Synthetic media has moved from technical curiosity to mainstream threat in just a few years, with deepfakes now cheap enough to produce that a free app and a handful of seconds of scraped audio can generate convincing fakes. The consequences stretch well beyond political misinformation: corporate fraud running into tens of millions of dollars, biometric security checks being bypassed, and a largely under-reported epidemic of non-consensual intimate imagery. As regulation in the EU, UK and US begins to catch up with the scale of the problem, the question facing businesses and platforms alike is no longer whether synthetic media is a risk, but how quickly they can build the means to verify what they see and hear.
We sat down with Ruth Azar-Knupffer, Co-founder of VerifyLabs.AI, to unpack the detection arms race, the regulatory landscape now taking shape, and why she believes treating verification as infrastructure rather than a single party’s responsibility is the only way organisations will stay ahead of the threat.
How widespread is synthetic media on social platforms today, and how has that changed in the last two or three years?
“It has gone from curiosity to a feature of the landscape. The most widely cited figures put roughly 500,000 deepfakes shared across social platforms in 2023, with estimates of around 8 million by the end of 2025 — close to 900% growth a year. Voice is the part most people underestimate: Pindrop recorded voice deepfakes rising nearly 700% year-on-year in 2024.
The change over two or three years is not really about volume, though. It is about access and quality. Three years ago a convincing fake took skill, time and a decent machine. Today it takes a free app and a few seconds of someone’s voice scraped off a podcast or an earnings call. And the output now clears the bar where ordinary viewers can no longer tell. Studies consistently find that most people can no longer reliably distinguish a high-quality fake video from a real one. We have crossed from ‘spot the fake’ into ‘assume nothing.’”
As deepfake generation gets more sophisticated, how do verification technologies keep pace? Is it a winnable race?
“It is winnable, but not in the way people want it to be. There is no finish line where deepfakes are ‘solved.’ It is an arms race in the same sense that anti-virus or spam filtering is — you win by staying operationally ahead, not by ending the contest.
The mistake is to chase artefacts alone — the tell-tale blink, the warped ear, the audio glitch. Those tells close fast with every new model. The more durable approach is layered: detection models that look at signals humans cannot, combined with provenance — knowing where a piece of content came from and whether it has been altered since capture. Standards like C2PA and the content-labelling rules now coming through regulation push verification upstream, to the point of creation. Detection at the point of consumption will always matter, but if the only defence is catching fakes after they spread, you are permanently a step behind”.
Beyond political misinformation, what are the most damaging real-world consequences that people might not be thinking about?
“Politics get the headlines; the money and the harm are elsewhere.
The corporate one is fraud. The Arup case — a finance employee in Hong Kong wired roughly $25.6 million after a video call in which every “colleague,” including the CFO, was synthetic — is the example everyone cites, and it will not hold the record for long. Deloitte projects generative-AI-enabled fraud in the US alone rising from around $12 billion in 2023 to $40 billion by 2027.
Then there is an identity. Deepfakes are now used to defeat the biometric checks banks rely on; bypass attempts on liveness detection have jumped more than 700%.
But the consequence people think about least is the most personal. A vast and under-reported category of malicious deepfakes is non-consensual intimate imagery, which overwhelmingly targets women and girls. The recent investigations into “nudify” tools are a glimpse of the scale. That is the human cost that rarely makes cybersecurity panel”.
Where does the burden of detection fall — platforms, users, or third-party verifiers? Who should own this problem?
“No single party can own it, and pretending otherwise is how it falls through the cracks.
Platforms have to carry detection and provenance at scale, because that is where content travels and they are the only ones with the reach. Independent verifiers — and yes, that includes us — exist because nobody should be asked to mark their own homework; you need assessment that is auditable and not conflicted by who owns the content. And users need tools simple enough to actually use, plus the basic literacy to know the question is worth asking.
Think of it as infrastructure rather than ownership. Nobody ‘owns’ road safety — you have manufacturers, regulators, and drivers, each responsible for a layer. Verification is the same. The failure mode is everyone assuming someone else has it covered”.
Even without a specific viral incident, does the existence of the technology erode trust in authentic content?
“Yes, and this is the part that worries me most. You do not need a single famous fake to do the damage. Once people know convincing fakes are possible, the ground shifts under everything.
The sharper danger is the inverse of what most people picture. It is not only that false things get believed — it is that true things get dismissed. Real footage of genuine wrongdoing can now be waved away with ‘that’s a deepfake.’ Researchers call it the liar’s dividend, and it is corrosive precisely because it requires no technical skill at all. The World Economic Forum has ranked AI-amplified misinformation among the top global risks for good reason: when audio and video stop being trusted by default, a shared basis for facts starts to dissolve”.
