TL;DR: AI-generated deepfakes, cloned voices, and coordinated misinformation are accelerating election fraud risks, with Sumsub reporting a 245% year-on-year increase in deepfakes in 2024 and a 180% rise in sophisticated fraud in its 2025-2026 Identity Fraud Report. Trust assumptions built for human-paced verification are breaking under synthetic media at scale.
At a glance
What this is: This guide explains how AI is changing election fraud, from deepfakes and voice clones to misinformation and ballot process abuse.
Why it matters: It matters to IAM and security practitioners because the same identity, verification, and trust controls used in enterprise programmes are now central to protecting voter access, process integrity, and public confidence.
By the numbers:
- In 2024, Sumsub detected a 245% year-on-year increase in deepfakes worldwide.
- Our 2025-2026 Identity Fraud Report found a 180% rise in sophisticated fraud.
👉 Read Sumsub's full guide on election fraud and AI deepfakes in 2026
Context
Election fraud is no longer limited to ballot stuffing or forged registrations. AI-generated voices, synthetic video, fake websites, and coordinated disinformation now target the trust layer around elections, which makes identity verification, content provenance, and process integrity part of the same governance problem.
For identity and security teams, the important shift is that fraud now combines impersonation with scale. The operational challenge is not only proving who is eligible to act, but also preserving confidence that what voters, candidates, and election officials see and hear is authentic.
Key questions
Q: How should organisations respond to AI-generated election impersonation?
A: They should create a verification workflow that combines content provenance checks, authoritative source validation, and rapid public correction. The goal is to confirm whether a voice, video, or message is authentic before it shapes voter behaviour. Election teams need named owners, escalation paths, and pre-approved messaging so response is fast enough to matter.
Q: Why does AI make election fraud harder to contain?
A: AI lowers the cost of creating convincing fake content and increases the speed at which it can spread. That means fraud can target voters, candidates, and election officials simultaneously across multiple channels. The problem is not only scale, but plausibility, because people are more likely to trust a synthetic message that matches a real identity.
Q: What do security teams get wrong about election deepfakes?
A: They often treat deepfakes as a content moderation issue rather than a trust and identity issue. In practice, the risk is broader: a fake can suppress turnout, impersonate authority, or trigger false claims about result legitimacy. Defences need to cover provenance, channel integrity, and public communication, not just image or audio detection.
Q: Who is accountable when AI-driven fraud affects an election?
A: Accountability usually spans election authorities, campaign teams, platforms, and technology providers, depending on where the control failure occurred. Organisations should define ownership for detection, verification, response, and public communication before an incident happens. Without clear accountability, the fraud narrative can spread faster than any single team can contain it.
Technical breakdown
Deepfakes and voice cloning as election impersonation
Synthetic media turns identity into a visual and auditory claim rather than a verifiable one. Voice cloning can mimic trusted figures, while video generation can fabricate endorsements, withdrawals, or emergency instructions. The problem is not just realism, but timing: a convincing fake placed close to voting day can outpace manual verification and correction. In practice, this weakens the reliability of official communications, media channels, and voter outreach when speed matters most.
Practical implication: election organisations need rapid verification and public correction workflows before synthetic content can cascade.
Disinformation as a trust attack on the voting process
Disinformation campaigns do not need to alter a ballot to change an outcome. They can suppress turnout, confuse voters about polling locations or eligibility, or create doubt about whether results are legitimate. That makes the information environment part of the attack surface. From an identity perspective, this is a trust-routing problem: attackers exploit human trust in names, faces, voices, and institutional signals to redirect behaviour without touching the core election system.
Practical implication: teams should treat public-facing election messaging as a protected identity channel with verification controls.
Remote voting and account takeover risk
Online and remote voting expand access, but they also widen the identity attack surface. Phishing, credential theft, account takeover, fake portals, malware, and suspicious device reuse can all compromise the path from voter authentication to ballot submission. The challenge is to maintain eligibility checks, ballot secrecy, and secure submission at the same time. This is similar to enterprise IAM problems where access must be strong enough to prove identity but constrained enough to prevent misuse.
Practical implication: implement layered authentication, anomaly monitoring, and secure ballot handling for any digital voting workflow.
Threat narrative
Attacker objective: The attacker aims to manipulate voter behaviour and erode confidence in the legitimacy of the election process.
- Entry begins with AI-generated robocalls, fake videos, synthetic audio, or fraudulent websites that impersonate candidates, officials, or election services.
- Escalation occurs when the fabricated content spreads through social media, messaging, or campaign channels faster than verification teams can respond, amplifying confusion and mistrust.
- Impact follows when voters are suppressed, institutional confidence falls, or election results are questioned despite legitimate outcomes.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI election fraud is fundamentally an identity problem, not just a misinformation problem. Synthetic voices and deepfakes succeed because they hijack the trust relationship between institutions and the public. Once that trust is undermined, the election ecosystem has to prove authenticity under hostile conditions, which is much harder than simply blocking a bad message. Practitioners should treat provenance and verification as core controls, not communications afterthoughts.
