Deepfake Attacks Keep Working Because We Keep Detecting Instead of Proving

Why Deepfake Detection Is a Losing Game

In 2025, deepfake-related fraud losses in the United States hit $1.1 billion, tripling from $360 million the year before. Deepfake-enabled vishing attacks surged 1,600% in a single quarter. Generative AI fraud losses in the United States are projected to climb from $12.3 billion in 2023 to $40 billion by 2027.

The security industry's primary response has been better detection. Train models to spot synthesized video. Analyze audio for artifacts. Layer biometric liveness checks on top of identity verification workflows.

The problem: detection is a classification problem, and classification problems have error rates that grow as the adversary improves. Deepfake detection tools achieve 45-50% lower accuracy in real-world conditions compared to laboratory settings. Human accuracy at identifying high-quality deepfake video sits at just 24.5%. In a Keepnet Labs survey, 60% of people claimed they could spot a deepfake, but performance data says otherwise.

Gartner predicted that by 2026, 30% of enterprises would consider identity verification and authentication solutions unreliable in isolation due to AI-generated deepfakes. That prediction is landing on schedule.

The fundamental issue is structural. Detection is reactive: you are always responding to the latest generation technique. Cryptographic identity proof is deterministic: it does not care how realistic the fake is because it never relies on what someone looks or sounds like in the first place.

The $25 Million Video Call That Changed Everything

In early 2024, a finance worker at British engineering firm Arup received a message that appeared to come from the company's CFO requesting an urgent fund transfer. The worker was suspicious. That instinct was correct.

Then the worker joined a video call. Every participant on the call, including the apparent CFO, was a real-time deepfake. The faces looked right. The voices matched. The worker made 15 wire transfers totaling $25.6 million.

Detection worked at the email stage. The worker spotted the phishing attempt. But detection failed completely at the video call stage because the deepfakes were good enough to override human judgment.

This is not an edge case. It is the logical endpoint of the detection paradigm. As generation quality improves, the window in which detection works shrinks. A voice clone now requires only three seconds of sample audio to achieve an 85% match. Forty-seven AI tools are specifically designed to bypass know-your-customer verification processes.

The Arup attack did not exploit a software vulnerability. It exploited a trust architecture built on visual and auditory recognition. The fix is not better detection. It is a different trust architecture entirely.

Identity Is the Real Security Boundary

Jasson Casey, CEO of Beyond Identity, frames the deepfake problem as a symptom of a deeper architectural failure. "In the beginning of the show, we talked about trying to identify deepfakes, which is in itself a sort of chasing the problem," he said on The Security Podcast of Silicon Valley. "It's a reactive function versus the systems that we all aspire to build are proactive. Instead of doing the root cause analysis of the event, we much rather prevent the event from happening in the first place."

The root cause is that most identity verification systems ultimately rely on something that can be faked: a face, a voice, a password, a one-time code sent to a phone. Each of these is a "shared secret" or a biometric signal that moves across a network and can be intercepted, replicated, or synthesized.

Casey's thesis is that identity, not infrastructure, is the real security boundary. "If I can guarantee credentials don't move, then credential theft goes away," he explained. The same principle applies to deepfakes. If authentication does not depend on recognizing a face or voice, then a perfect deepfake of that face or voice is irrelevant to the security decision.

This is the shift from detection to proof. Detection asks: "Is this real?" Proof asks: "Can this device produce a valid cryptographic signature?" The first question gets harder every year. The second has a mathematically verifiable answer that does not degrade as AI improves.

Organizations building zero trust architectures face this choice directly: trust biometric signals that generative AI can now reproduce, or trust cryptographic proofs that generative AI cannot forge.

How Cryptographic Proof Makes Deepfakes Irrelevant

Three technologies are converging to make the "prove, don't detect" paradigm practical.

