Wielding

Deepfake fraud is becoming a persistent, multiyear corporate risk as synthetic voices circulate undetected.

Deepfake-enabled fraud, which began as novel technical exploits, is now a persistent operational risk with a multi-year shelf life within the corporate ecosystem. According to deepfake-detection provider Resemble.AI, deepfakes typically remain in circulation for three-and-a-half years.

Resemble.AI’s 2025 Deepfake Threat Report, published in March, references an incident in which a voice clone of a German energy company CEO remained in circulation for nearly six years, although it resulted in only a €243,000 loss in 2019.

Determining losses from such attacks is difficult; for the 41 documented incidents last year cited by the research, only $74.9 million in verified losses were reported, with a median per-incident loss of $243,000. However, the authors noted that 71% of victims did not report financial losses, suggesting a higher volume of hidden liabilities.

“What makes them so effective is that they enable both real-time impersonation and the creation of synthetic identities stitched together from real and fake data,” said Dominic Forrest, CTO of biometric security vendor Iproov. “These are extremely difficult to detect, and once trusted, they can be used to bypass controls and commit fraud.”

AI Arms Race

Detecting deepfakes is a growing concern; the authors of the Resemble.AI report estimate that deepfake-based fraud attacks on corporations reached 8.5 billion potential incidents, ranging from audio impersonations of executives to doctored or fake images. The most common targets, Forrest noted, are on account openings, payment authorization, credential reset, and high-value transactions.

Telling a deepfake from the genuine article has become an AI-on-AI battle, experts warn.

The generative AI models producing deepfakes improve continuously via scaling and data, while deepfake detectors rely on signals like artifacts and inconsistencies, which disappear as models improve, said Siwei Lyu, professor of Computer Science and Engineering and director of the Institute for AI and Data Science at the State University of New York at Buffalo.

“In practice, detectors lag by about six to 18 months on specific modalities,” he said. “But more importantly, they are chasing a moving target whose failure modes are actively being optimized away.”

Forrest suggests that firms move their identity verification from single checks to a multi-layered approach: “You need to confirm that a real person is physically present, not a deepfake, while also analyzing the digital environment for signs of compromise. No signal should be trusted in isolation.”

This article first appeared in the May edition of Global Finance Magazine.