Transcript
Well, hello and welcome everyone. My name is Perry Carpenter. I'm KnowBe4's Chief Human Risk Management Strategist, and I'm excited today to talk to you about deepfakes. And in this presentation, I'm going to go a little bit of stream of consciousness as we talk about the subject of deepfakes and the impact that they are very likely going to have on 2026, the way that you should be able to think about them, the way that you can be preparing your end users to think about those as well as they're being used more and more and more in social engineering attacks and disinformation attacks and celebrity impersonations, political impersonations, and of course, leadership within companies. Today at the end of the program, we do have Chris Littlefield with us, who is our Principal Product Manager. He's going to be talking about an exciting development within the KnowBe4 platform, which is the ability for anyone, well, specifically the admin in your company, to create deepfakes with a simple upload of a video and a couple decisions on your end. And so that is going to be a safe and effective and scalable way to test people using the types of technology that we're going to talk about today. So let me give you a quick rundown on what I've got going. So I've got my camera set up a little bit different than most people as a little bit kind of like a live stream set up. So right in front of me right now, if I press this button, you'll see the slides that I've prepared for today. If I click another button in front of me, you'll see my desktop and whatever I'm deciding to share. If I were to have some, maybe some, you know, browser up or something, you'll be able to see me go over to that. And then if I just want to move my picture over to the other side, you'll see that. I also have a couple of fun things I'm going to be able to trigger as we go through that. But that is what we have today as far as my camera setup. So let me get into setting the stage for us. Deepfakes are something that are on everybody's mind. And just in 2025, we really, really hit a tipping point where the believability of both the image and the voice have gotten to where most people can be in the spot where they don't know what is real and what's not. And I'll give you a quick example. So here's a special message that I put together using one of the tools that anybody that just knows where to go can access. This is OpenAI's Sora 2 platform. And I went through the trouble of actually removing all the watermarks the same way a bad actor would as well. But you'll get to see and hear what this sounds like as we get this special message. Today, we can take a moving picture of a man, change his words, even his face, and make it appear to the world that he said something he never did. People have always enjoyed a good illusion. Film itself is nothing but shadows and light arranged to deceive the eye. Now we have an invention called a deepfake. A machine can dress a stranger in my face and make him say anything at all. There's a new trick out there. People can make it look like anyone is saying anything. They call them deepfakes. They're getting better, sharper, and more believable by the day. So that always begs the question, right? Because I do have people that attend these sessions and they've heard the term deepfake thrown around a lot, but they don't really necessarily know what it means. They've got an inferential understanding of what a deepfake is, but they might not know the technical definition. So I'm going to give you a semi-technical yet really, really easy to understand definition for deepfake. So deepfake is just a combination of two words, deep and fake. And I think we all understand that. So deep relates to deep learning, machine learning, neural networks, the processes and the math involved in creating something, this synthetic thing. And that is where the word fake comes in. Fake means it's not natural. It's not real. It is fake. Or other words, it is synthetic. And so one of the more academic terms for a deepfake is what we would call synthetic media. So fake media. Many times when you hear the word deepfake, it's used synonymously with the bad version of synthetic media, meaning that it's intended to trick someone, deceive someone into doing something or believing something. So that's the way I think about deepfake. So deep is just the neural networks, the AI-ness of it all. And fake is the fact that you are generating a false version of reality. So how bad is it? And this is one of the things, this version of the presentation that I'm showing today is something that evolves. It's like every time I give this presentation, I have to go back and look at a couple of things to see if there's interesting new stats or stories that I want to share. And there are a couple of new stories that I want to get into today that I've pulled from the headlines. But really quick, how bad is it? There was an interesting stat from Gartner research that's being reported on here in Info Security magazine, and that is deepfake attacks hit two thirds of businesses. And so here's the the gist of it. Nearly two thirds, 62 percent of organizations have experienced a deepfake attack within the last 12 months, according to a new Gartner survey. These either involve social engineering, impersonating someone during an audio video call or exploiting an automated verification such as face or voice biometrics, which means, you know, those those nifty voice biometrics that are used by banking systems and financial systems that you might just need to say a code word or something within within the verification process. If that's relying on a biometric voiceprint, it's not really dependable at this point. A lot of that needs to get retooled to really build the verification process back up and build the the robustness of how it's determining real or fake backup as well. Which gets into the second thing that we see in this article, which is the person from Gartner that's being mentioned here is saying, hey, you know what, we need to integrate deepfake detection into everyday tools. And I'll add this comma cautiously. I do think that deepfake detection is something that we have to be thinking about. Deepfake detection technologies are something that we have to be thinking about. However, what I've seen in my own testing is that every single deepfake detection platform that I've tested right now, I've been able to bypass either intentionally or accidentally. And by that, what I mean is that I'll run things through that