President Ali Bongo Ondimba of Gabon had not appeared in public for months. Rumours of his death or incapacitation were destabilising the country. On New Year's Day 2019, state television broadcast a video of Bongo delivering a short address — stiff, wooden, oddly lit. Within days, a military faction cited the video as evidence of a deepfake and attempted a coup. Researchers who later analysed the footage disagreed: the video appeared genuine, merely poorly produced. The coup failed. But the episode revealed something new and dangerous: the mere possibility of a deepfake had become a weapon.
The term deepfake was coined in late 2017 by a Reddit user who posted AI-generated face-swap videos of celebrities. The name fused deep learning with fake. Within months the technique had spread from research labs to consumer software.
The foundational architecture is the Generative Adversarial Network (GAN), introduced by Ian Goodfellow in 2014. A GAN pits two neural networks against each other: a generator that tries to create convincing synthetic images, and a discriminator that tries to detect fakes. They train in tandem — the generator improving until the discriminator can no longer tell real from fake.
By 2022, diffusion models — the architecture behind Stable Diffusion, DALL·E 2, and Midjourney — had largely superseded GANs for image generation. Diffusion models work by learning to reverse a process of adding noise to images: they are trained to denoise, and at inference time they begin from pure noise and iteratively refine it into a coherent image guided by a text prompt or reference image.
For video deepfakes, systems like DeepFaceLab and commercial successors combine face detection, landmark tracking, and neural re-rendering to transplant one person's facial movements and expressions onto another's head in every frame of a video.
Synthetic media did not begin with AI. Hollywood has used CGI faces since the 1990s — Forrest Gump shook hands with President Kennedy in 1994 using early compositing. But those techniques required millions of dollars and teams of specialists. What changed after 2017 was democratisation: deepfake creation moved from film studios to anyone with a consumer GPU and a few hours of source footage.
In 2018, the Belgian political party sp.a released a video of President Trump announcing US withdrawal from the Paris Climate Accord. The video was clearly labelled as synthetic — a piece of political commentary. But it demonstrated that convincing political deepfakes were now producible on a small budget. The same year, BuzzFeed and director Jordan Peele released a public-service deepfake of Barack Obama — voiced by Peele, wearing Obama's face — warning viewers not to believe everything they see online.
By 2023, real-time deepfake tools allowed a person on a video call to appear as a completely different individual, with facial movements tracked and re-rendered at 30 frames per second on commodity hardware.
Sensity AI (a deepfake detection company) estimated that as of 2023, over 95% of all deepfake videos online depicted non-consensual intimate imagery — primarily women. Political and financial fraud deepfakes, while rarer, receive disproportionate media coverage relative to the larger crisis of image-based abuse.
Voice cloning has become equally accessible. Tools like ElevenLabs can clone a voice from as little as a one-minute audio sample. In 2023, a robocall using a cloned voice of President Biden urged New Hampshire Democrats not to vote in the primary — the audio was forensically identified as AI-generated but had already reached thousands of voters.
Synthetic text from large language models can produce fake news articles, fake academic citations, and fake social media personas at industrial scale. Image generation produces fake photographs of events that never occurred. Combined, these tools constitute what researchers now call the synthetic media ecosystem — an environment where every sensory channel of human communication can be fabricated.
The most dangerous aspect of deepfakes may not be the fakes themselves but the liar's dividend — the ability for any real video to be dismissed as AI-generated. Once audiences doubt the authenticity of all media, bad actors can deny genuine evidence of their wrongdoing.
You are a junior analyst at a media verification desk. A video clip has been flagged as potentially synthetic. Your AI assistant has pre-analysed several frames and is ready to walk you through the forensic indicators. Ask it about specific visual or audio tells, discuss the Gabon 2019 case, or explore what current detection tools can and cannot do.
