Deepfake or Synthetic Identity Use in Hiring

The subject leverages synthetic identity elements, AI-generated visuals, deepfake video, or falsified credentials to obtain employment or contractor status under a false identity. This tactic is commonly used to gain insider access to an organization while avoiding standard background checks, attribution mechanisms, or compliance controls.

Common methods include:

• Using AI-generated (GAN-based) profile photos that cannot be reverse-image searched.
• Employing real-time deepfake tools during video interviews to alter facial appearance or impersonate another individual.
• Substituting a more technically skilled individual to complete a remote hiring assessment or interview under a fabricated identity.
• Presenting credentials or documentation (e.g., CVs, diplomas, certifications) created using forgery tools or generative AI.

This tactic is particularly dangerous when used to embed individuals in sensitive roles such as DevOps, system administration, SOC analyst, or software engineering, where access to production systems and intellectual property is granted shortly after onboarding.

Example Scenarios:

• A subject uses a synthetic LinkedIn profile with AI-generated imagery and falsified work history to apply for a remote DevOps role. During the live video interview, they use a deepfake overlay to match their fabricated profile photo.
• A technically skilled individual conducts a coding interview using a deepfake of another person, allowing a less qualified "puppet" to be hired under false credentials. The qualified subject later assists or directs actions remotely.
• A malicious actor obtains employment under an assumed identity to infiltrate a target organization on behalf of a third party, using synthetic documents and deepfake liveness checks to pass onboarding.