About us
By Use Case
Candidate Fraud
Stop fake candidates before they become insider threats
Workforce Integrity
Verify every worker across every interaction, continuously
IT Service Desk Social Engineering
Protect credential resets and MFA enrollment from imposters
Customer Contact Center Fraud
Detect cloned voices and verify callers without adding friction
Executive Impersonation
Defend against deepfake CEO fraud and BEC attacks in real time
By Function
IAM Leaders
Close the gap between credential verification and human identity
CEO & Board
Protect executive identity, authority, and brand trust
CHRO & Talent Acquisition
Secure the hiring process against imposter candidates
CIOs
Defend the remote work trust layer from synthetic identity attacks
CISOs
Defend the remote work trust layer from synthetic identity attacks
Customer Support Leaders
Prevent agents from being deceived into bypassing controls
Fraud Leaders
Stop deepfake-enabled fraud before authorization, not after
Solutions Overview
Platform
Products
GetReal Protect
Protect real-time digital communications
GetReal Inspect
Automate forensic content verification
Services
GetReal Prepare
Build Resilience to malicious synthetic content
GetReal Respond
Access the world’s synthetic content experts
LabsResourcesContact Us
GET A DEMO
GET A DEMO
GET A DEMO
GET A DEMO
GET A DEMO
GET A DEMO

About us

Solutions

Solutions Overview
By Use Case
Candidate Fraud
Stop fake candidates before they become insider threats
Workforce Integrity
Verify every worker across every interaction, continuously
IT Service Desk Social Engineering
Protect credential resets and MFA enrollment from imposters
Customer Contact Center Fraud
Detect cloned voices and verify callers without adding friction
Executive Impersonation
Defend against deepfake CEO fraud and BEC attacks in real time
By Function
IAM Leaders
Close the gap between credential verification and human identity
CEO & Board
Protect executive identity, authority, and brand trust
CHRO & Talent Acquisition
Secure the hiring process against imposter candidates
CIOs
Defend the remote work trust layer from synthetic identity attacks
CISOs
Defend the remote work trust layer from synthetic identity attacks
Customer Support Leaders
Prevent agents from being deceived into bypassing controls
Fraud Leaders
Stop deepfake-enabled fraud before authorization, not after

Platform

Products
GetReal Protect
Protect real-time digital communications
GetReal Inspect
Automate forensic content verification
Services
GetReal Prepare
Build Resilience to malicious synthetic content
GetReal Respond
Access the world’s synthetic content experts

Labs

Resources

Contact Us

Resources

Next

Lorem ipsum

What the Axios Npm Supply Chain Attack Reveals About the New Human Layer Attack Surface

Related

Enterprise Account Recovery Best Practices: Defending Against Credential Reset Attacks

Synthetic Identity Fraud & Deepfakes: Lessons from the 2026 Deepfake Summit

Guest Blog: The CISO’s ROI Framework for Deepfake and Identity Defense

Deepfake Social Engineering and AI Impersonation Attacks Expose a Critical Gap in Cyber Threat Intelligence

Why Process Controls Alone Won’t Protect IT Service Desks Against Social Engineering and Deepfakes

Enterprise Deepfake Protection Is a Business Imperative: Matt Moynahan at HumanX

10 minute read

Author

Sam Bakken

Director of Product Marketing

Date

4/14/2026

Blog

Share

Today’s identity infrastructure wasn’t built for a world where we can’t trust what we see or hear in the digital interactions that make up our workday. That’s the message GetReal Security CEO Matt Moynahan brought to thousands of industry leaders, executives, and media last week at the HumanX AI conference in San Francisco.

That’s not a prediction. Case in point – just a week before the conference, attackers used deepfake-enabled impersonation to exploit a software developer’s trust in interactions he’d had with them through Slack and Microsoft Teams to compromise the Axios Npm software supply chain. The threat is here, and we hear it every single day in our conversations with customers, prospects, and partners.

Enterprise deepfake protection has gone from a theoretical concern to a frontline business risk.

“You can’t not pick up a call. You can’t not respond to a Zoom link. You can’t not consume content, even if you’re questioning it,” Matt explained. “You could do it in your personal life. You can’t do it in business.”