I've created that I know are fake and I might not even be trying to defeat the technology, but it shows is real. I've also had real videos of myself and other people or audio clips of myself and other people that I've uploaded, and they've said that it was fake. And so for right now, many of the tools that are out there to detect deepfakes, the ones that are being mentioned and hinted at right, right here, they're kind of coin toss accuracy. However, the one that's mentioned here specifically is one that's getting better. And that is deepfake detection for live face to face video interaction through zoom or teams or those kinds of things, because there are several different things that can be checked and layered upon one another. For instance, looking for a voice print and what kind of artifacts are within the voice. Also looking at things like frame rates and whether there are dropped frames in the video glitching. Is there a liveness detection that can be detected in the vascular structure of the person that's on camera? All of that can be layered on each other. And it's really difficult right now in early 2026, it's really difficult for someone to keep all of that at the level that it needs to be to continuously pass that kind of multilayered verification. So in those cases, those really narrow live voice call, voice and video call systems, I think that those prolonged ones where somebody is trying to maintain that synthetic identity for a long period of time, that's where detection can start to actually make a dent. Where it's not as effective as I would want it to be right now is can you just upload an image and get a yes or no on whether it's synthetic? Somebody trying to bypass that, they'll find a way to bypass it generally. Same thing with if I upload an audio clip and I'm trying to be deceptive, will I be able to bypass a detector? If I'm doing it, I know the answer is yes, which means that anybody that is curious will need to spend a little bit of time, a little bit of effort and doesn't necessarily need to understand all the math and all the AI-ness of it all. You just need to be persistent. Same thing with video. And so anybody that's creating a packaged deepfake that they are then launching at the world, if they spend enough time and effort, they will be able to bypass most of the systems that are out there, if not all of them. Doing the live video deepfakes, that's where things can start to get a little bit more detectable. And it's because of those multilayered checks that I mentioned before. So keep that in mind. And that, by the way, means that there is hope for your fake identity people that are trying to go through the new hire process or the interviewing process. There's good possibilities there for some deepfake detection. Same thing with maybe systems that are being used for online dating that are facilitating video calls. And any application that really just wanted to add that as a layer within their video call functionality, they should be able to snap that in and give some additional assurance. I don't think it's a binary yes or no. I wouldn't fully trust it, but it's a good data point in those areas. And then in those other ones, like I said, if it's just a video that's packaged, if it's just a voice that's packaged, if it's just an image, then right now, I don't think those tools are where they need to be to be relied upon. This is something, if you've seen me present on this, I've mentioned before, we're at the point right now where everything that I look at and everything that I'm going to show to you today is at this folk grade level. And by folk grade, I mean it is accessible to anybody with an Internet connection and zero to $20 per month. That is the level that if you have that, you have a little bit of curiosity and a little bit of persistence, you can now create deep fakes that are weaponizable at the level of a nation state actor. Now, of course, nation states always have a little bit better, a little bit more robust technology. But right now we have all of us, anybody attending this session has tools that they can use at their fingertips that would have made a nation state salivate a few years ago. That's where we are. So a couple other slides that I generally always hit on. This is one that I think is very indicative of the situation that we're in right now. The real problem of humanity is that we have paleolithic emotions, medieval institutions and godlike technology. And by that, I mean that and of course, Edward Wilson, who's the person that said this in the first place, wrote this in the first place. You know, what they were getting at is that we're jerked around by our emotions, fear, uncertainty, doubt, authority, urgency, all those kinds of things really work as to where we move out of this logical thinking structure that we would hope that we are able to continue at all times. But a good crafty attack can pull us out of our logical reasoning and get us into these knee jerk reactions where we react without thinking, we react without logic, we react without reason, and we just fall into the hands and the intentions of the person that lobbed that attack at us. So we have the paleolithic emotions, we have medieval institutions, and that is getting to the fact that really, the world has a hard time keeping up with the possibilities that are being unleashed by the godlike technology that is at our hands and at the hands of anybody that is staying abreast of what's possible. And so when we talk about godlike technology, especially when it comes to something like the world of AI right now, I mean, how many of you remember the first time that you saw really good AI generated imagery? And you're like, wow, I didn't know a computer could do that. I thought computers were good at math, but not good at creating things. Or a really, really deceptive AI generated video. And you're like, wow, wait, I thought that AI meant that people's hair would be off, their face would be munged up, or, you know, they might have extra fingers, or their voice would sound like it doesn't have any emotion in it. You know, all of that's gone away. However, many people still believe that those kinds of artifacts and those kinds of quote, unquote, tells still exist, but they don't. And so we're in the space where, and I'll go to my regular camera for a second, just to show you this, we're in the space where society adapts We're in the space where society adapts really, really slowly across an almost linear but just slightly curving up curve of adaptability