FIDO2 passkeys authenticate users through cryptographic key pairs bound to physical devices. The private key is stored in a TPM (Trusted Platform Module) or secure enclave and never transmitted. Authentication involves a challenge-response protocol: the server sends a challenge, the device signs it with the private key, and the server verifies the signature with the public key. No face, voice, password, or OTP enters the equation.

If the Arup finance worker had been required to authenticate each video call participant through a FIDO2 challenge, the deepfake video would have been irrelevant. The attacker would have needed physical possession of each impersonated person's device, not just their face.

Passkey adoption is accelerating. Sixty-nine percent of users now have at least one passkey. Forty-eight percent of the top 100 websites support passkeys. Login success rates with passkeys reach 93%, compared to 63% with traditional authentication.

C2PA (Coalition for Content Provenance and Authenticity) applies the same principle to media. Instead of detecting whether a video is synthetic, C2PA cryptographically signs content at the point of creation. A valid C2PA signature proves the content originated from a specific device at a specific time. Content without a valid signature is treated as unverified, regardless of how realistic it appears.

Continuous device attestation extends the proof model beyond login. Rather than authenticating once and trusting the session, device-bound credentials can continuously prove that the same device and key pair are present throughout a transaction. This addresses session hijacking and real-time account takeover attempts.

Casey described how Beyond Identity's approach held up under real pressure. "We've had a couple of run-ins with state actors and our product performed," he said. The company received credit from multiple incident response and red teams for blocking sophisticated attacks that targeted the identity layer.

The security model for AI agents follows the same logic. When autonomous systems make decisions, their identity must be cryptographically verifiable, not based on API keys that can be stolen or tokens that can be replayed.

What the Shift From Detection to Proof Looks Like

The NIST Cybersecurity Framework 2.0, released in 2024, added a "Govern" function and the new Cyber AI Profile (IR 8596) specifically addresses AI-era identity threats. NIST SP 800-63 Revision 4 overhauled digital identity guidelines to emphasize phishing-resistant authentication.

Casey sees this decade as an inflection point. "The 2010s was all about finding the bad guy and evicting them. EDR was built around that rallying cry," he said. "I think this decade is interesting because we can shift a lot of our attention from detect and respond a little bit left to identify and protect, which is really more about prevention."

For security leaders evaluating their deepfake defenses, the practical steps are direct:

1. Replace biometric-only verification with cryptographic passkeys. Any workflow that relies solely on face or voice recognition for identity verification is now a deepfake target.

1. Require device-bound authentication for high-value transactions. Hardware-backed keys cannot be cloned, even if the user's face and voice can be.

1. Evaluate C2PA for media-dependent decisions. If your organization makes financial, legal, or operational decisions based on video or audio content, cryptographic provenance should supplement or replace visual inspection.

1. Treat detection as a signal, not a gate. Deepfake detection tools can flag suspicious content for review, but they should not be the sole control preventing fraud. The authentication system itself must be deepfake-proof.

The organizations that keep investing exclusively in detection are playing a game where the adversary improves faster than the defender. The ones that shift to cryptographic proof are playing a different game entirely, one where the underlying math does not degrade.

The same risk applies when AI agents write and deploy code without human review. If the agent's identity is not cryptographically verified, its outputs cannot be trusted regardless of how sophisticated its capabilities are.

The identity layer is where deepfake attacks succeed or fail. Making that layer cryptographic rather than biometric is the architectural decision that determines whether deepfakes remain a threat or become irrelevant.

Listen to the Full Episode

Jasson Casey joined Jon McLachlan (co-founder of YSecurity and Cyberbase.ai) and Sasha Sinkevich (co-founder of YSecurity and Cyberbase.ai) on The Security Podcast of Silicon Valley to discuss why chasing deepfakes is the wrong approach and how cryptographic identity makes impersonation attacks structurally impossible.

The full conversation covers TLS vulnerabilities, the "moving secrets" thesis, device-bound credentials, enterprise deployment reality, and what it looks like when the system holds up against state-sponsored attackers.