The Case for Content Authentication

Business productivity grinding to a halt because employees have to question every interaction is a risk many organizations haven’t yet reckoned with. Authenticating images, audio, and video has been a foreign concept to cybersecurity, Matt argued, and the gap needs to close.

“What we're trying to do is make sure that the content flowing through the system is clean when you consume it. It could come in the form of a file, like an image, maybe a video as part of an insurance claim, a Zoom or Teams interaction, or a voice call through an IT help desk,” Matt said. 

“Business is run on that. Content is the core to everything, and that content has to be authenticated. And so it's gone from sort of a fringe, dark art, this is funny, to, wow, what would happen actually if you couldn't trust what you're consuming?”

The Democratization of Billion Dollar Criminal Opportunities

For the first time, synthetic identities have become a bigger fraud problem than stolen, real ones. Synthetic identity fraud grew 8x in 2025, now accounting for 11% of all fraud, outpacing traditional identity theft (6.4%) according to the 2026 LexisNexis Risk Solutions Cybercrime Report. AI-enhanced schemes are also estimated to be 4.5 more profitable (and so also at least 4.5 more damaging to victims) than conventional methods according to INTERPOL’s Global Financial Fraud Threat Assessment from March 2026.

Noam Schwartz, co-founder and CEO of Alice and a fellow panelist at HumanX, put it bluntly:. “The economy of cybersecurity completely changed. It's so much easier to perform a state-like scaled attack right now. The entry gap to become a bad actor has dropped. The same way everybody can be an entrepreneur, and we're going to see a billion dollar single entrepreneur company, we're also going to see a billion dollar criminal organization.”

HumanX Panel "Securing AI: Protecting Access Authenticity and Autonomy"

Whether it's a human imposter coming through an interview process, pretending to be somebody they're not, or a synthetic imposter in the form of deepfake technology assuming the real identity of an employee or an executive — fakes showing up in digital processes post-COVID are a massive, massive problem.
Matt Moynahan, CEO, GetReal Security

No Industry is Immune

What’s also striking is who’s feeling the pain. A second session Matt led – a roundtable on deepfakes and the challenges facing HR, finance, and operations – drew recruiting executives, CFOs, medical professionals, and telecom operators. Every industry relies on human interaction to make critical decisions and so is dealing with the same fundamental problem. In a post-COVID, remote-first business world, how can we sufficiently verify that the person on the other end of a digital interaction is whom they claim to be?

The scenarios are not hypothetical. They’re playing out every day. Recruiters face waves of applications from AI-generated personas. Candidate fraud makes remotely verifying a human’s identity a frontline hiring challenge. Attackers engaged in customer contact center fraud use cloned voices and synthetic identities to manipulate help desk agents for account takeover. And executive impersonation, a deepfake CEO or CFO authorizing a wire transfer via a voicemail or Microsoft Teams call, puts financial controls to the test in ways they weren’t designed to handle.

What Enterprise Deepfake Readiness Actually Looks Like

Organizations know the threat exists. Few have tested whether they’re prepared for it.

Matt challenged the HumanX audience to pick three high-stakes scenarios: a voicemail from their CFO authorizing a wire transfer, a video interview with a senior candidate, and a Microsoft Teams call with someone claiming to be from the IT help desk. Assume the content and identities presented were fabricated, how would the organization know? Then, say someone in the organization acted upon it, how would the organization respond?

Answers typically reveal a gap between awareness and preparedness, and therein lies the risk.

Closing the gap requires more than training or adding additional approval layers to large transfers. The voice, video, or image involved needs to be authenticated prior to anyone having to make a judgement call. A combination of detection, continuous identity assurance, and automated policy enforcement needs to come together, but without treating legitimate employees, customers, prospects, or candidates as suspects. 

Matt was adamant that enterprises and regulators have solved other such complex problems in the past. So there is hope. But it begins with understanding exposure, identifying highest-risk interactions, what current controls can and cannot see or act upon, and what it takes to stop a fake before the damage is done.

Conversations such as those at events like HumanX are encouraging, but enterprises need to start now to turn awareness into action and risk mitigation. 

Want help understanding your organization’s exposure? Request a threat briefing with GetReal’s digital forensics and identity security experts.

Related posts