to where things are going. really, really slowly across an almost linear, but just slightly curving up curve of, of adaption, of And at the same time, what we see on the technology side is technology is on this hockey stick curve where it's very, very swiftly elevating, very, very dramatically moving along this curve up. And what we see with that is that a crafty attacker, somebody who is taking advantage of that, can look down at how slow society is adapting and how most people do not know what is possible. They look down and they say, I can take advantage of that because I know I can create this voicemail that will sound just like someone that this person trusts. Or I can create this video that will look and sound just like this person looks and sounds. I can put them in this situation. I can ask somebody to do something. So that is what we're getting at when we make a statement like this. Paleolithic emotions, medieval institutions, and godlike technology. Now, one of the other things that I really, really believe, and if you read the description to this webinar, you heard me mention misdirection and myth direction. And what I'm getting at when I talk about those is the fact that every deep fake is really just a little nugget. It's a puzzle piece. It is an artifact. And that artifact is very, very powerless on its own. It is just a little thing. It's an MP4 file or an MP3 file or a JPEG image or a PNG image or even words on a page. That in itself has very little power. The thing that unlocks and imbues that artifact with power is context. The thing that unlocks all of that is story. It's context, story, worldview. And just to peel back the layer on that a little bit, when we talk about that, we're talking about the fact that an image or a video of somebody asking you to do something really doesn't have any power on its own. But if the person in the video is your boss, your CEO, a political figure, something like that, now all of a sudden the story comes in, the context comes in, and that's where that authority hits or that urgency hits. So everything on its own has re-illuminated power. The power that cyber criminals, mad actors are taking advantage of is the story, the narrative, the context, the worldviews that are being exploited. When we get into things like disinformation and celebrity or political deepfakes, you're getting into us versus them narratives that are very, very powerful and easy to exploit. You talk about a CEO or a CFO fraud, you're getting into authority narratives. There's always something that is being unlocked. And there's always something that is being used by the bad actor to try to work its way into our minds and exploit that and move us out of that critical thinking mode and into the mode where we are very reflexive about what we're doing, we're very automatic. Which is why when it comes to detecting deepfakes, I don't talk about tells a lot. I don't necessarily say, hey, look at the blink rate or look at the hair or look for dropped frames or any of those kinds of things. Because very often when we see a deepfake and we look at one of those things and we go, oh, I can tell because, well, maybe you can, or maybe that person just has a weird blink rate. Maybe that person's IP connection was dropping frames that day because their internet wasn't as stable. So the things that we would want to point to can be explainable and do exist in real life right now. And so they're not as reliable as we'd want them to be. So I go back to what I call the fake framework, which is something based on a book that I wrote a while ago. And that is when we're trying to determine if we're being taken advantage of, when we're trying to determine if we're being targeted by a deepfake attack. Well, then the first thing we need to do is freeze. We want to stop that automatic response. And so for you, for the people that you're working with in your organization or your family, your friends or society, the best piece of advice we can always give is just slow down. So freeze. You get that message, that email, that voice call, that whatever it is, and you start to feel rushed or you start to feel like, oh, man, I need to X, Y, Z, whatever. That is a good thing for us to look at and say, oh, wait, I feel this emotional surge. Therefore, I need to freeze and I need to give myself a second to feel that so I can put a name to it. What am I feeling in this? Am I feeling panic? Am I feeling urgency? Am I feeling hope? Am I feeling fear? What am I feeling in this moment? And then you should analyze the narrative. What story is this trying to tell? What is giving this power? And what emotional triggers might be engineered into it? Why did this land in front of me in the first place? Then you can investigate the claims and sources and so on, and finally know, confirm, and keep vigilant. I go through these last two really fast because for organizations that are using something like KnowBefore, of course, you have a fish alert button. And one of the things that we would hope is that when somebody gets something that feels a little bit off, that they've slowed down, they feel something, they go, wait, something's not quite right with this. We don't necessarily need them to do the investigation and so on. What we're hoping they'll do is they'll report it. So then the investigation and so on goes to the security team. And so that is always a very valid way of doing things. And then also, if we're building that habit and we're building that into emails, so what that would mean is if that video comes through in an email, of course, they could have that. But if they get anything that they feel a little bit uncertain about, you're trying to build a relationship with your people where they will reach out using whatever method they have, even if it's just a phone call or opening up a help desk ticket or something else. So you're building that relationship of trust with your people. All right, so let me get out of slides for a minute. I've been in lecture mode too long, and I want to kind of show us a few things from the headlines. So let me go back. Actually, I'll go over here. So those of us that are based in the U.S., and I'm sure around the world you've been hearing news of this, the U.S. has been involved in some military action and legal action against Venezuela. And we went in and retrieved the president of Venezuela. So I'm not talking about the politics of this or any of the things related to the emotion. But I am saying that this is a world event, and these are the kinds