Synthetic media is audio, video, or image content generated or altered by AI to imitate a real person or event. In identity programmes, it creates a trust problem because a convincing fake can influence help desks, approvers, recruiters, or employees before technical controls are even triggered.
Expanded Definition
Synthetic media is not just “deepfakes.” In NHI and IAM contexts, the term covers AI-generated or AI-altered audio, images, and video used to imitate a real person, organisation, or event, often to gain trust, accelerate approvals, or bypass human verification. Usage in the industry is still evolving, and definitions vary across vendors, but the operational risk is consistent: a believable asset can influence decisions before policy engines, PAM, or identity checks are engaged. NIST’s NIST Cybersecurity Framework 2.0 is relevant here because synthetic media typically becomes a detect, respond, and recover problem once impersonation is suspected. The distinction that matters is whether the content is merely edited or materially generated to create false identity evidence. The most common misapplication is treating synthetic media as a content-quality issue, which occurs when teams ignore its role in social engineering and identity fraud.
Examples and Use Cases
Implementing controls against synthetic media rigorously often introduces verification friction, requiring organisations to weigh faster user experience against stronger identity assurance.
- A recruiter receives a convincing synthetic video interview that mirrors a real candidate, creating a trust decision before background checks or callback verification.
- A help desk agent hears an AI-cloned executive voice requesting MFA reset, a pattern seen in high-impact incidents such as the New York Times breach write-up, where identity trust was part of the operational concern.
- An approver receives an altered video message that appears to authorise a wire transfer or secrets rotation exception, pushing the request outside normal workflow scrutiny.
- A security team uses liveness checks, callback verification, and out-of-band approval steps alongside NIST Cybersecurity Framework 2.0 response planning to reduce impersonation risk.
- An internal comms clip is cloned to spread false incident instructions, forcing incident responders to confirm source authenticity before acting.
In practice, synthetic media is often paired with credential theft or account takeover, because the media alone rarely completes the attack. It becomes most useful when a target already recognises the person being imitated and is primed to trust familiar speech, tone, or appearance. The strongest controls therefore combine human verification with policy-based approval, not a single detection tool.
Why It Matters in NHI Security
Synthetic media matters because it attacks the trust layer that NHI programmes depend on. If a fake executive voice, cloned face, or fabricated incident recording can persuade a service desk, approver, or operator, then access control arrives too late. That is why identity governance must treat synthetic media as an upstream risk to secrets, accounts, and delegated authority, not just a media-forensics issue. In the broader NHI landscape, this matters even more because New York Times breach style events show how impersonation and access workflows can intersect with operational failure. NHIMG research also shows that 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface. That means a single convincing fake can have disproportionate impact when privilege is already too broad.
Operationally, synthetic media should be treated as a trigger for stricter verification in high-risk workflows, especially where NIST Cybersecurity Framework 2.0 detect and respond functions depend on trustworthy human reports. Organisations typically encounter the consequence only after a spoofed voice, altered image, or fabricated recording has already caused an approval, at which point synthetic media becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Synthetic media can manipulate agentic workflows and impersonate trusted actors. | |
| NIST CSF 2.0 | DE.CM-1 | Synthetic media is a monitoring and anomaly-detection concern in identity abuse scenarios. |
| NIST Zero Trust (SP 800-207) | 3.4 | Zero Trust limits reliance on appearance or asserted identity as implicit trust signals. |
Verify each request explicitly and avoid granting access based on voice, face, or message alone.
