By Byron V. Acohido

The wire transfer went through. The CFO on the video call looked right, sounded right, and gave the authorization — except there was no CFO on that call.

Related: The industrializing of identity fraud

Corporate deepfake attacks of that kind, executives impersonated to authorize fraudulent wire transfers, accounted for roughly $550 million of the $2.19 billion in deepfake-related fraud losses reported globally through the first quarter of 2026, according to Surfshark’s April 2026 analysis.

What’s more, deepfake fraud attempts have surged 2,137 percent over the past three years, and Deloitte projects AI-enabled fraud in the U.S. will reach $40 billion by 2027.

“The deepfake itself is just a new iteration of a very old trick,� observes  Perry Carpenter, Chief Deception Strategist at KnowBe4, a Clearwater, Fla.-based provider of a digital workforce security platform.

I sat down with Carpenter at KB4-CON 2026 in Orlando to discuss this. For a full drill down, please give the accompanying podcast a listen. Here is what I learned that you should know.

Hijacking minds

Every con in history has worked the same way. The target’s nervous system is hijacked before the rational mind has time to engage. The deepfake is just the newest instrument for doing it.

Deepfakes are grabbing headlines because AI content generation tools have made them cheap, convincing, and scalable. But the deepfake itself is a distraction. What matters is the psychological mechanism underneath it — the one that has powered every con, phishing email, and social engineering attack for the past century, and that no detection tool has yet managed to neutralize.

“The thing that really unlocks the power of the artifact is the narrative — the context that somebody is snapping it into,” Carpenter told me. “Without that context, without human emotion, without the fact that our minds can be hijacked, the deepfake is just an interesting technology demo.”

Carpenter should know. He has spent his career studying deception — stage hypnosis, theatrical pickpocketing, and the psychology of why people act against their own best instincts under pressure.

His conclusion: a deepfake works because it arrives wrapped in the same emotional pressure that has driven social engineering since long before AI existed. Urgency. Claimed authority. A deadline that does not permit verification.

That also explains why deepfake detection tools have fallen short. The technology to reliably catch photorealistic synthetic video does not yet exist.

Meanwhile, the barriers to creating that video have collapsed. AI image and video generation tools — accessible to anyone with a broadband connection for $20 a month or nothing at all — can now produce the kind of photorealistic synthetic video that North Korea, China, and Russia would have needed nation-state resources to pull off five years ago.

Training the reflex

Carpenter’s answer is behavioral. Detection software is not the defense. The defense is an employee who recognizes emotional manipulation as it arrives. The signals are familiar from phishing: time compression, claimed authority, urgency engineered to shut down critical thinking. Those signals work the same way on a voice call or a video call as they do in a text message.

The goal is a reflex. The finance employee on the receiving end of a deepfake call needs to feel the manipulation before the rational mind engages, then pause and ask a verification question. That pause is the last line of defense between a polished deepfake and a wire transfer the company will not recover.

A reflex is not built in a classroom. Once-a-year compliance training does not produce it. Once-a-quarter awareness modules do not produce it. Carpenter put it bluntly: “If an organization is doing a once-a-year training or even a once-a-quarter training, it is like trying to get in shape and only going to the gym once a year. The only thing you realize is how much pain you’re in.”

What builds the reflex is repetition at the cadence of habit formation. KnowBe4 calls the discipline human risk management and runs it continuously rather than as an annual event.

The next attack surface

Most organizations are not ready for what comes after the deepfake. AI agents are now handling finance tasks, triggering transactions and running customer-facing communications inside enterprises that have not yet figured out how to govern them. The agents inherit the same vulnerabilities that make humans susceptible to deepfake attacks. Malicious inputs can manipulate them. Excessive permissions let them act in places their function does not require.

The difference is scale. A human employee tricked into authorizing one fraudulent wire transfer causes one incident. A compromised AI agent moves at machine speed across every system it can reach, executes whatever its permissions allow, and does it before anyone in the security operations center has noticed the agent was working off bad instructions in the first place.

“When you have a set of automated AI agents that are doing something wrong, they do that at agent scale,” Carpenter said.

Gravitee’s State of AI Agent Security 2026 report surveyed more than 900 executives and practitioners. It found 81 percent of enterprise teams have moved past the planning phase for agent deployment. Only 14 percent have full security approval for what they have built. Eighty-eight percent have experienced confirmed or suspected incidents tied to those agents.

Most organizations cannot produce a basic inventory of the agents running inside their environments. That is the same failure that defined unmanaged software exposure a decade ago.

KnowBe4 launched Agent Risk Manager on April 14, 2026. The company framed it as the first product built specifically to govern autonomous AI agent behavior. KnowBe4 released it the same day it acknowledged that human risk management alone no longer covers the workforce it is defending.

The question for CISOs is whether the recognition reflex can be trained into employees fast enough to matter before the next $25 million wire, and whether any of that training will transfer to the AI agents now arriving in the same workflows. I’ll keep watch and keep reporting.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

June 2nd, 2026 | Fireside Chat | Top Stories