AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Regulatory ComplianceGenerative AI
278 viewscircle icon2 Upvotescircle icon2 Comments
Sort by:
Information Security Manager in Banking12 hours ago

Simple answer would be, Yes, we can scale detection fast — but only if there’s upfront regulatory pressure to drive urgency and investment. Without that, adoption will lag. Because we as a CISO should push for this innovation and policy alignment to keep up with the deepfake threat

Sr. Database Administrator in Insurance (except health)a day ago

Thank you for bringing up such a timely and critical question

Can detection scale fast enough?
Not easily. Deepfake technology is evolving rapidly, and detection tools often lag behind. While AI-based detection is improving, it requires constant updates, sizable resources, and still struggles with accuracy. Smaller organizations especially may find it hard to keep up.

Is regulation the answer?
Regulation can help drive adoption of detection practices by setting standards and encouraging transparency (e.g., requiring disclosure of synthetic content). However, regulation alone isn’t enough—it must be paired with continuous investment in security technology.

What’s the way forward?
A hybrid approach. We need scalable detection tools supported by strong collaboration and real-time intelligence sharing, alongside clear regulatory frameworks that ensure accountability.
In short, detection and regulation must develop together to effectively combat the growing deepfake threat.

Content you might like

Non-human identities (NHIs), such as API keys, service accounts, and tokens, outnumber humans by 25 to 50 times and often go ungoverned. From Entro’s 2025 report:
• 90% have excessive permissions
• 44% are exposed in the wild
• 91% of stale secrets are never revoked

What helped us: inventory, assign owners, right-size access, monitor behavior, and test continuously.

How mature is your NHI program? Biggest barrier, tooling, ownership, or adoption?

What is the general community sense of TikTok out there these days? 

We opted to block it from our corporate devices and networks prior to the official US Government ban both from an infosec perspective, and also to avoid the politics of its use. Our marketing department has pushed several times to have some controlled access because they believe it can be used as a recruiting tool. So far they have not challenged this with any credible data to back that belief up, but we will be re-engaging with them on this topic again soon and expect more pressure. 

I'm curious what the general perception is out in the community? Have you encountered any credible information security threats or has this "threat" been revealed to be a political paper one? I'm not seeking recommendations for what we should do, more to gauge what others are doing and how you're basing your decision.

Ukraine’s CERT-UA recently exposed LAMEHUG malware that uses Large Language Models to generate attack commands in real-time via legitimate AI services (Hugging Face API). What is your organization’s current readiness level for AI-powered cyber threats?

A) Fully Prepared - We have AI-specific threat detection, monitoring of AI API usage, and updated incident response procedures for AI-assisted attacks

B) Partially Prepared - We’re monitoring some AI services and have basic awareness, but lack comprehensive AI threat modeling and detection capabilities100%

C) Early Assessment - We’ve identified the risk and are evaluating AI security frameworks (MITRE ATLAS, CSA MAESTRO, OWASP AI guides) but haven’t implemented controls yet

D) Unprepared - We haven’t specifically addressed AI-powered threats in our security strategy or implemented AI-focused monitoring

View Results

How long on average does it take your new hires to achieve full productivity?

1-4 weeks10%

5-8 weeks41%

9-12 weeks34%

13-16 weeks8%

17-20 weeks

More than 20 weeks5%

View Results