overly regular prosodic patterns; lack of ambient noise consistent with the visible scene (echo, reverberation, traffic); unnatural micro-pauses; metallic sibilants or hard consonants; absence of coughs, hesitations, reformulations that characterise spontaneous human speech.

Contextual signals. The message demands urgent action (wire transfer, password, authentication codes, system access); arrives through a non-standard channel (WhatsApp instead of corporate email, unknown phone number instead of the known one); anomalous time pressure ("within 30 minutes", "before market close"); the sender does not respond to verification questions outside the script (book title shared, verifiable personal detail).

The key limitation. In 2025-2026 deepfakes produced with HeyGen, Synthesia, ElevenLabs, and Sora, these signals have largely disappeared. A meta-analysis of 56 academic papers published in ScienceDirect (2024) confirmed that human deepfake detection accuracy averages 55.5%, statistically indistinguishable from a coin flip. For this reason human verification, alone, is not a scalable defense: it must be combined with out-of-band channel verification, dual-approval procedures for financial decisions, and, in contexts requiring legal proof, source-level authenticity certification.

Detection vs Provenance vs Forensic certification: three approaches compared

The three approaches are complementary, not alternative, organised in tiers that match different reliability and evidentiary requirements. Detection alone, as we have seen, is the weakest tier. C2PA provenance is useful as an industry standard but covers only content whose chain has adopted the protocol. Source-level forensic certification is the strongest tier and the only one with direct evidentiary value in court. Tools like TrueScreen, the Data Authenticity Platform, implement this tier end-to-end across mobile, web, browser extension, API, and SDK.

Why deepfake detection alone is a losing war

Faced with this scenario, the intuitive response is straightforward: build systems that recognise whether content is authentic or synthetic. This is the path of deepfake detection. It is a path travelled by hundreds of startups, by major companies like Microsoft, Intel, Google, by government agencies like DARPA with the SemaFor program. The problem is that it is losing. Not occasionally: structurally.

The data say so clearly.

In the lab, detectors work. In the real world, they collapse. Multimodal state-of-the-art systems achieve 94-96% accuracy under controlled conditions. But when they encounter deepfakes produced with tools they were not trained on, performance drops below 50%, statistically equivalent to a coin flip (Sciencedirect, 2025). The Deepfake-Eval-2024 benchmark, built on "in the wild" deepfakes, documents a 50% AUC decline for video, 48% for audio, 45% for images compared to prior benchmarks (arXiv 2503.02857).

Humans cannot compensate. A meta-analysis of 56 academic papers conducted in 2024 quantified average human accuracy in recognising a deepfake at 55.5%, with a 95% confidence interval crossing 50% (ScienceDirect). Not significantly better than chance. The MIT Media Lab in a study of 2,215 participants showed that deepfakes with state-of-the-art text-to-speech audio are already harder to distinguish than audio produced by a voice actor (MIT).

The arms race is structurally asymmetric. Every new published detector becomes a new discriminator that generators train against. This is the nature of GAN technology, exposed in the technical section. The 2024 study "Adversarial Attacks on Deepfake Detectors" shows how lightweight attacks based on simple 2D convolutional filters (2D-Malafide) are sufficient to bypass state-of-the-art facial detection systems (arXiv 2408.14143). Adversarial training defenses reach 94.1% accuracy, randomized smoothing 92.8%, but only against attacks known at training time.

Generative model refresh speed exceeds detector update speed. Stable Diffusion released five major versions in 24 months. Sora went from v1 to v2 in nine months. Each release introduces new artefacts, new dynamics, new statistical signatures. Detectors train in months. By the time they reach production, the adversary is already a version ahead.

The removable fingerprint problem. One of the most promising research lines in recent years was that of "AI fingerprints": specific statistical traces that every generative model would leave in its produced content. Allowing detectors to identify the specific model that generated an image. A 2025 University of Edinburgh study, however, demonstrated that these fingerprints can be removed with adversarial post-processing techniques and, worse, can be "transplanted" onto authentic content to misclassify it as synthetic (TrueScreen analysis). It is a fundamental problem: the fingerprint that is the defense is also, symmetrically, the next vulnerability.

Multi-engine detection helps but does not solve. Platforms offering commercial detection today tend to use ensembles of specialised models: one trained on face-swap, one on lip-sync, one on voice clone, one on document deepfake, one on compression artefacts. Each engine covers one type. Result aggregation reduces false negatives but does not close the structural problem: a deepfake produced with a future technology, not represented in training sets, escapes all engines simultaneously.

