Notifications
Clear all
Topic starter
10/06/2026 10:33 pm
TL;DR: Emerging fraud patterns are being caught by an upgraded deepfake detector that uses instant online self-learning, according to SumSub, which reports that multi-step attacks rose 180% in 2025 to 28% of fraud detected on its platform globally. The shift shows why static model refresh cycles no longer match the speed of AI-driven fraud.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- In 2025, the share of multi-step attacks soared by 180%, reaching 28% of all fraud detected by the Sumsub platform globally.
- 17 minutes, redentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What breaks when deepfake detection relies on periodic model updates?
A: Periodic updates create a blind window between the emergence of a new fraud pattern and the system learning how to recognise it.
Q: Why do deepfakes complicate identity proofing and fraud controls?
A: Deepfakes complicate identity proofing because they remove the reliability of a single visible cue.
Q: How can security teams tell whether adaptive fraud detection is working?
A: Look for improvement in both detection speed and decision quality under changing attack conditions.
Practitioner guidance
- Measure detection freshness as a control metric Track the time between a new fraud pattern appearing and the model incorporating it into production decisions.
- Correlate multiple evidence sources before approval Require document, liveness, device, IP, and network signals to agree before approving high-risk identity actions.
- Add compensating controls around high-risk journeys Apply step-up review, transaction holds, or manual exception handling where model refresh cycles cannot keep pace with attack speed.
What's in the full announcement
Sumsub's full analysis covers the operational detail this post intentionally leaves for the source:
- The specific signal layers used in the upgraded detector, including document, liveness, device, and network checks
- The article's description of how online self-learning updates change detection behaviour between model refresh cycles
- The platform's own explanation of how injection methods are analysed alongside deepfake media
- The implementation context behind Sumsub's current fraud detection workflow and the updated model design
👉 Read Sumsub's analysis of adaptive deepfake detection and fraud control →
Deepfake detection is changing fast. Are your fraud controls keeping up?
Explore further
11/06/2026 2:37 am
Static fraud models are now a governance liability, not just a technical limitation. The article shows that periodic deepfake updates leave a blind window in which new attack patterns can spread before the model is refreshed. That is a control design failure, not an accuracy problem. Risk teams should treat refresh latency as a first-class governance metric, because the attacker only needs one unprotected interval to win.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Our research also found that organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control.
A question worth separating out:
Q: Should organisations still keep human review in deepfake-heavy workflows?
A: Yes, but only where the workflow is high-risk and the model cannot adapt quickly enough on its own. Human review should be reserved for exception handling, escalation, and ambiguous cases, not as the main control for every transaction. Otherwise the review queue becomes the bottleneck while attackers exploit faster, automated paths.
👉 Read our full editorial: Adaptive deepfake detection exposes the limits of offline fraud models