In a breaking-news environment where content spreads in minutes, how do you balance verification speed with the accuracy to make a call with confidence?
“You stop pretending the answer is binary. The honest output of any serious system is a probability with evidence attached, not a stamp that says ‘fake’ or ‘real.’
In a fast-moving story we work in tiers. An initial automated assessment can return in seconds and is enough to flag something as warranting caution. A higher-confidence judgement — the kind you would attach your name to — takes longer and may involve human review. The skill is being explicit about which one you are giving and never letting speed inflate certainty.
The cost of getting it wrong runs both ways. Miss a fake and it spreads; wrongly brand something authentic as synthetic and you have manufactured a different harm. In breaking news the responsible move is often a clearly labelled provisional read, openly updated, rather than a confident verdict you cannot yet support”.
Is verification a tool for journalists and enterprises, or does it need to reach everyday users to move the needle?
“Both, but the needle only really moves at consumer scale. Newsrooms and enterprises are the early, high-stakes adopters, and they should be. They are not where the volume of harm sits.
Most people encounter synthetic media on a phone, in a feed, in a message from a relative — not in a verification suite. If checking authenticity is harder than sharing, sharing wins every time. That is why we built VerifyLabs to be API-first and to work across iOS, Android and the browser: the verification has to live where people already are, not in a specialist tool they will never open. A capability locked inside enterprise contracts protects institutions while leaving the public exposed. Closing that gap is the actual job”.
What does the regulatory landscape look like, and are laws keeping up?
“It is moving faster than people assume, though unevenly.
The EU is setting the pace. Under the AI Act, Article 50 requires AI-generated or substantially manipulated content to be clearly disclosed and machine-detectable, with the relevant obligations landing in August 2026. Breaching those transparency duties carries fines of up to €15 million or 3% of global turnover; the headline €35 million or 7% figure people quote applies to the Act’s prohibited practices, not to synthetic-media labelling. A Code of Practice on transparency — including a proposed common ‘AI’ label for synthetic content — is being finalised alongside it.
The UK has gone further than disclosure. Sharing non-consensual intimate deepfakes was already criminal under the Online Safety Act; since February 2026 it has also been a criminal offence to create one, or to ask someone else to, under the Data (Use and Access) Act 2025. Creation, not just distribution, now carries liability. In the US there is no single federal framework, but the Take It Down Act mandates 48-hour removal of non-consensual intimate imagery, the Defiance Act — which would give victims a federal civil right of action — has passed the Senate and is awaiting the House, and more than 45 states have their own laws.
Are laws keeping up? On disclosure and on naming harms, increasingly yes. On enforcement, no. A duty to label synthetic content means little if neither the regulator nor the platform has a reliable way to tell what is synthetic in the first place. Rules without the means to detect and prove manipulation are obligations on paper. The legislation needs detection infrastructure underneath it, or it has no teeth”.
What happens when legitimate content gets flagged as synthetic, and how do you think about the reputational risk of a false accusation?
“This is the hardest problem in the field, and the one I judge our own seriousness by.
A false positive and a false negative are not symmetric in their consequences. Miss a fake and you have failed to catch something; wrongly brand a real video as fabricated and you have actively defamed someone and handed every genuine bad actor a ready-made excuse. The second error can be more damaging than the first.
So the discipline is to never issue a bare ‘fake’ verdict. We return a confidence assessment with the evidence behind it, set conservative thresholds, route uncertain cases to human review, and treat the right to challenge a result as part of the product, not an afterthought. Verification that cannot show its working, or that hides behind a binary label, does not deserve to be trusted — and we do not want it to be”.
What does the threat landscape look like in five years, and what should organisations be preparing for now that most aren’t?
“Three things are coming. Real-time, interactive deepfakes good enough to hold a live video call — the Arup attack, but on demand and at scale. Fully synthetic identities engineered to pass the KYC and biometric checks that gate finance and onboarding. And provenance becoming default infrastructure, with content signed at the point of capture, much as HTTPS quietly became standard for the web.
What most organisations are not doing yet is treating this as an operational risk rather than an awareness topic. Concretely: build verification and provenance into the workflows that matter; mandate out-of-band confirmation for payments and sensitive instructions, so no transfer is ever authorised on the strength of a voice or a face alone; and run drills, not slideshows — a face your employee recognises asking for money behaves nothing like an awareness module.
The uncomfortable truth is that business has always run on a simple assumption: if I can see and hear someone, I know it is them. Payments, approvals, instructions, decades of compliance — all of it rests on that. Synthetic media breaks the assumption, and not at some distant point on the horizon but in the incident reports being filed right now. The organisations that come through this are the ones that stop treating their own eyes and ears as proof, and build the means to verify in their place”.