The World Economic Forum in its 2025 detection report puts it sharply: "the race between deepfake creation and detection systematically favours attackers" (WEF, 2025). It is not a temporary defeat. It is a property of the problem.

The liar's dividend: when "it's a deepfake" becomes the perfect alibi

Coined by US legal scholars Robert Chesney and Danielle Citron in the paper "Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security" (Boston University 2019), the liar's dividend describes a paradoxical side-effect of the deepfake era: as the public becomes aware that any video can be falsified, even authentic video can be discredited as "probably a deepfake". Politicians, criminals, and executives can deny real content by appealing to systemic doubt, without having to prove anything. Documented cases include the 2018 Gabon incident, where a real video of President Ali Bongo was accused of being a deepfake during a health crisis, and several January 6, 2021 defendants in Washington who challenged authentic audio as "AI generated". The liar's dividend is the definitive proof that ex-post detection is insufficient: only source-level authenticity certification, immutable and independently verifiable, simultaneously neutralises both the deepfake and the systemic doubt it generates. Tools like TrueScreen, the Data Authenticity Platform, address this exact gap by certifying content at the moment of capture, removing the question from the equation.

There is a way out. It does not consist of improving detection. It consists of changing the point in the chain at which the authenticity guarantee is introduced.

Inverting the problem: certifying authenticity at the source

The logic is the same that applies to paper documents. For a notarial deed, you do not check after the fact "whether it looks authentic". You certify it at the moment of signing, before a public official, on watermarked paper, with a dry seal. The certified signature holds because it is produced in a trust context, not because a graphology expert later confirms it "could be authentic".

For digital content, the same logic translates into a principle: instead of asking whether data is fake, guarantee that data is born authentic by construction. This is what is called, in the literature, "authenticity-by-design" or "data provenance at source". Technically, it means that data is certified at the exact moment it is captured by the sensor (the camera, the microphone), inside a device whose integrity has been verified, with forensic methodology that produces an unalterable, legally admissible chain of evidence.

This approach has three properties that detection cannot have.

Independence from attack technology. If data is certified at the source, it does not matter what generative technology will exist in the future. Content certified with forensic methodology is authenticated for what it is, not for what it appears. Uncertified content is, simply, uncertified: it is not presumed authentic. You exit the arms race by construction.

Legally admissible value. Certification produces cryptographically signed metadata, content hashes recorded on immutable infrastructures, timestamps with legal value. It is material that can be presented in court as evidence under applicable rules of evidence, including under EU regulations such as eIDAS for qualified electronic signatures and qualified timestamps, within their respective scopes. A probabilistic detection report, however sophisticated, does not have the same procedural weight.

Third-party verifiability. Certification produces artefacts publicly verifiable by anyone, at any time. It does not require "trusting" the system that produced the guarantee: the proof is mathematically verifiable. A property that detection, inevitably probabilistic and based on proprietary models, cannot offer.

How TrueScreen operates

TrueScreen is a Data Authenticity Platform: a system that applies this principle to photos, video, audio, screenshots, documents, web navigations, remote communications. It is not a deepfake detection platform. It is a platform that certifies the authenticity of data at the moment it is captured, with forensic methodology.

The architecture has two layers, and it is important to distinguish them to understand the positioning.

Primary layer: source certification with forensic methodology. This is the heart of the system. When a user captures content through one of the TrueScreen products (the mobile app, the Forensic Browser for web content, the Chrome extension, the Web Portal for professional activities), the content is acquired by a device whose integrity is verified, hashed in real time, and sealed with a legally admissible timestamp. The seal is produced by Qualified Trust Service Providers (QTSPs) qualified third parties, integrated via API, operating under the eIDAS regulation. From that moment, the content is immutable at the source: any subsequent alteration would invalidate the seal verification.

Secondary layer: multi-engine deepfake detection as further guarantee. To this core, TrueScreen adds five independent deepfake detection engines. They operate as complementary verification on certified content and on externally acquired content, integrating with the forensic flow. They are reinforcement, not the pillar: if content is certified at the source on a verified device, detection is redundant relative to the primary guarantee. It becomes relevant for content that has not been produced through the platform and must be evaluated ex-post.

The difference from platforms relying exclusively on detection is structural. Those platforms run inside the AI vs AI arms race: every advance in generative models forces them to chase. TrueScreen avoids the race by starting from data that is authentic by construction. When detection is available as a second layer, it is added value. When it is not enough, the first layer holds on its own.

