With the rise of high-quality deepfakes, I am worried about our current biometric authentication methods. Can attackers use AI-generated voice or video to bypass MFA during sensitive administrative sessions? We use video conferencing for identity verification during password resets, and I'm starting to think this is a massive vulnerability in our current Quality Management and security protocols.
3 answers
You are right to be concerned. Deepfake phishing is becoming a potent threat in 2025. Attackers are now able to simulate executive voices during "urgent" calls to authorize fraudulent transactions or bypass security checks. This is why many organizations are moving toward "Biometric Encryption" which converts physical data into encrypted keys that are much harder to spoof than a simple video feed. You should also update your internal verification protocols to require out-of-band confirmation for any sensitive request, regardless of who appears to be on the other end of the video call.
Are you guys seeing these deepfake attempts more in your social engineering tests, or have you actually caught a live attempt in your production environment recently?
We've started using context-aware access controls. It looks at the user's location, device health, and behavior before granting access, even if the MFA is "verified."
Exactly, Barbara. Combining context-aware signals with liveness detection is the best way to stay ahead of these AI-generated social engineering attacks.
David, we actually caught a live attempt last week! Someone tried to impersonate our CFO on a Teams call to change payroll routing. The voice was perfect, but the "vibe" was off—the AI couldn't quite replicate his specific way of asking for things. It was a huge wake-up call for our IT team to implement much stricter liveness detection tools immediately.