A Deepfake Just Got Hired. Twice. What Every Employer Needs to Know.

A Deepfake Just Got Hired. Twice. What Every Employer Needs to Know.

I came across something this week that genuinely stopped me in my tracks. A candidate used deepfake technology to secure not one, but two job offers. Not a concept. Not a dystopian warning from a tech blog. This actually happened. Real roles. Real companies. Real salaries committed to someone who was never who they appeared to be.

If that makes you uncomfortable, good. It should.

We have a vulnerability problem in hiring, and most businesses don't know it yet.

The shift to remote and digital hiring processes opened doors for candidates and employers alike. Flexibility, efficiency, wider talent pools. The benefits were real. But so were the trade-offs, and this story illustrates one of the starkest.

When we removed the human layer from hiring, we removed one of our most powerful safeguards.

A deepfake can pass a video interview. It can submit polished AI-written applications. It can ace an automated screening task. What it cannot do is walk into your office, meet your team, build a relationship with your network over time, or survive genuine human scrutiny from people who know your business and culture inside out.

This is why I have always championed real, intentional interaction with candidates, employees and professional networks. Not because it is tradition. Because it is protection.

The organisations most at risk are those who digitalised their hiring process and never revisited it.

If your end-to-end recruitment journey can be completed without a single meaningful in-person or live human interaction, you are exposed. It is time to ask honestly: at what points in our process would we actually know if something was wrong?

A policy is not a strategy.

When AI exploded into the mainstream, most businesses did what felt responsible. They drafted a policy. Do not upload confidential data. Do not use ChatGPT for client work. Employees must disclose AI use. Policy signed. Tick. Done.

I understand why. It felt like action. But it was administration, not strategy.

The threat landscape around AI is not static. It is moving faster than any policy review cycle. Deepfake candidates are not a future risk to add to next year's agenda. They are here. And the businesses relying on a one-page policy to protect them are underprepared.

A genuine AI strategy asks harder, more uncomfortable questions:

• How are candidates using AI throughout our hiring process, and how do we feel about that?

• Where are our identity and verification processes genuinely robust, and where are they fragile?

• Are our hiring managers equipped to spot inconsistencies, or are they overstretched and over-reliant on digital tools?

• How is AI changing the nature of the roles we are hiring for, and are our job briefs keeping pace?

• What is our position as a business on AI use, not just in HR, but across every function?

These are strategic questions. They belong in the boardroom as much as the HR department.

Practical steps employers should take right now.

You do not need to overhaul everything overnight. But you do need to start moving with intention.

Reintroduce meaningful in-person touchpoints. At least one stage of your hiring process should involve genuine, live human interaction. Not as a bureaucratic hurdle, but as a deliberate moment of connection and verification. A conversation, a site visit, a team introduction. These are not inefficiencies. They are safeguards.

Audit your verification process honestly. When did you last review it with fresh eyes? Reference checks completed by phone rather than email, identity checks that go beyond an uploaded document, structured conversations that probe beyond rehearsed answers. Ask yourself plainly: would our process have caught what those two companies missed?

Invest in your people's AI literacy. Not just awareness sessions. Real, practical understanding of what these tools can do, how candidates are using them, and where your blind spots sit as a result. This applies to HR teams, hiring managers and senior leaders alike.

Build relationships before you need them. The candidates you have met at events, mentored, stayed in touch with, watched grow in your network over time, those people do not need to be deepfake-checked. You already know them. This is the compounding value of genuine professional relationships, and it has never mattered more.

Elevate your AI strategy to a business priority. Not a HR policy. Not an IT governance document. A living, evolving strategy that sits at the intersection of talent, culture, risk and operations. HR should be leading this conversation, not waiting to be invited to it.

The human layer is the security layer.

I have built my career on the belief that genuine human connection, the coffees, the conversations, the investment in people before, during and long after a hiring process, is what great HR looks like. This week reminded me it is also what safe HR looks like.

AI is a powerful and genuinely exciting tool. I am not anti-AI. I am pro-strategy. And I am deeply pro-human.

Because AI can replicate a face. It can generate a CV. It can even pass an interview. But it cannot replicate trust built over time. It cannot replace the instinct that comes from truly knowing the people in and around your organisation. And it cannot substitute the value of real, human relationships built with intention.

Technology should support your people strategy. It should never replace the human at the heart of it.

If you would like to talk about how your business is approaching AI in your people strategy, I would love to hear from you. Get in touch at hello@prismpeoplesolutions.com