For a deeper technical analysis of the limits of detection alone, we have a dedicated article: AI fingerprints can be removed and forged: the Edinburgh study that challenges deepfake detection. The platform serves those who need legally admissible evidence: law enforcement, legal professionals, banks and fintechs, insurance, newsrooms, HR departments, public authorities.

Verticals and use cases: where source certification changes the game

TrueScreen, the Data Authenticity Platform, is the source-level certification approach used by enterprises in financial services, journalism, legal, insurance, HR, and corporate communications. The authenticity-by-design principle has different operational implications depending on the sector. Worth seeing how it translates in the verticals most exposed to deepfake risk.

Banking, fintech and KYC. Remote onboarding is the hottest front. Financial institutions must demonstrate two things: that the customer is the real person they claim to be, and that the documents they present are authentic. With generic detection, every new generative model introduces compromise risk. With source certification, the selfie and the document scan are captured by a verified session that produces signed metadata. The false positive becomes a structural false negative: an attacker cannot "falsify the capture session" with a deepfake. Detail in Deepfake video and biometric KYC bypass: defending bank onboarding in 2026.

Legal, forensic and judicial proceedings. Lawyers, experts, law enforcement, magistrates work with digital evidence whose authenticity must hold up in court. A conversation recorded on a phone, a chat screenshot, a photo of a crime scene: all elements that, today, can be synthetically produced at trivial cost. Source forensic certification produces admissible documentation, with reconstructable chain of custody and verifiable hashes. It is the historic TrueScreen use case, detailed in Deepfakes and criminal proceedings: the digital evidence crisis.

Insurance. Fraud based on manipulated images or videos of incidents (auto, home, injury) has opened a new risk category for insurance companies. The "remote" assessment, which during the pandemic became standard, is today vulnerable to synthetic content. Certifying the process of acquiring photographic or video evidence by the insured, in real time, blocks this fraud category at the source.

Media and newsrooms. The journalists' problem is dual: defending against deepfakes that impersonate them (the SkyTG24 case) and ensuring authenticity of video sources received and published. A newsroom that adopts source certification for its own productions and for user-generated content evaluated as material reduces its legal exposure and strengthens reader trust. The framework in Deepfakes in the 2026 Elections: Why Certified Proof Matters More Than Fact-Checking.

Companies and executive protection. Arup showed how a single unverified videoconference can cost $25 million. Certifying sensitive internal communications (CFO videocalls, payment authorisations, transfers) introduces a level of guarantee that breaks the deepfake CEO fraud kill chain. The front of Deepfake corporate fraud: why source certification is the real defense.

HR and hiring processes. The emerging phenomenon is remote job interviews with deepfake candidates, often produced by foreign operators to obtain remote IT positions. Trend Micro documented dozens of cases in 2024-2025. Certifying the interview (video session captured on verified device) is a direct defense.

Public administration and remote voting. For authorities managing digital identity, proxies, declarations issued remotely, deepfake risk becomes systemic risk. Certifying sensitive processes replaces conditional trust (based on channel quality) with certified trust (based on verifiable artefacts).

In all these verticals, the logic is the same: shift the point in the chain where the guarantee is introduced. Not downstream, where the problem is probabilistic and constantly updating. Upstream, where the problem is solved by construction.

Regulatory landscape: Europe, Italy, United States, China

2025-2026 marks the first period in which deepfakes are no longer a regulatory void. Four areas need to be known.

EU AI Act, Article 50(4). EU Regulation 2024/1689 introduces a disclosure obligation for those producing or distributing deepfakes. Verbatim text: "Deployers of an AI system that generates or manipulates image, audio or video content constituting a deep fake, shall disclose that the content has been artificially generated or manipulated." The obligation enters into force on August 2, 2026. Exceptions are provided for uses authorised by law for purposes of preventing, detecting, investigating or prosecuting criminal offences, and for "evidently artistic, creative, satirical or fictional" works (AI Act, Article 50). The obligation applies to deployers (those who make the content public), not just to providers of the generative model.

Italy, Law 132/2025, Article 612-quater of the Criminal Code. Published in the Italian Official Gazette on September 25, 2025, in force since October 10, 2025. Verbatim text: "Anyone who causes wrongful harm to a person, by transferring, publishing or otherwise disseminating, without their consent, images, videos or voices that are falsified or altered through the use of artificial intelligence systems and capable of misleading as to their genuineness, is punished with imprisonment from one to five years." The crime is prosecutable on complaint by the offended party, except in connection with another official-prosecution offense or when the victim is incapable. There is an exception for expressive or ironic purposes without harmful intent.