of things that bad actors take advantage of. And so what we immediately see after that is people generating deepfake images of Maduro being pulled into custody. And so over and over and over again, you can just do Maduro deepfake into your Google search bar, and what you'll see is image after image after image that people have created of him being taken off of helicopters or jets or being perp walked. And some of those, the good majority of the ones that you see, have been AI generated because it's people going for clicks or going to create the narrative, trying to drive traffic to their website or drive outrage or name your emotion. It could range from outrage to glee. But the key in all of that is it's a world event. It's in a narrative. There's context around it. And there will be an emotional response. That's what's being driven at with these. So I'd encourage you to take a look because some of the things right now in the images that did show a quote-unquote tell have been called out. Some of those that you can look at is like lighting effects, whether the lines line up with the horizon, the things that affect maybe the faces of the people in the background. Again, though, be careful with some of that because sometimes the bokeh effect of somebody's camera can affect the way somebody's face looks in the background. You know, right now in my camera, I'm in focus. Everything behind me is out of focus. And so add compression artifacts to an image or a video because of that, and you can get some of the things that people would point out and say that's a deepfake face in the background. So be careful with some of that, but there's a ton of deepfakes of Maduro being taken out of helicopters and planes and everything else. So let me move quickly off of that because that is related to some of the political stuff that's always a little bit of a hotbed. Again, I'm not making a statement about any of that. I'm just showing you what's in the news. Here's another one from the news recently. This is October of 2025. And in Ireland, they were having their presidential race, and there was a deepfake that was being circulated of one of the candidates. Her name is Catherine Connolly. She was actually the frontrunner and did ultimately win the election despite the deepfake that was being sent out about her. And I'll pull that up in just a second because it is the single, I think, one of the best examples that I've seen of a deepfake production in the past year or so. So actually, let me pull that up now, and I forgot to prep that. So you're going to see me go through and just kind of grab that. It is going to be this one. Let me pull that in here. All right. So when I talk about one of the best examples of a deepfake that I've seen in a while, you're about to see why. And it is something that comes down to the production of it. The example that you're about to see is what we would call a lip-sync deepfake. So someone went onto YouTube or another video platform, and they harvested preexisting video clips of this newscaster. And then as we go forward into this of the candidate, Catherine Connolly, and then as we move past this of this reporter on the street doing the live on location commentary. And so all of those are at least three different video clips that were sourced for it. And the way that this works is you harvest your video clip, you upload that video clip to a tool, and it will create a deepfake version of the person's voice. And then can also relip-sync the words that you want that person to be saying. You could do this through a single tool or you could use multiple tools. Usually when I do it, I use a tool like 11 Labs to create the voice clone. And then there's a smattering of tools that I use to create the relip-syncs. And when we talk about the feature that KnowBe4 has just added, that is exactly it. We've added a relip-sync deepfake technology. So you can take a video of your CEO or your CFO or another executive or anybody that you want. You can upload that to the platform. You will then be able to pick from a series of scripts. And there's a good reason why we have you pick rather than type your own. And that's we don't want to accidentally allow you to create disinformation or something that could be used against your company in the future. So that happens. It creates the script. And then it gets fed through the system. And then you get a relip-sync of the person saying the thing that is in the new script. So I'm going to show you what that looks like here with the one that was in the wild. Chris, a little bit later, will show you ones that can be easily and automatically generated in our platform. And then what I'm going to do for the rest of our session after this one, I'm going to take you behind the scenes and show you how I create a few of these. So here we go. In the last few minutes at a Catherine Connolly campaign event, Catherine Connolly has confirmed her withdrawal from the presidential race. It is with great regret that I announce the withdrawal of my candidacy and the ending of my campaign. Now that Catherine Connolly has withdrawn from the race, what does this now mean for the upcoming election on Friday? Well, simply put, Friday's election is now cancelled. It will no longer take place as previously planned. As for Heather Humphries, she will become the winner automatically and will be appointed tomorrow. All right, so a couple things to mention there. Apologies, I realized I was cutting off the top of some of that. You know, it starts off really good. That's a really good lip sync. Of course, all that motion that was in the camera that was in the original shot that was harvested. Then it cuts to the Catherine Connolly saying that she's dropping out. If I had to criticize this, put on my critical hat and say what I don't like about the deepfake or the things that could give it away, is that when she drops out, you hear that person go, no, Catherine, here it goes. I regret that I announced the withdrawal of my candidacy and the ending of my campaign. Go Catherine! I mean, to me, that sounds a little bit too close, a little bit too present, a little bit too clear. A voice like that you think would have been further in the background of the production of this. However, we ask ourselves questions, does that debunk the whole thing? No, it doesn't, because what you see in the frame is that there are multiple microphones. We also don't know how close the person was to any of those microphones or if it was a reporter, you know, in the background with