🔍AI RiskAtlas
← Risk taxonomy

Synthetic-Media Impersonation (Deepfakes & Voice Clones)

highModel behaviour
Also known as: deepfake, voice cloning, face swap, likeness fraud

Definition

AI can copy a real person's face or voice from a single photo or a few seconds of audio, then make them appear to say or do things they never did — powering scams (a 'boss' calling to authorize a transfer), fake videos of public figures, and non-consensual imagery.

Where it attaches

The system components this risk arises at.

🆔 Face / Identity Embedding🎭 Face-Swap Generator🎞️ Temporal / Motion Module🗣️ Speaker / Voice-Clone Embedding🔊 Acoustic / TTS Model🎛️ Conditioning Adapter (ControlNet / IP-Adapter)🧠 LLM💬 Chat / App Interface🔬 Synthetic-Media / Deepfake Detector

Detection signals

  • A high-stakes request (payment, access) backed only by a familiar face/voice
  • Media of a real person with provenance/watermark absent or stripped
  • A voice/face reconstructed from minimal public reference material
  • Liveness/biometric checks passed by a real-time swap or clone

Controls & guardrails that address this

11

Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.

Control category
Preventive · 7
Ethical design assessment in onboarding

Conduct ethical design review at intake specifically examining interface design for dark patterns.

Lifecycle stage1 – Use Case Context & Design
Prohibited dark pattern taxonomy as design constraint

Publish a prohibited dark pattern taxonomy and embed it as a design constraint before build.

Lifecycle stage1 – Use Case Context & Design
Content Moderation

Implement classifiers to detect dark pattern language in outputs. Block or escalate flagged outputs.

Lifecycle stage3 – Onboarding, Build & Review
Use of pre-trained models

Select a foundation model with documented training reducing deceptive or manipulative outputs. Run dark pattern test suite.

Lifecycle stage3 – Onboarding, Build & Review
Human review for high-persuasion contexts

Require HITL review for AI outputs in high-persuasion contexts (financial recommendations, healthcare advice).

Lifecycle stage5 – Usage, Monitoring & Change
Consent & identity-use verificationinteractive

Before a system will copy someone's face or voice, check that the person actually agreed — verified-voice capture, proof of consent, or restricting cloning to the account owner.

Human-in-the-loop approval on high-risk actionsinteractive

Pausing to ask a person before doing anything big or hard to undo — sending money, deleting data, emailing customers.

Detective · 3
Test prioritisation

Run adversarial test scenarios targeting dark pattern generation in validation. Treat any confirmed instance as a blocking defect.

Lifecycle stages3 – Onboarding, Build & Review5 – Usage, Monitoring & Change
Content provenance & watermarkinginteractive

Tag AI-made content with a signed 'where it came from' label and an invisible watermark, and check those signals downstream — so AI media can be traced and flagged.

Open these in the Control Library →

Framework mappings

OWASP LLM Top 10
MITRE ATLAS
NIST AI RMF
  • MEASURE 2.11
  • GOVERN 1.1

Real-world cases

9

Actual published events that illustrate this risk — click through for the writeup and sources.

Arup HK$200M deepfake video-call CFO fraud2024

A finance employee at engineering firm Arup's Hong Kong office paid out about HK$200M (~US$25.6M) in 15 transfers after a video conference in which the CFO and other 'colleagues' were all AI-generated deepfakes of real staff (face and voice).

Hong Kong real-time face-swap romance/investment scam ring2024

Hong Kong police arrested 27 people running a syndicate that used real-time deepfake face-swaps in video calls to pose as attractive partners, defrauding men across Asia of about US$46M.

Deepfake Elon Musk crypto/investment scam videos2024

AI deepfakes of Elon Musk endorsing crypto 'giveaways' and investment platforms proliferated across YouTube, Facebook and TikTok through 2024, with documented victim losses and industry estimates of large-scale AI-fraud growth.

Deepfaked TV doctors promoting health-product scams (BMJ)2024

A BMJ feature documented deepfake videos of trusted UK TV doctors — including Hilary Jones, Rangan Chatterjee and the late Michael Mosley — being used to sell bogus cures and supplements on social media.

UK energy firm CEO-voice fraud (~EUR220,000)2019

Fraudsters reportedly used AI voice-cloning software to mimic a German parent-company CEO's voice and direct a UK subsidiary chief to wire about EUR220,000 to a fraudulent supplier — widely cited as the first widely-reported AI voice-clone CEO fraud.

Voice-clone bank heist (~US$35M, surfaced via US court filing)2020

A bank manager reportedly authorised about US$35M in transfers after a call from a company director whose voice had been cloned with 'deep voice' technology, backed by spoofed emails — one of the earliest large-scale voice-clone bank frauds, surfaced via a US court filing.

FTC consumer warnings on AI voice-clone 'family emergency' scams2023

US FTC consumer alerts warned that scammers are using AI voice cloning to power 'family emergency' / grandparent scams — a fake distressed relative demanding urgent money — and the agency launched a Voice Cloning Challenge to spur detection and prevention.

ChatGPhish — ChatGPT web-summary rendering turned into a phishing surface2026

Attacker-controlled Markdown hidden in a public web page is reportedly rendered by ChatGPT's summarization feature as trusted assistant output — spoofed OpenAI alerts, phishing links, QR codes, and tracking pixels.

UNSW 'Capture the Narrative' AI-bot election-manipulation wargame2026

A UNSW-run 'world-first' social-media wargame had 108 student teams build AI bots to sway a fictional election; reportedly the bots generated over 60% of content (>7M posts) and produced a 1.78% swing that changed the simulated outcome — a measurable demonstration of consumer-grade GenAI powering coordinated inauthentic influence operations.

Browse all real-world cases →

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning — not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading →·Built by Shi Yuan ↗