Digital Services Act, Article 35. Very Large Online Platforms (over 45 million monthly EU users) have the obligation to proactively mark deepfakes distributed on their platform with "prominent markings". The approach is transparency-first: labelling, not automatic removal for non-illegal deepfakes. Mandatory content moderation reporting is at least annual (Taylor Wessing analysis).

United States, TAKE IT DOWN Act. Signed by Donald Trump on May 19, 2025, after unanimous Senate vote and 409-2 in the House. It criminalises the publication of non-consensual intimate imagery, including AI-generated, of real persons. It requires platforms to remove content within 48 hours of victim notification. Maximum penalty for those publishing: three years in prison. The notice-and-removal regime is in force from May 19, 2026 (Wikipedia).

China, Deep Synthesis Provisions. In force since January 10, 2023, the first regulation in the world specifically dedicated to deep synthesis (deepfakes). Obligations: mandatory labelling of synthetic content, user authentication for those publishing, explicit consent for editing of faces, voices and biometrics, mechanism to debunk fake news (China Briefing). More restrictive approach than the European one.

FCC and US enforcement. In September 2024, the FCC issued a $6 million fine against political consultant Steve Kramer for the New Hampshire robocalls. The transmitting telco received a $1 million fine. Kramer faces 26 criminal charges for voter intimidation and impersonating public officials (FCC). It is the first major US enforcement action against political deepfake.

For those operating in the most exposed verticals, the combination AI Act + national criminal laws + DSA produces three practical consequences. First: mandatory disclosure of AI-generated content, applying to anyone who publishes, even occasionally. Second: civil and criminal liability for those disseminating deepfakes capable of causing harm, with sanctions reaching imprisonment. Third: the platforms' obligation to proactive marking, which will reduce the virality of some deepfakes but not those produced for targeted scams.

None of these regulations solves the technical problem of "how do you establish whether content is authentic". They sanction those who produce or disseminate with intent, and impose transparency. But the recognition of real content remains an open problem, which the regulator leaves to the industry.

The next 24 months: what changes, what stays the same

Three dynamics define 2026-2028.

Detection will reach its theoretical limit. The 2025 Edinburgh study showed that AI fingerprints are removable. The Deepfake-Eval-2024 study showed that detectors collapse below 50% in real conditions. Sumsub forecasts that "agentic AI scams": fraud orchestrated by autonomous AI agents that generate deepfakes on demand, contact victims, conduct real-time conversations: will be the fastest-growing category in 2026 (Sumsub Annual Report 2026). Against an AI agent that generates, distributes and adapts deepfakes in real time, probabilistic detection loses relevance: the problem becomes systemic, not one of recognition.

The value of source certification rises. The more deepfake volume and quality grow, the more authenticity guarantee on a specific piece of data becomes a strategic asset. For those who must produce evidence (lawyers, banks, newsrooms, law enforcement), moving from probabilistic verification to admissible certification is the leap from a defense that erodes to a defense that holds. The corresponding market: provenance solutions, certified capture, forensic-grade authenticity: is set to grow at a rate well above that of generic detection.

Regulation will push in the same direction. EU AI Act mandates disclosure. US TAKE IT DOWN Act mandates rapid removal. Italian Law 132/2025 mandates criminal liability. All these regulations produce a practical consequence: those who can demonstrate they have acquired content in a certified manner, with forensic methodology and admissible timestamp, have a much stronger defensive position than those who cannot. Compliance becomes a driver of authenticity-by-design adoption.

A conservative projection, based on Sumsub, Onfido, Pindrop and Deloitte: by 2027 global losses from deepfake fraud will exceed $5 billion per year; platforms relying on detection alone will see their effectiveness structurally degrade; those who have adopted source certification as a primary standard for sensitive content will be in a position of competitive and compliance advantage. The transition has begun. The direction is not in question: the speed is.

§12-bis. Glossary: deepfake terminology you need to know

Deepfake. Synthetic media (image, video, audio) generated or manipulated by AI to make a real person appear to say or do something they never did. Coined in 2017 from "deep learning" + "fake".

Synthetic media. Any audiovisual content produced or altered by generative AI, including but not limited to deepfakes. Encompasses also fully synthetic content with no real-person reference.