A finance worker at a multinational firm received a video call invitation from someone claiming to be the company's UK-based CFO. On the call were several colleagues — all familiar faces. The CFO instructed him to transfer HK$200 million (approximately US$25 million) as part of a confidential transaction. He complied. Every face on that call was a deepfake. Hong Kong police later confirmed that attackers had used publicly available footage of the real employees to train face-synthesis models, then ran them live on the video call. It was the largest known deepfake financial fraud at the time.
Every deepfake begins with source footage of the target — the person whose face will be rendered. The more footage available, and the greater its variety (different angles, lighting conditions, expressions), the more convincing the result. Public figures are especially vulnerable because hours of broadcast footage exist.
For the Hong Kong attack, attackers scraped video conference recordings, public interviews, and corporate videos. The US$25 million transfer required perhaps weeks of model training on commodity hardware.
The second requirement is footage of the driver — the person whose live expressions and movements will animate the target face. In real-time deepfakes (as used in the Hong Kong case), the attacker is the driver: their face is tracked by a webcam and mapped in real time onto the synthesised target face.
Using tools like DeepFaceLab (open source, continuously maintained) or commercial successors, an operator feeds aligned face images from source footage into a neural network. The network learns a compressed latent representation of the target's face — essentially, a mathematical description of how that face transforms across angles and expressions.
Training on a modern consumer GPU (e.g. an NVIDIA RTX 4090) takes between 12 and 72 hours depending on quality targets and dataset size. By 2024, cloud-based deepfake-as-a-service platforms had reduced this to minutes by using pre-trained base models fine-tuned on a small set of target images.
The trained model generates synthetic face frames that must be blended back into the original video. This is where most detectable artefacts arise. Blending requires:
Mask generation — defining exactly which pixels belong to the face region versus hair, ears, and background. Imperfect masks create the "face in a face" shimmer visible at edges in lower-quality deepfakes.
Colour correction — matching the synthesised face's skin tone and lighting to the background plate. Mismatches produce flat, plastic-looking skin.
Temporal consistency — ensuring that frame-to-frame, the synthesised face does not flicker or jitter. This is computationally expensive and is the primary limitation of real-time systems.
Eye reflections (specular highlights) are among the most reliable forensic indicators. A real face in a real environment shows consistent reflections of light sources in both eyes. Synthesis models often produce incoherent or physically impossible reflections — a tell still reliable as of 2024 for non-commercial tools, though rapidly improving.
A convincing video deepfake requires matching synthetic audio. Voice cloning systems — including ElevenLabs, VALL-E (Microsoft, 2023), and open-source alternatives — can reproduce a target's voice from a few minutes of audio. VALL-E was demonstrated reproducing a speaker's voice (including their emotional tone and acoustic environment) from a 3-second clip.
In the Hong Kong fraud, the fake CFO's voice was indistinguishable to the victim. The attack succeeded partly because the company's verification protocols relied entirely on visual and auditory recognition — both of which the deepfake had defeated.
The Hong Kong case led several multinational corporations to implement out-of-band verification for large transfers — requiring a separate, pre-established communication channel (e.g. a confirmed phone call to a known number) before any significant action is taken based on video instruction.
You are a security consultant advising a multinational firm in the wake of the Hong Kong deepfake fraud. Your AI assistant has been briefed on the technical pipeline and the specific failure modes of the attack. Work through what verification protocols should have existed, and how they should be designed going forward.
Days before the New Hampshire Democratic primary, voters received robocalls featuring a voice that sounded unmistakably like President Biden. The voice told them: "Don't vote this Tuesday." Election officials moved quickly; the audio was identified as AI-generated within 24 hours. A Democratic political consultant named Steve Kramer later claimed responsibility, describing it as a "wake-up call" about AI vulnerability — though critics noted this framing conveniently minimised accountability. The FCC subsequently ruled that AI-generated voices in robocalls require explicit consent and disclosure.
Political deepfakes and synthetic audio have appeared in documented elections across multiple continents in a short window. In Slovakia (September 2023), two days before a parliamentary election, an audio recording circulated on Facebook appearing to show liberal candidate Michal Šimečka discussing how to buy votes. The recording was assessed by fact-checkers as likely AI-generated, but it had spread to tens of thousands of listeners before labelling. Šimečka lost. Whether the audio changed the result cannot be established, but Meta's response — citing election-silence rules and not removing the audio — became a case study in platform failure.