Deepfake-enabled election fraud exposes a named trust gap: provenance without verification is not enough. An authentic-looking clip can be false even when it is distributed through legitimate channels, which means identity assurance must extend beyond the origin of the file. That is why election programmes need controls that can validate both the sender and the content trail. Practitioners should assume that “looks real” is no longer a useful test.
Remote voting inherits the same account takeover patterns that already drive enterprise fraud. Credential theft, fake portals, suspicious devices, and repeated access from shared infrastructure are familiar abuse signals in digital identity programmes. The difference is that the consequences are civic, not commercial, and recovery is slower because public confidence is part of the asset being protected. Practitioners should align remote voting protections with stronger identity assurance and anomaly detection.
Election integrity now depends on a multi-channel identity model across humans, systems, and public communications. Voters, campaign staff, election officials, and content distribution platforms all become part of the trust chain. That creates a governance challenge similar to cross-domain identity programmes, where the weakest channel can undermine the entire control plane. Practitioners should design election safeguards as a layered identity and trust architecture.
Fraud detection must move from event response to trust continuity. The scale of AI-generated fraud means that one-off debunks are no longer sufficient when synthetic content can be recreated continuously. Governance needs to assume persistent adversarial pressure across the full election lifecycle. Practitioners should plan for ongoing verification, not episodic incident handling.
From our research:
- Our 2025-2026 Identity Fraud Report found a 180% rise in sophisticated fraud, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
- Use Ultimate Guide to NHIs to compare how identity trust failures evolve across human, machine, and emerging agentic systems.
What this signals
Election programmes should now assume that authenticity can be attacked at the message layer before it is attacked at the system layer. That changes where verification needs to sit in the operating model, especially for public-facing communications, digital registration, and emergency voter updates. The practical signal is that identity assurance and provenance checking have become part of governance, not just security operations.
Identity teams that already manage phishing, account takeover, and access anomalies have a usable model for election fraud defence. The same discipline applies, but the trust object is broader because it includes public narratives and official communications. Teams should map election-facing channels into their verification and escalation paths, and align the control set with the NIST Cybersecurity Framework 2.0.
AI-driven fraud will continue to compress response windows, which makes pre-established controls more valuable than ad hoc detection. With synthetic content now easier to generate than to disprove, organisations need authenticated channels, named approvers, and repeatable evidence-handling processes. The governance lesson is that trust continuity has to be designed before the first deepfake appears.
For practitioners
- Build a rapid provenance verification workflow Create an internal process for checking suspicious audio, video, and images against official sources, metadata, and known communication channels before public correction is issued.
- Protect voter-facing channels with stronger identity controls Use multi-factor authentication, anti-phishing protections, and monitored access for online election services, registration portals, and staff accounts.
- Monitor for coordinated impersonation patterns Track repeated use of similar voice models, domains, infrastructure, or social accounts across multiple narratives to identify organized fraud campaigns early.
- Treat public correction as part of incident response Prepare approved statements, escalation paths, and verification owners so misinformation can be countered quickly before it becomes the dominant narrative.
Key takeaways
- AI-generated election fraud works by undermining identity trust, not only by spreading false information.
- The scale of the problem is accelerating, with Sumsub reporting a 245% increase in deepfakes and a 180% rise in sophisticated fraud.
- Election defence now depends on provenance, rapid verification, and clear accountability across every voter-facing channel.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Election fraud here hinges on authenticating voters and officials correctly. |
| NIST CSF 2.0 | DE.CM-1 | Fraud detection depends on monitoring for abnormal access and impersonation patterns. |
| NIST SP 800-63 | Remote voting and digital services require strong identity assurance. |
Use identity assurance, authentication, and federation principles to protect voter access and submission.
Key terms
- Deepfake: A deepfake is synthetic audio, video, or imagery generated to imitate a real person or event. In election contexts, it can impersonate candidates, officials, or trusted voices to mislead voters, suppress turnout, or create false evidence that undermines confidence in the result.
- Election interference: Election interference is any deliberate action that distorts voter behaviour, election operations, or public confidence in outcomes. It can include impersonation, disinformation, manipulation of official channels, and process abuse that does not necessarily change the vote tally but still harms integrity.
- Content provenance: Content provenance is the evidence trail that shows where a piece of media came from and how it changed over time. It helps distinguish authentic communications from manipulated or fabricated material, but it only works when paired with verification and trusted publishing channels.
- Identity assurance: Identity assurance is the level of confidence that a person or system is really who it claims to be. In election programmes, it applies to voters, officials, and digital services, and it becomes critical when attackers try to impersonate trusted identities at scale.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.
This post draws on content published by Sumsub: Election Fraud Worldwide: How AI Is Eroding Trust in Elections (2026). Read the original.
Published by the NHIMG editorial team on 2026-06-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