a tape recorder that was capturing some of that as well. And the person next to that reporter may have said something. And so there's always plausible reasons that, you know, any of these things that might be tells can be explained away by somebody that is meant to believe it. The other thing that I'll mention is, as we go through this gentleman, when he's giving his on the ground commentary, it sounds like multiple audio clips that were sewn together because there's changes in the environmental sounds behind him as he's going through. So that would be the tell for me. Again, is it possible that that would happen? Maybe, I don't know. He's doing a, you know, a satellite uplink to get his audio and video to the station in real time. There's lots of things that can go wrong with that, especially with noise canceling technology and the microphones and so on. So maybe, but, you know, I would have spent a little bit more time getting that right if I were the bad actor here. But I'll tell you that my favorite thing about this is he wraps up and you hear the environmental noise kind of come in and take, you know, come more to the foreground as his voice comes out. And you hear this little siren effect in the background. And I really love that because I think it sells it. Here it goes. And we'll be appointed tomorrow. That sounded really good to me. It sounds believable as that environment rushes back in. And then, of course, at the very end, they ended with, you know, just a couple of frames as the toss goes back to the in-the-studio reporter that's, you know, that kicked off the whole thing. So it feels narratively, this is the way that we see news reports. So all of that is engineered to be believable in this case. So that's that one. Let me go through and show you just a couple more things from the headlines real quick, and then we'll go through and I'll show you some of the ways that I put these together. So here's another one. This, I think, is a really good, timely example. This is from Dark Trace. And as you can see, this was Tuesday, October 21st that that was first reported. And the CEO from Dark Trace, you know, her voice was cloned and somebody was essentially trying to trick people and her staff into giving away information. So Dark Trace was in a merger or being taken over by Tommy Bravo for 4.4 billion euro or not, sorry, 4.4 billion pounds. And she was in a meeting at the time. And all of a sudden, voicemails start popping up on the voices of her staff. No phone rings, no anything else, but a voicemail with her voice asking them to do something. And the interesting thing is that she was given the chance to listen to those because she comes out of the meeting and apparently in front of her were standing people from her staff, you know, slack jawed, saying, you wouldn't believe what we just got. And she listened to it and she goes, oh, my God, that sounds just like me. So the way this works, and this is a trending attack as well, is that if you remember when I was mentioning live deep fakes, one of the things that can go wrong is that sustained amount of time. Things can break down. People might even ask questions that the attacker might not be able to answer. The attacker might accidentally use a term that they normally wouldn't use. All those little tells can start to leak out in the, you know, real time deep fake situations. But if you can create that deceptive artifact and launch it out into somebody's phone or voicemail or email, well, then you at least know what they're going to get. And you can craft, you can take the time and craft that and make it as deceptive as possible. So that's what happened here. They were able to clone her voice because she is a public figure, her voice is everywhere. They ran that through, excuse me. They ran that through voice cloning software and were able to create the perfect voicemail to be received. And so how do you get that voicemail to somebody without having to potentially accidentally interact with them? Well, there is a system, several different vendors out there that provide what you would call, what is officially called ringless voicemail. And this is used in marketing campaigns all the time. So ringless voicemail, you can upload a voice file, an MP3 file, and then you can just set a list of phone numbers and you can say, I want this MP3 file to land on everybody's phone that I put that number in for. And I mean, the interesting thing from a marketing perspective is that the open rates for these voicemails is much higher than the open rates for cold call emails or just cold call phone calls. And so this is a really popular system that's being used by marketing firms everywhere right now. And of course, bad actors are using that. And so here's the actual definition. It's a marketing communication technology that delivers prerecorded voice messages directly to a recipient's voicemail inbox without ringing their phone. And I think everybody has received these. So you've been on the other end of this. And sometimes your phone may even ring for like half a second, but then you look at it a second later and the voicemail is just there. So that's what happened. It's just a combination of voice cloning technology, creating the right script, uploading that to one of these services, putting in the phone number list of the people that you want to receive it. And then boom, they've got a deep fake on their phone, asking them to do something or believe something. We're gonna see more and more of these because voice deep fakes alone, that single channel is really, really easy to start to fake. Excuse me one more time. The ability to create emotion in a voice has gotten to where it's just as good as a human using a microphone. And you may not believe me, but I'll tell you it's true. I've created several that are studio quality and sound just like the person that's being deep faked. So here's another story. The FBI says that there's ongoing deep fake impersonations of US government officials, and it's dating back to 2023. And so these are usually multi-stage attacks like what I mentioned. So it could be a ringless voicemail. Most often though, it's a text message or an email saying, hey, I need you to jump into this other secure channel. Maybe that's a signal channel or WhatsApp or something like that. And then apparently some of these people are trying to do real time sustained voice deep fake conversations. And it is fairly believable. The technology for that real time conversational deep fake voice is a technology called