Notifications
Clear all
Topic starter
24/06/2026 6:58 pm
TL;DR: Deepfake content has grown from roughly 500,000 files in 2023 to an estimated 8 million in 2025, while people correctly identify high-quality deepfake video less than 25% of the time, according to DigiCert. Content authenticity is now a lifecycle governance problem, not a moderation problem, because provenance must travel with media from creation through distribution.
NHIMG editorial — based on content published by DigiCert: Combating deepfakes and misinformation with content trust
By the numbers:
- People correctly identify high-quality deepfake video less than 25% of the time.
Questions worth separating out
Q: How should organisations verify whether media is authentic before they act on it?
A: Organisations should verify authenticity using provenance, not appearance.
Q: Why do deepfakes create a governance problem for security teams?
A: Deepfakes create a governance problem because they undermine trust in evidence used for decisions, approvals, fraud checks, and incident response.
Q: When should organisations invest in content provenance controls?
A: Organisations should invest when content can influence money, reputation, safety, or access decisions.
Practitioner guidance
- Embed provenance at creation Require high-risk content to be linked to a verified device or publishing system at the moment of creation, with tamper-evident timestamping and origin metadata.
- Preserve change history through editing Track who changed the media, when they changed it, and what changed, so downstream reviewers can distinguish legitimate editing from manipulation.
- Require independent publisher verification Sign published content with an independently verifiable identity so audiences can confirm both the media and the publisher without relying on platform reputation.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- Stage-by-stage explanation of how C2PA manifests preserve provenance through creation, editing, publication, and distribution
- Specific guidance on how DigiCert's Content Trust Manager signs content and links it to verified devices and systems
- How Device Trust Manager can embed C2PA certificates directly into imaging devices and OEM workflows
- More detail on the tamper-evident record model and how enterprises can operationalise it at scale
👉 Read DigiCert's analysis of content trust for deepfakes and misinformation →
Deepfakes and content trust: what IAM teams need to do now?
Explore further
25/06/2026 4:01 am
Content trust is becoming an identity problem, not just a media problem. The article is really about proving origin, preserving state, and carrying trust across a lifecycle. That is the same governance logic used for identities, credentials, and access artefacts, where authenticity matters as much as possession. The implication is that organisations must stop treating synthetic media as a standalone content issue.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how quickly trust gaps become governance gaps when identities are not continuously observed.
A question worth separating out:
Q: What is the difference between content moderation and content trust?
A: Content moderation tries to detect and remove harmful media after it appears. Content trust proves what is real before and after publication by preserving origin, edits, and publisher identity. Moderation is reactive and inconsistent across platforms, while trust is a durable evidence model that follows the content lifecycle.
👉 Read our full editorial: Content trust for deepfakes is becoming a lifecycle problem
