Deepfake Detection

The deepfake detection market is growing fast, and the vendor claims are growing faster. Every platform promises enterprise-grade detection, real-time accuracy, and comprehensive coverage. The marketing language overlaps enough that genuine differentiation is difficult to find in a product brief.

The problem is not a shortage of tools. It is that most security buyers are asking the wrong questions during evaluation. Benchmark scores look impressive. Demo environments are controlled. The gap between what a tool demonstrates and what it delivers against a determined attacker running real generators in production is where the procurement mistakes happen.

Here are five questions that will tell you more about a deepfake detection platform than any vendor-provided benchmark.

1. Does It Separate Liveness Detection from Injection-Attack Detection?

This is the most important question in the evaluation, and the most commonly skipped.

Liveness detection confirms that a real human is physically present at the camera. It is designed to stop someone from holding up a printed photo or playing a pre-recorded video. What it does not detect is an injection attack, where a synthetic video stream is inserted directly into the application’s media layer, bypassing the camera entirely before the liveness check ever runs.

A convincing injection attack passes liveness detection because the liveness system is reading the camera feed, not checking whether the camera feed itself is genuine. These are different problems and they require different technical approaches.

NIST SP 800-63-4 now codifies this distinction, requiring liveness detection and injection-attack detection as separate normative controls. If a vendor cannot clearly explain how their product addresses both, and cannot show independent certification against ISO/IEC 30107-3 for presentation attacks and CEN/TS 18099 for injection attacks, they are not covering both.

A 2025 biometrics industry poll found that 42% of organizations rely on liveness detection as their primary deepfake defense. That means 42% of organizations have a gap that a competent attacker already knows about and can walk through.

2. How Frequently Is the Detection Model Updated?

A deepfake detection model learns the statistical fingerprints of the generators it was trained against. When a new generator architecture ships, those fingerprints change. If the model is not retrained against the new generator’s outputs before the tool reaches widespread deployment, the detector’s accuracy against that tool will be materially lower than the published benchmark suggests.

Researchers assembling Deepfake-Eval-2024, the first benchmark built entirely from real deepfakes pulled from social media and detection platforms during 2024, found that leading open-source detectors lost 45 to 50 percent of their accuracy on real-world samples compared to the academic datasets those same models had scored near-perfectly on. The gap between demo performance and production performance is not a minor statistical variance. It is the attack surface.

Ask the vendor: what is your update cadence? Which generators does your current model cover by name? When was it last retrained against a newly released tool? A vendor who cannot answer those questions with specifics is selling you a point-in-time product against a continuously evolving threat.

3. Does It Cover All Six Detection Method Families?

Deepfake detection is not a single technique. It is a family of six distinct approaches, each designed to catch a different class of attack.

Media forensics reads artifacts in the content itself, from frequency-domain anomalies to pixel-level blending seams. Biological signal detection checks whether a genuine heartbeat can be detected through remote photoplethysmography. Biometric liveness paired with injection-attack detection confirms a real person is present and that no synthetic feed has bypassed the camera at the software layer. Audio and voice analysis checks for spectral discontinuities, prosodic flatness, and missing breath sounds that indicate synthetic audio. AI fingerprinting identifies hidden generation signatures common to synthetic media. Media authentication uses cryptographic provenance to establish a verifiable chain of custody from capture to distribution.

Most tools in the market cover one or two of these families. A single-method detector leaves an attacker with a clear path: use the modality the defender is not watching.

The strongest stacks layer multiple method families so that the failure mode of one is covered by another. Before signing anything, ask the vendor to map their product against each of the six families and explain where they have and do not have coverage. For a detailed comparison of how current platforms stack up against this framework, Diopter’s review of the best deepfake detection software covers the ten leading enterprise tools against each detection family.

4. Where Does the Verdict Surface in the Workflow?

A deepfake detection tool that flags a synthetic video call after the wire transfer has been approved is a forensics tool. It is useful for investigations. It is not fraud prevention.

For any workflow where the outcome depends on real-time verification, whether that is a KYC onboarding session, a live executive approval, a vendor call authorizing a payment change, or a candidate interview for a sensitive role, the detection must happen during the interaction, not after it. Ask the vendor specifically: at what point does the verdict surface? Is it before the action is taken or after? Is it during the live call or on the recording?

This distinction is more significant than it might appear. Post-hoc detection against a recorded file confirms what happened. Real-time detection changes what happens. The architecture has to match the use case, and most vendors will position their tool as applicable to both without being transparent about the latency involved.

5. What Does the Audit Trail Look Like?

EU AI Act Article 50 enforcement begins in August 2026. Under its requirements, organizations need documented processes for identifying and handling synthetic media, not just the capability to detect it. Detection that fires and leaves no structured record creates legal exposure even when the detection itself works correctly.

Ask the vendor to walk through a sample output from a real detection event. Look for: a confidence score, a signal-by-signal breakdown of what drove the verdict, a timestamp and session identifier that ties the result to a specific interaction, and a format that is usable as compliance documentation. If the output is a single binary flag with no supporting evidence, the tool cannot carry weight in a regulatory review, an insurance claim, or a board-level incident debrief.

Auditability is not a secondary feature. For any organization operating in a regulated industry, it is a procurement requirement.

A Practical Framework Before the Demo

Most deepfake detection evaluations start with the demo, which is the worst possible starting point. A demo environment is controlled, uses the vendor’s preferred content, and is optimized to produce a compelling result. None of those conditions apply to the attacker running a real campaign against your organization.

Before you schedule the demo, get answers to the five questions above in writing. Then design the demo around real-world conditions: test against content generated by tools the vendor did not provide, ask them to demonstrate injection-attack detection separately from liveness, and ask what the verdict output looks like in a compliance context.

The organizations that are getting ahead of deepfake fraud are not necessarily buying more tools. They are buying fewer tools that cover more of the attack surface and asking harder questions about how those tools will hold up when an attacker is actively trying to defeat them. The five questions above are the starting point for that conversation, not the end of it.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.