RVC. From my experience, it is okay. It's more difficult to get a really good real time deep fake voice than you would expect. So the people that are doing this have spent a lot of time training and refining those voice deep fakes. They're also probably not monitoring themselves as they're talking because it gets pretty maddening. There's a time delay that you're having to deal with. And it's like when there's an echo on the line of your phone, you're hearing yourself back every millisecond, half a second or so, really starts to play with your brain. But that is going to be something that continues to happen again and again as well. So let me show you just a couple other deep fakes real quick. And the reason that I have gone to KnowBefore's webpage is I'm going to show you a deep fake that I created with just a single image. And that one is, if I go to Taylor, you'll see this Taylor Swift deep fake. And this is one we did right when she released Life of a Showgirl. And we wanted to do something fun. We're being very explicit. This is a deep fake. We're not trying to trick anybody or anything like that. But I'll show you what that looks like. Here we go. All right, here we go. Hey there, Swifties and cyber warriors. Taylor here. I'm so excited to announce that the wait is over. The special KnowBefore edition album just dropped. Okay, that's enough of that. But let me show you how I created that. Because I mentioned that that was a single image. So how did I get that single image? I went over to Google Gemini. Google Gemini has a feature called Dano Banana. And what that lets you do is, you can do some really interesting image editing or image generation. And so I went into it and I said, I took a really bad picture of myself in my office. And here, I'll make that just a little bit bigger. And I said, replace me in this photo with Taylor Swift. She should be your current age, late 30s with long hair and dressed as she usually does interviews. And this is what came out. So that was that one. Let me show you the one that didn't work as well at first. And that is this one. I was a little bit too generic. I said, replace this photo of me with Taylor Swift. And yeah, that didn't turn out that well. It is a really fun kind of image though, but it had me in my current clothes, her just really not looking like herself, looking like the worst version of Taylor Swift you can imagine. And so then I started to refine it and then ultimately ended up going through several different iterations. And as you can see, I landed on that one as being the best one. But then the tool that I used to create that, so I got that image and went over to a tool called Haygen. Haygen has this tool called Avatar 4 that lets you just upload, lets you upload an image and use that as a reference. And what you can do with that is create this outcome. All right, here we go. Hey there, Swifties and cyber warriors. Yep, so that's it. Single image animated through, in this case, Haygen. However, there's hundreds of other companies that are doing this as well. This is not an advertisement for Haygen. This is not me saying that they're better than everybody else. This is just the tool that I used for that circumstance. And you can see, I tried it a few different times, a few different ways, and then ended up landing on this vertical version that was used there. And I just added a little bit of post-processing. All right, so we talked about image to video. Let's talk about video relipsync again for just a second. And here's one that's fairly recent. This is coming from The Guardian. It says, I'm watching myself on YouTube saying things I would never say. This is the deepfake menace that we must confront. And it's from Yannis Varoufakis. Varoufakis, sorry, I am terrible at non-English last names. But you'll see him in just a second. Apparently right now, if you're on YouTube, and I've seen this through several other creators too, if you're a political or social commentary type person on YouTube, people are now harvesting those YouTube videos and there are making them say things that they would never say, or maybe even just using them to sell products. And so this is going to be a big problem as we're in 2026 as well. And so here is him saying things that he didn't say. What's happening in the Caribbean right now is the most shocking geopolitical collapse I've witnessed in my 30-year career as an economist. America deployed its largest military. Okay, so that is him. What somebody did is they went onto YouTube, they found a good video of him, they harvested that video. Usually using software like this, you just go in, you put your link in, you just go in. you click download, and you'll get the video harvested from YouTube. And then they went to, there's several different systems where you can do those relip syncs. Of course, Know Before has our system that we use to let you do that in a safe way, where you can't create your own script, but then people will go off, people that wanna do bad things will go off, and they'll find systems that'll allow them to do whatever they want to with those videos. So with that, let me show you a couple things that I've done recently. So I'm gonna switch views, and I'm gonna pull up the video editor that I usually use. This is a program called Descript. Nothing special about this, nothing big AI, even though you see some AI stuff, everybody's adding AI things to their stuff. I am only using this for video editing. So this could be any video editor that somebody has access to, like Final Cut Pro, or Adobe Premiere, or CapCut, or iMovie, or whatever. And the types of videos, whenever I do a video relip sync, it is something like this. So I'll show you the project that I worked on. This was for a podcast that I was being interviewed for a couple months ago. And this person here, her name is Shani Delaney. She's ex-CIA, actually ex-DIA. And she was one of the original people that was trying to help track down bin Laden after the, of course, after the Twin Towers attack. And she's being interviewed on the show. And what I wanted to do is, of course, have her say something that she never said, but I wanted to go better than that. I wanted to have both of them say things that they never said. And so here, this is the video that I harvested. So you can get a look at what she looks and sounds like. That a friend of mine had met with, I think he met with him once or twice. And I remember he, my friend was leaving. He was with a different unit, but he was DIA. All right, so that's her