Notifications
Clear all
Topic starter
12/06/2026 10:25 pm
TL;DR: Theresa Payton’s Arkose Accelerate talk argues that generative AI is accelerating fraud, deepfake personas, and mobile-first abuse while exposing how quickly trust assumptions can fail in modern digital interactions, according to Arkose Labs. The practical issue is not the technology itself but the identity and verification model behind it.
NHIMG editorial — based on content published by Arkose Labs: highlights from Theresa Payton's Arkose Accelerate talk on evolving cyber threats
By the numbers:
- A finance professional was tricked into sending $25 million to fraudsters during a deep fake CFO video call.
Questions worth separating out
Q: How should security teams handle deepfake fraud in high-risk approval workflows?
A: Security teams should treat deepfake fraud as a trust verification problem, not just an awareness issue.
Q: Why do mobile-first workflows increase the impact of synthetic identity attacks?
A: Mobile-first workflows increase risk because users approve requests faster, with less context and less scrutiny than on a desktop.
Q: What do organisations get wrong about voice cloning and executive impersonation?
A: The common mistake is assuming that a convincing voice or video call is proof of legitimacy.
Practitioner guidance
- Tighten approval paths for high-risk requests Require an out-of-band confirmation step for payments, payroll changes, credential resets, and vendor banking updates.
- Separate identity verification from conversational trust Do not let a live call, familiar voice, or polished video become the deciding factor for access or transfer approval.
- Update fraud playbooks for synthetic personas Train finance, HR, and help desk teams to recognise voice cloning, executive impersonation, and AI-written urgency cues.
What's in the full article
Arkose Labs' full post covers the event details this summary intentionally leaves out:
- Theresa Payton's live observations on how security thinking changed from the White House SOC era to today's AI-driven threat environment
- The full voice-cloning demonstration and the practical cues that help teams spot synthetic interaction patterns
- More context on the mobile and generative AI shifts shaping user behaviour across consumer and enterprise workflows
- The broader Arkose Accelerate session framing around collaborative defence and threat intelligence sharing
👉 Read Arkose Labs' Arkose Accelerate recap on deepfake fraud and AI risk →
Deepfake fraud and the governance gap identity teams are missing?
Explore further
13/06/2026 1:11 am
Deepfake fraud is an identity governance problem disguised as a social engineering problem. The attack succeeds when organisations treat human recognition as sufficient evidence of legitimacy. Once voice, video, and messaging can all be synthesized, the governance question becomes whether the request itself has independent assurance. Practitioners should stop assuming that the presence of a real-time human interaction means the identity is trustworthy.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when deepfake fraud leads to a payment or access loss?
A: Accountability usually sits with the organisation that allowed a high-risk action to be approved without sufficient verification. Finance, IAM, and security teams should define who owns escalation, who can stop the transaction, and which controls must fire before the request is executed. Shared accountability only works when it is explicit.
👉 Read our full editorial: Deepfake fraud is forcing identity teams to rethink trust models
