Deepfakes are synthetic media created or manipulated using artificial intelligence and deep learning algorithms. The term combines “deep learning” (a subset of machine learning) and “fake” to describe video, image or audio content that has been altered or synthesised to make someone appear to say or do something they didn’t.
Unlike traditional photo or video editing which requires significant manual skill, deepfakes use AI to automate the synthesis process making convincing forgeries increasingly accessible.
Modern deepfake technology can swap faces in videos, clone voices with remarkable accuracy, generate entirely fictional footage of real people or manipulate existing content to change words, expressions or actions.
The key difference is that deepfakes use generative machine learning models to create realistic synthetic content rather than simply cutting and pasting elements together. This makes them far more convincing than earlier forms of digital deception.
Deepfake vs shallowfake
It’s worth distinguishing deepfakes from “shallowfakes” – a term used for simpler forms of media manipulation. Shallowfakes rely on basic editing techniques like speeding up or slowing down footage, selectively editing clips out of context or using simple audio alterations.
Whilst shallowfakes can be effective for spreading misinformation, they lack the sophisticated generative capabilities that make deepfakes so convincing and hard to detect. Understanding this difference helps security teams calibrate their response accordingly.
How are deepfakes made? (how deepfakes work)
Understanding the technical foundations of deepfake creation helps security professionals identify potential vulnerabilities and detection opportunities. We won’t provide step by step creation instructions, but grasping the conceptual workflow is essential for building defences.
-
GANs (Generative Adversarial Networks)
Historically, the technology behind most deepfakes is Generative Adversarial Networks, or GANs. This involves two neural networks working against each other: a “generator” that creates fake content and a “discriminator” that tries to identify whether content is real or fake.
The generator starts by producing poor quality synthetic media which the discriminator can easily identify as fake. The generator then adjusts its approach based on this feedback.
Over thousands or millions of iterations, the generator improves until it produces synthetic content the discriminator can no longer reliably distinguish from real content. This adversarial loop produces increasingly realistic results making modern deepfakes very convincing.
-
Diffusion models
More recently diffusion models have emerged as a popular alternative to GANs. These models work by adding noise to training data then learning to reverse the process – removing noise step by step to generate clear, realistic content.
Diffusion models are great at “inpainting” (filling in missing parts of images or videos) and have contributed to the rapid improvement in deepfake quality over the past few years.
Both have their strengths: GANs often produce sharper results for face swapping whilst diffusion models offer more control and consistency for certain applications.
-
Common Production Workflow
At a high level, creating a deepfake involves:
- Data collection: Gathering training material – videos, images or audio recordings of the target person from various angles, lighting conditions and expressions
- Model training: Feeding this data into a GAN or diffusion model to learn the target’s facial features, voice characteristics and mannerisms
- Face or voice alignment: Mapping the target’s features onto source footage or generating synthetic content
- Post-processing: Refining the output to smooth transitions, correct lighting inconsistencies and enhance realism
The barrier to entry has lowered significantly. What once required significant technical expertise and computing power can now be done with consumer-grade hardware and user-friendly applications, making deepfake creation accessible to a much wider audience.
Why deepfakes are a problem (threats & risks)
Deepfakes pose multiple threats that go far beyond simple pranks or entertainment. For organisations and security professionals, the risks fall into several critical categories:
Reputation harm and character assassination: Deepfakes can show executives, politicians or public figures making offensive statements, engaging in inappropriate behaviour or expressing views they don’t hold. The damage often occurs before verification can catch up with the spread of false content.
Corporate fraud and social engineering: Voice and video deepfakes enable sophisticated impersonation attacks. Criminals have used CEO voice deepfakes to authorise fraudulent wire transfers, with some attacks resulting in losses over £20,000,000. Payment change requests, contract manipulations and executive impersonation are growing vectors for financial fraud.
Political manipulation and disinformation: Deepfakes can be used to influence elections, spread propaganda or destabilise democratic processes. Even crude deepfakes can work if they confirm existing biases or reach audiences during critical decision windows.
Identity theft and authentication attacks: As organisations implement biometric security measures, deepfakes pose challenges for KYC (Know Your Customer) processes, video verification systems and voice authentication protocols. Sophisticated deepfakes can potentially bypass these security controls.
The “liar’s dividend” problem: Perhaps most insidiously the existence of deepfakes creates plausible deniability. Individuals caught in genuine misconduct can claim authentic footage is a deepfake, undermining trust in legitimate evidence. This erosion of trust may be deepfakes’ most lasting damage.
As cyber threats evolve, deepfakes are becoming a very real new threat to monitor.