voice and her face. And then the person interviewing her looks like this. You know what, there's some stuff I can't say on there. I talk with one guy off air who I had in here spending a lot of time in Afghanistan. Yep, so those are those two. And then what I wanted to figure out is like, well, what could I have Shani say? Well, I want her to say good things about me. So I ended up creating this script. I used 11 Labs V3 for this. And over here, anytime you see a slice, this is another audio take. So the way that I do my deep fakes is I'll generate several different versions of the audio, the same way a voice actor would go in and give four, five, six, seven takes. And then the person editing that together will make whatever splices to make the best version of the thing that they wanted to represent. And so the way that this came together is this. Yeah, yeah. That reminds me, there's this guy I know. His name is Perry Carpenter. Like if you ever have any- So there's that. There's another part that I have of her laughing as well. Oh my God, oh my God. There's this guy I know. So I put those two together to get the final. And then there is Julian. Julian is the host there. And what you can see is that, you see that? That is one little clip. That's another clip. That's another clip. All of these put together to create the thing that I wanted him to say. And hopefully this is safe for me to click on. Let me see. No, I don't think that I, I don't think I sanitized that one yet. So let me show you my final with them. So you'll see what that looks and sounds like when we put everything together. So I have it start off with him and you'll see, this is the production element. He is on screen. And then I've got her actually doing that laugh that was at the beginning of her line. This guy I know. Oh my God, oh my God. So I've got that at the very beginning. She is talking while he is on screen. So she's not on screen at the time. That actually ups the believability quite a bit. I'm adding a decent amount of production here. And then it transitions to her being on screen. At the first time that I thought it would look natural were her motions and the things that she was saying lined up well enough. You're always looking for, when you create these as like an advanced attacker, any motion has to feel motivated, has to feel natural. So if she is pointing at you, it should sound like she's making a point. If she's pointing in a different direction, she should be talking about something that is maybe distasteful or that she wants to push away or refer to another person. So when those things lined up the best way, that's when I put her on screen. And it is those decisions that really up the believability in these. So I'll show you what the final looks like. And I did bleep out a few words because it was that kind of podcast. So I wanted that kind of vernacular in it as well. Yeah. Yeah. Dude, that scam, that was crazy, man. In-fucking-sane. Like, in-sane. That reminds me, there's this guy I know. His name is Perry Carpenter. Yeah, I think I've heard of him. Like if you ever have any question, and I mean any question at all about deception, like he's your guy. Totally, completely legit. Yeah. Okay. That's my story and I'm sticking to it. Very cool, very cool. So all of a sudden that takes something that would just be a really simple lip sync or relip sync and turns it into something that feels much more familiar, right? Because you've got your A person and your B person, there's banter, there's, you actually see as you look at the way that I've done this, a couple of these things, let me, this right here, that's just a breath that I put in so that you could hear her breathing into her microphone, even when she's not on camera. Here's what this sounds like. Crazy man. You hear that? So it's almost like she's reacting, like she might be about to say something, but he continues to talk so she doesn't do it, or maybe she's just stifling a laugh. All of that is what starts to make these things feel more real. And that's kind of like that Katherine Connelly version. So with that, I know that I am about at the end of the time that I can spend with us. One thing that I'll end with as we go through, let me remind us of this. This for me is the one thing that I would say we really have to drill into anyone that we're concerned about living in 2026 and dealing with the deluge of deep fakes that we have coming at us, is we have to teach people how to slow down, get them out of that reactive mode. Ask what, you know, why did the thing that just landed in front of them land in front of them? You know, who was that really from? What's the purpose of that? What's the content of that? What are they hoping that person that receives the content will do or believe? And then, you know, once that analysis is done and that investigation is done, those are the things that allow us to know and confirm and to keep vigilant. So with that, there's a ton of other stuff that we could have gotten into, but maybe we'll save that for another time. And we can talk about things like live deep fakes and other impersonation types and so on. But I wanna make sure that we have time to bring Chris on because we do have some exciting things that we've added to the platform recently. And of course, the thing that we're here to talk about today is the actual ability for admins right now to create deep fakes using our platform in a safe way and in a scalable way and in a way that can be used to educate and inform the user populace that's out there. So thanks so much, Chris. I will go off camera now and hand it over to you. Well, thank you so much, Perry. That was, that was exceptional. That was just so cool to see how, you know, you make the deep fakes, how a bad actor would make the deep fakes, like the level of craft that's put into that. And then the end result, which is like absolutely undetectable from reality. Hello everyone. I'm Chris Littlefield. I am not a deep fake, at least for right now. I am a principal product manager at Nokia 4 and I wanna show you the deep fake feature that we recently released last month. Find the right screen to share here. All right. So I am sharing the Nokia 4 KSAT admin console. So this is the Nokia 4 security awareness training. This is where admins can log in, create simulated phishing tests, enroll users in security awareness training and can see all the results of those actions on their account. And I am going to show you our deep fake feature. The workflow is much simpler than what