The Arup Hong Kong incident in early 2024 — a finance worker wired $25M after joining a video call in which every “colleague” was a real-time deepfake — remains the single most cited case in every CISO presentation we have attended in the last eighteen months. The FBI’s 2025 IC3 report puts combined losses from AI-facilitated executive impersonation at $1.6B across the year, an order of magnitude above the 2023 figure and likely an undercount.
Detection shipped. Finally.
After two years of “coming soon” demos, real-time deepfake detection now ships inside the major conferencing platforms. Microsoft Teams surfaced its own model in March. Zoom’s integration with a Reality Defender-adjacent stack quietly went GA for Enterprise tiers in Q1. Google Meet’s detector arrived via a Duet AI security add-on. The detection works well enough that practitioners we spoke to describe false-positive fatigue, not missed detections, as the current operational problem.
The attacker side isn’t standing still
Real-time synthesis is also a moving target. The same research groups that publish detector improvements also quietly document generator improvements six months later. A publicly-released open-source generator dropped in February that produces audio indistinguishable at 24kbps telephony quality on a consumer GPU. Expect detector vendors to spend 2026 rebuilding their training pipelines quarterly rather than annually.
What to do now
The consensus playbook from the last year of incidents:
- Treat every unexpected executive request as adversarial until a second channel confirms it — text, separate voice call, in-person. The controls are social, not technical.
- Deploy the detection that ships with your conferencing platform. Accept the false-positive noise; the savings on one averted wire are multiple years of tooling costs.
- Run a tabletop with your finance team that simulates a real-time impersonation. Measure how long it takes them to reach “pause and confirm.” That number is your exposure.