惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception
Bree Fowler · 2026-05-28 · via Human Risk Management Blog

In just a couple years, deepfakes have gone from cartoonishly silly and largely academic exercises to sophisticated audio and video creations with the potential to trick just about anyone into believing they’re the real thing.

On top of that, the technology has gone from being exclusive to nation-states and organized crime to something accessible and easy to use for even the lowest-level cybercriminal with the most basic of technical abilities.

Perry Carpenter, KnowBe4’s Chief Deception Strategist, is an expert in the deepfakes and how they fit into the broader worlds of social engineering and disinformation. He demoed real-life deepfakes, as well as a few he created himself, at KnowBe4’s annual KB4-CON conference last week in Orlando, Florida.

In between talks, he took time out to chat about where the deepfake threat stands now and the dangers it might pose in the future. The responses below have been edited for length and clarity.

Q: How did you first get interested in deceptions and ultimately deepfakes?

Carpenter: I started as a computer programmer and moved into cybersecurity. About 25 years ago, I realized that despite all of the money that people spend on technology, there's still this human component that can get exploited over and over and over. I really wanted to find ways to deal with that situation, and so that's where a lot of the psychology comes in. I'm definitely not a formally trained psychologist, but I've got a broad spectrum of experience around behavior science, psychology, illusion, deception science and those kinds of things together. I've done classes in theatrical hypnosis and pickpocketing, because it all comes down to attention management and psychological framing, so I can look at all those different snapshots of how it gets used. Then you can start to draw these broad connections, and how it gets used within the cybersecurity context.

Q: During one of your talks, you pointed to a deepfake video of an Irish presidential candidate. The video used old footage of her, but added new audio, then altered the video to re-lipsync the footage to make it look like she was announcing her withdrawal from the race. Is this how most convincing defakes are still done, or are people just feeding pictures to LLMs and asking them to do it?

Carpenter: It depends on the situation. If I know that person's baseline well enough, then I could probably find the right photo or set of photos to create the deepfake. But if I want to lean into credibility, I would probably still harvest video and resync the audio. It would depend on the type of disinformation you want to create.

Q: Political figures in others in positions of authority have created and shared deepfakes to further their own political desires. What impact could this kind of disinformation have on the American psyche?

Carpenter: I think we're going to end up with a society that has a default disbelief in anything that they see, but the way that that default disbelief works is, it's only going to reinforce their core beliefs that they already have. You get into this thing that's called the liar's dividend, which means that the deceiver is the only one that stands to gain from the fact that deepfakes exist. So, if I create a deepfake that proves my point as the deceiver, well, then everybody that already wants to believe that does. But if I come out with a true video and somebody doesn’t agree with it, they'll go, ‘well, that's just a deepfake.’

Q: Most cybercriminals aren’t out there to disrupt democracy, they’re out there to make money. What does the rise of deepfakes mean for the organizations KnowBe4 protects?

Carpenter: It's just an extension of the same playbook as before. Anything that you can imagine a phishing email being used for, or a QR code scam being used for, there's going to be the deepfake equivalent of that. And I think that scammers are always going to go with what takes the least effort for the best payout. Deepfake scams where companies lose millions take a lot of work. I think there's going to be a whole bunch of low-grade deception that starts to just erode everybody's trust and then there's going to be a weapons-grade deception or two where people are spending weeks or months planning for that orchestrated event.

Q: Are these low-grade deceptions still threats?

Carpenter: Potentially. If you're trying to do a face-replacement deepfake and become someone else, with current technology, there's some glitches with that. But if you know what the glitches are, you can lean into them. With video calls, there's always frame rate issues, there's always audio issues. If I say this, ‘this crappy hotel Wi-Fi!,’ everybody gets it. If you can get a good-enough plausible deepfake and sustain it for 30 seconds, then just go off camera and interact over the chat, nobody notices. Everybody's dealt with that.

Q: So how do we protect against these threats?

Carpenter: There's a deepfake detection market that’s trying to do some really good work. It’s not 100% yet, and will probably never be, because of the arms race of technology. I'm not going to discount what they're doing fully, because I do think that they've got a noble goal for it, but I'm also not going to rely on it. As soon as I know the way that that works, I'm going to find a work around for it.

I don't want to give the easy answer, I just, I think we have to lean into the fact that the best thing we can do as a society is just learn to slow down and ask a critical question, either of ourselves or the thing that we're talking to.