Perry was showing, which is great. So it's easy for really anyone to create a deep fake and where you can find this is under the main training tab. Here is a deep fake section here. So on this account, you'll see that there are three deep fakes created. So these are previously, these are ones that have already previously been created. I'll show you an example of one of these final, of one of these finished product deep fakes first. So we'll look at the personal connection and we'll hear from Victoria, who's one of our product managers and she is praising. Hi there. I wanted to personally thank you for your remarkable dedication during these particularly challenging times. Your manager mentioned your truly exceptional work and I'd like to discuss a very special opportunity with you. Can you give me a call at this number when you have a private moment today? This is a deep fake. It felt personal and flattering, didn't it? That's intentional. Deep fake attacks often exploit our desire for recognition and personal connection with leadership. Cyber criminals use deep fakes to maliciously trick you or to spread false information. Key detection points include generic compliments without specifics and requests for private communication outside normal channels. Always verify through separate and approved channels. All right. So that is one example of a generated deep fake. And if you're paying attention there, you can see some little tells around the mouth and the teeth. So those are some little tells that you could train your users on spotting. And now I'm gonna show the workflow for how an admin can create a deep fake. So only thing we need is an uploaded video of the person that you want to deep fake. To start the process, click on this button and we can give this a name. So I'm gonna call this deep fake number four. For languages. So we currently support four different languages, English US, English Great Britain, European Spanish, and Latin American Spanish. We are currently working on adding about three or four other languages and we will be rolling out more languages as our team grows. And we will also be rolling out more videos as our models support that. So I'll take an English US for this one. And then the next step is to upload a video. So these are some tips for the video. You need at least one minute, anything up to two minutes is fine. We have a script here that the person who's gonna be the source of your deep fake can read. It's not really important that we read the specific script. It's just important that we get a good video of them looking at the camera and talking with no instructions on their face and clear audio throughout. So you can upload a MP4 or MOV file. And before going to the next step, we do have a little bit of legalese. So we do want to ensure that you've got permission from the person that you are going to deep fake. Accept this and continue. And then here's where you can choose from different scenarios. So we have five different pre-made scenarios. Personal connection that I showed at the beginning of the call was one of them. And you can view a transcript here to see what the script of the deep fake is going to be. You can also click a preview if you want to kind of see an example of that deep fake. And this one, I won't play the whole one. Congratulate our entire team on... This is a deep fake. If this felt too good to be true, you're in... So you can kind of pick which scenario that you want to use. I am going to pick the urgent request reveal for this example, and then go through and generate the audio. So we've broken up our deep fake generation process into two steps. First step is generating the audio, and we are using 11 laps for that. You'll get an example... example of what the voice looks like, and you can listen to it to make sure that sounds good before going to the next step, which is generating the video. And we are using that relipsync process that Perry mentioned, which makes the person's lips move and sync with the clone voice. And that audio generation step takes about 3 minutes. The final deepfake video generation takes about 20 to 30 minutes, and you certainly don't have to stay on this page after clicking on the button. You can move on to other things and do other work, and we will pop up a toast message when we are finished with that. So, now you have a deepfake video, and this is meant to be someone that is well-known in your organization. So, whether it's a CEO or another key leader, someone that most of your users are going to know and recognize, and to show them an easy it is to generate a deepfake, and something that the bad actors can easily do, and can certainly do if they're spending time crafting them, can make extremely believable ones that are going to fool most people. I want to talk a little bit about why we created this feature. So, from what Perry mentioned, this is an emerging attack vector. I've got some stats from 2024 that I suppose are a bit outdated by now, but 49% of businesses worldwide experience an audio or deepfake video fraud in 2024. That was from a global survey by Regula, and then some other data is 53% of finance professionals experience an attempted deepfake scam in 2024. I'm sure the 2025 studies will be coming soon, and I'm quite sure those numbers are only going to increase. So, what we wanted to do is make an easy way for customers to create their own videos. Of course, they could go through the steps that Perry mentioned. It does take a little bit more knowledge, and a little bit more time, but certainly is doable. This feature that we've added is a really easy way for anyone to make deepfakes with key members from their organization, and send them out to users to train them, help inoculate them against this attack vector. Applying that fake framework that Perry mentioned is perfect, that's really what we want users to do is, if they ever get anything like this, to question it. To reach out to that person in another vector. Well, I shouldn't use the word vector. Reach out to that person with another communication channel. Send them a Teams message and say, hey, did you just leave me this voicemail? Did you just send me this video clip? To confirm, because it is already, technology is quite good. It's only going to get better and more difficult to tell reality versus deepfake. I think that is everything that I wanted to show you today. Thank you all for your time. Thank you again, Perry, for that excellent deep dive onto deepfakes. You guys have a great day. Thanks, everyone.
