AI Deepfakes: Can You Trust Your Own Eyes?

What happens when a leading digital forensics expert admits he has stopped trusting his own eyes? Hany Farid built his career teaching machines and people how to tell real from fake. Over the past six months, he told The New York Times, he stopped trusting his own eyes. If the person who wrote the book on spotting fakes is failing his own tests, it means you should question yours.

Let’s back up. What is a deepfake?

A deepfake is artificial media built with deep learning and generative AI: a video, image, or voice made to look and sound real, showing a person saying or doing something they never did. Think of image editing pushed to its logical end, a photo or a video morphed into something entirely different. The same math that generates a convincing AI image is the math that fools your eye into calling it real. Train a model on enough faces and voices and it learns the patterns well enough to rebuild them from scratch.

That capability now ships in consumer apps. Meta’s new Muse Image model lets anyone generate an image in their own likeness, which is to say, a deepfake of themselves. And reports indicate users were opted into the tool by default. Deepfakes now span images, audio, video, text, and live manipulation of a call in real time. Fraudsters using software like Haotian AI can swap a face mid-call on Zoom, Teams, or WhatsApp without the illusion ever breaking. The old tells, the unnatural blink, the waxy skin, the jerky motion, are exactly the artifacts today’s models are engineered to erase. People are hunting for flaws that no longer exist.

From novelty to industry

Deepfakes are not all malicious, and pretending otherwise misses the point. The same tools reconstruct historical events for a classroom, restore a damaged film, or age a missing child’s photo forward twenty years so someone might recognize them today. Education, entertainment, and law enforcement all have legitimate uses for synthetic media.

But a tool that serves good uses serves bad ones just as well, and 2026 is the year the bad uses industrialized. Roughly 8 million deepfakes now circulate online, up from about 500,000 in 2023, a 16x jump in two years. They account for 6.5% of all fraud attempts globally, up from 0.1% in 2022. And the overwhelming majority of what’s out there is dismissive: an estimated 96 to 98% of deepfake videos are non-consensual explicit imagery, and 99 to 100% of the victims are women.

The financial damage is no longer theoretical. U.S. deepfake fraud losses reached $1.1 billion in 2025, roughly triple the year before. A single deepfaked video call cost the engineering firm Arup $25.6 million across fifteen transfers, after a finance employee joined a meeting where every colleague on screen was AI-generated. The barrier to pulling this off keeps collapsing: three seconds of audio is enough to clone a voice at 85% accuracy, and a convincing sixty-second deepfake video takes under twenty-five minutes to make with free tools.

The problem isn’t just the fakes. It’s that we can’t catch them.

Here’s the uncomfortable math. Only 0.1% of people reliably identify deepfakes across a battery of real and fake media. In one test, 70% of respondents looked at an AI-generated video and called it real. Half of them, going in, described themselves as confident they could tell the difference. That confidence had almost no bearing on how they actually scored.

The machines built to save us don’t fully close the gap. The best detection tools hit 96% accuracy in the lab, then lose 45 to 50% of that accuracy in the wild, where content has been compressed, re-encoded, and streamed until the subtle signals detectors rely on are gone. Detection is playing catch-up with generation, and generation is winning. About 80% of organizations have no policy or response plan for a deepfake attack, even as executive impersonation fraud targets roughly 400 companies a day.

Then there’s the second-order damage. Once everyone knows video can be faked, the fake becomes an alibi. A politician caught on tape, a bank statement, a confession, all of it can be waved away as synthetic. Researchers call it the “liar’s dividend,” and it corrodes trust in genuine evidence just as fast as the fakes corrode trust in fabricated evidence. Put it all together and Deloitte projects GenAI-enabled fraud in the U.S. compounding at 32% a year toward $40 billion by 2027.

Regulators are moving, unevenly

The law is scrambling to keep up, and it shows. In the U.S., 169 deepfake-related laws have passed across 47 states since 2022, a patchwork with real gaps between one jurisdiction and the next. The EU has a deadline: its AI Act mandates that AI-generated content carry machine-readable labels starting August 2026, with penalties reaching 7% of global turnover. That’s a firm move, but a label is only as good as the tooling that reads it, and the enforcement machinery is still being built.

What actually helps

Farid’s own advice is blunt: stop relying on your eyes. For anything touching your money or your identity, verify through a trusted, independent channel rather than trusting what’s on the screen. Inside organizations, that translates to process, not vigilance. A callback to a known number, a code word agreed offline, a second human approver on any large transfer. None of these depend on catching the fake. They make the fake irrelevant. The Arup loss wasn’t a failure to spot a deepfake. It was a missing verification step.

On the technology side, provenance is where the durable answer sits. Google’s DeepMind has been embedding SynthID, an invisible watermark, across its consumer AI products, from images and audio to text. It survives compression and cropping, stays imperceptible to a person, and can be checked after the fact. Watermarking at the point of creation is a different bet than detection after the fact, and a better one: it proves what’s real instead of guessing at what’s fake.

That distinction is the whole game, and it’s the one we work on. Detection is a race the defenders are losing on the merits, because it’s always reacting to the last model. Provenance flips the burden. Rather than proving a piece of media is fake, you prove authentic media is authentic, at the source, before it ever enters the wild.

We research this ground continuously, and we’re honest about how messy it is. Detection tools aimed at text have flagged human-written work as AI and shown measurable bias against certain writers. Tools built to protect people can quietly harm them when nobody checks. So we test the tools, and then we test the research behind the tools, on our own work before anyone else’s.

The takeaway is simple, even if the technology isn’t. You can’t verify with your eyes anymore, and neither can the person who taught the rest of us how. What replaces sight is provenance and process: proof of where something came from, and a habit of confirming through a channel a forgery can’t reach. Digital trust isn’t optional, and it isn’t automatic. It’s built.


References: Why is it getting harder to spot a deepfake, EnterpriseAM (Hany Farid / The New York Times; Veriff Deepfakes Report 2026); Deepfake Statistics 2026, StationX; 150+ Deepfake Statistics, Bright Defense; Deepfake Statistics 2025, DeepStrike; Generative AI and the rise of deepfake banking fraud, Deloitte Center for Financial Services; Code of Practice on AI-generated content, European Commission; SynthID, Google DeepMind; Introducing Muse Image, Meta; How to opt out of Instagram Muse Image, The Independent; AI text detection bias, Pindrop; Haotian AI, 404 Media.