Deepfakes

A deepfake is AI-generated media — image, video, or audio — that convincingly depicts a real person doing or saying something they never did. The word combines “deep learning” with “fake.”

What started as a niche concern is now an everyday threat. Video generation and voice cloning have made deepfakes cheap, fast, and accessible. You no longer need technical expertise. A browser and a few clicks will do.

This is one of the areas where AI’s capability outpaces our defences.

---

How They Work

Face swapping — One person’s face mapped onto another person’s body in video. The original technique. Still common.

Face generation — Entirely synthetic faces that never existed. Used for fake profiles, stock imagery fraud, and social engineering.

Voice cloning — Text-to-speech models trained on a target’s voice. 15-30 seconds of sample audio is enough.

Full video generation — Text-to-video models can now generate realistic footage from scratch. Combine with voice cloning and you have a convincing fake of anyone.

Real-time deepfakes — Live video calls where the caller’s face is replaced in real-time. Already demonstrated and improving.

---

The Harm

Financial Fraud

• Voice clones impersonating executives to authorise wire transfers
• Fake video calls with “colleagues” requesting urgent action
• Romance scams using generated faces and voices
• See AI Scams & Social Engineering for the full picture

Political Manipulation

• Fabricated speeches by political figures
• Fake “leaked” footage timed for elections
• Propaganda at scale — generate, translate, deploy across platforms
• The “liar’s dividend” — real footage can be dismissed as fake

Non-Consensual Content

• The most immediate, personal harm
• Overwhelmingly targets women
• Growing legal response: criminalised in multiple jurisdictions
• See Court Rulings for emerging case law

Evidence & Trust

• Fabricated evidence in legal proceedings
• Erosion of trust in all media (“seeing is no longer believing”)
• Challenge to journalism: how do you verify anything?

---

Detection

Can we tell what’s fake? Sometimes. But the arms race favours the creators.

Current detection approaches:

• Digital forensics — Pixel-level analysis, compression artefacts, temporal inconsistencies
• AI-based detection — Models trained to spot synthetic content (fighting fire with fire)
• Metadata analysis — Provenance tracking, C2PA content credentials
• Behavioural analysis — Lip sync accuracy, blinking patterns, micro-expressions

The problem: Detection models are always one generation behind the creation models. What’s detectable today won’t be tomorrow.

The better approach: Provenance — prove content is real rather than trying to prove fakes are fake. The C2PA standard (Content Provenance and Authenticity) embeds cryptographic proof of origin in media. Adobe, Microsoft, and others are adopting it. But adoption is far from universal.

---

What the Law Says

The legal landscape is catching up, inconsistently:

• EU: The EU AI Act requires AI-generated content to be labelled as such. Penalties for non-compliance.
• US: State-level laws (California, Texas, others) criminalise specific types of deepfakes (political, non-consensual). No comprehensive federal law yet.
• UK: Online Safety Act covers non-consensual deepfakes. The courts are establishing precedent.
• China: Requires labelling and consent for deepfake content. Among the strictest regulations.

See Legal & Compliance for jurisdiction-by-jurisdiction tracking.

---

What You Can Do

As an individual:

• Question dramatic or sensational media, especially if it arrives via social channels
• Verify through independent sources before sharing
• Be sceptical of “leaked” footage, especially around elections
• Know that a familiar voice on the phone might not be who you think

As a business:

• Implement multi-factor verification for financial approvals (never authorise based on voice/video alone)
• Train staff on deepfake awareness
• Consider C2PA adoption for published content
• Include deepfake scenarios in incident response planning

As a developer:

• If building with generative AI, implement watermarking and content labelling
• Follow EU AI Act transparency requirements
• Consider the dual-use implications of what you build

---

Go Deeper

• AI Security — The full AI security landscape
• AI Scams & Social Engineering — How deepfakes enable fraud
• Video AI Models — The technology behind video deepfakes
• Audio & Speech AI — Voice cloning technology
• Court Rulings — Emerging legal precedent
• EU AI Act — Regulatory requirements for synthetic content
• AI Safety & Ethics — The broader context
• AI Intelligence Hub — Back to the hub home

Sources

• AI Incident Database — Documented deepfake incidents
• Sensity AI — Deepfake detection and monitoring
• C2PA — Content Provenance and Authenticity standard
• MIT Media Lab — Detect Fakes — Educational resource