Shallowfake. Manually-edited or low-tech manipulation (cuts, splices, slowdowns) without AI involvement. Easier to detect with traditional forensics; the 2019 Pelosi slowed-speech video is the canonical case.

GAN (Generative Adversarial Network). A machine learning architecture where two neural networks compete: a generator producing fake content and a discriminator distinguishing real from fake. The technology behind early deepfakes (2017-2020).

Diffusion model. A generative AI architecture that learns to produce content by iteratively denoising random noise into coherent output. Powers Stable Diffusion, Midjourney, DALL-E, OpenAI Sora.

Liveness detection. Biometric verification technique that confirms a person is physically present (vs a photo, video, or deepfake) during identity verification. Critical for KYC processes; commonly bypassed by sophisticated deepfakes.

Source certification. Cryptographic seal applied to digital content at the moment of capture, certifying authenticity from origin. Implemented end-to-end by Data Authenticity Platforms like TrueScreen.

C2PA / Content Credentials. Industry standard developed by the Coalition for Content Provenance and Authenticity. Embeds tamper-evident metadata in media files about origin, authorship, and edit history.

Liar's dividend. Concept introduced by Chesney & Citron (2019) describing how widespread awareness of deepfakes allows real content to be denied as "probably a deepfake". Defeats ex-post detection; defeated only by source certification.

Provenance. The chronological history of a piece of content's origin and modifications. Provenance verification confirms what was done to a file, not whether it accurately reflects reality.

AI watermarking. Technique embedding hidden markers in AI-generated content to identify it as synthetic. Reversible by adversaries; not a robust defense alone.

Forensic seal. Cryptographic signature combined with qualified timestamp applied to evidence in legally admissible form, typically conforming to eIDAS (EU) or equivalent regimes.

Sources cited

Statistics and reports

• Sumsub Identity Fraud Report 2025-2026
• Sumsub: Synthetic Identity Document Fraud +300% U.S.
• Sumsub Annual Report 2026: Agentic AI scams
• Onfido / Entrust: deepfake every 5 minutes
• Entrust Fraud Report (PDF)
• iProov Threat Intelligence Report 2025
• Pindrop Voice Intelligence Report 2025
• Deloitte Center for Financial Services: $40B by 2027
• FBI IC3 Internet Crime Report 2024 (PDF)
• Sensity AI reports
• WEF: detecting dangerous AI in the deepfake era
• WEF: Lessons from the Arup deepfake attack

Documented cases

• Fortune: Arup $25M deepfake fraud
• CNN: Arup Hong Kong deepfake
• Fortune: Ferrari deepfake attempt
• MIT Sloan: How Ferrari hit the brakes on a deepfake CEO
• SkyTG24: Pira/Borga deepfake
• Bank of Italy: Panetta deepfake notice
• Cybersecurity360: fake Crosetto voice scam
• Il Centro: voice cloning Luco dei Marsi
• NBC News: Taylor Swift NCII X
• NPR: Zelensky deepfake surrender
• CBS News: Pope Francis puffer jacket
• Harvard Kennedy School: Slovakia deepfake election
• FCC: $6M fine NH robocalls
• Al Jazeera: India deepfake elections

Technology and academia

• arXiv: Deepfake-Eval-2024 benchmark
• arXiv: Adversarial Attacks on Deepfake Detectors (2D-Malafide)
• ScienceDirect: meta-analysis human deepfake detection
• ScienceDirect: AI in deepfake media review
• MIT Media Lab: Human detection of political deepfakes
• Springer: Advancements in detecting deepfakes
• Chesney & Citron: "Deep Fakes" SSRN paper
• ElevenLabs: voice cloning sample requirements
• OpenAI Sora
• HeyGen pricing
• BuzzFeed News: Obama Peele deepfake
• Fortune: TikTok Tom Cruise deepfake
• CNN: Zao app

Regulation

• EU AI Act, Article 50
• TAKE IT DOWN Act: Wikipedia
• China: Deep Synthesis Provisions
• Italian Polizia Postale: 2025 cybercrime data
• Taylor Wessing: DSA and deepfakes

TrueScreen insights

• Deepfake video and biometric KYC bypass: defending bank onboarding in 2026
• Deepfakes in the 2026 Elections: Why Certified Proof Matters More Than Fact-Checking
• Deepfakes and criminal proceedings: the digital evidence crisis
• Deepfake corporate fraud: why source certification is the real defense
• AI fingerprints can be removed and forged: the Edinburgh study