In Taiwan (January 2024), AI-generated videos and audio of candidates circulated in the weeks before the presidential election. The Taiwanese government had enacted legislation requiring AI disclosure on political ads, but enforcement of viral social media content proved difficult. Taiwan's election integrity commission documented over 40 distinct synthetic media incidents in the campaign period.
In India (April–May 2024), during the world's largest election, deepfake videos of deceased political figures endorsing candidates were distributed via WhatsApp. Several used voice cloning to recreate leaders who had died years earlier. The Election Commission of India issued guidance but had no rapid-removal authority over encrypted messaging platforms.
Across documented cases, synthetic political media tends to be released in the 48–72 hours before an election — a window specifically chosen because verification takes time, corrections spread slowly, and there is no opportunity for the targeted campaign to mount a credible response before polls close.
Beyond elections, deepfakes have been deployed in active conflict. In March 2022, days after Russia's full-scale invasion of Ukraine, a deepfake video circulated showing Ukrainian President Volodymyr Zelensky apparently calling on Ukrainian soldiers to surrender. The video was quickly identified as fake — the facial proportions were off, the head movements were unnatural, and Zelensky immediately appeared live to deny it. But the operation demonstrated that even a poor-quality deepfake can achieve objectives if it reaches audiences before debunking.
Ukrainian officials noted that the fake Zelensky video was distributed via hacked Ukrainian news websites — the synthetic content was credible partly because of the credible delivery channel. This illustrates that deepfakes operate within information ecosystems; the surrounding infrastructure of trust matters as much as the video itself.
As of 2024, legal frameworks lag significantly. In the US, no comprehensive federal deepfake law exists. Several states — including California, Texas, and Virginia — have enacted narrow laws targeting non-consensual intimate deepfakes or political deepfakes in the 60 days before an election. But enforcement has been limited and penalties modest.
The European Union's AI Act (adopted 2024) requires that AI-generated content be labelled when it could mislead users about its synthetic nature. Implementation will take years. China has enacted the most prescriptive deepfake regulations globally — the Provisions on the Management of Deep Synthesis Internet Information Services (2022) require watermarking and operator liability — though enforcement reflects domestic political priorities.
Major platforms have adopted content credentials — cryptographic metadata standards (C2PA protocol) that record a media file's provenance and any AI-generation steps. Adobe, Microsoft, Sony, and the BBC are among the signatories. But content credentials only work if they are not stripped, and most platforms do strip metadata on upload.
The fastest-spreading political deepfakes travel primarily through encrypted messaging apps (WhatsApp, Telegram) and short-video platforms (TikTok) where platform moderation is least effective and metadata is routinely stripped. Legal frameworks designed around broadcast media or open social platforms have minimal purchase in these environments.
You work for an election integrity organisation. It is 60 hours before polls open and a viral audio clip is circulating that appears to show a candidate making inflammatory remarks. Your AI research assistant has access to the documented case library. Develop your rapid-response strategy.
In 2021, a coalition including Adobe, Microsoft, the BBC, Sony, and Intel published the Coalition for Content Provenance and Authenticity (C2PA) specification — a cryptographic standard for embedding tamper-evident metadata into media files at the moment of capture or creation. A C2PA-compliant camera or editing tool records who created the file, what software was used, and whether any AI tools were applied. The metadata travels with the file. By 2024, Leica had shipped the first C2PA-compliant camera, and Nikon and Canon had announced roadmaps. But the system has a critical weakness: every major social media platform strips metadata on upload. Content credentials can only work end-to-end if every link in the chain preserves them.
Deepfake detection is technically a binary classification problem: given a media file, output a probability that it is synthetic. In practice, it is vastly more difficult. The central challenge is generalisation: detectors trained on known deepfake architectures fail on new ones. When a new synthesis method is released, existing detectors perform near chance until retrained.
As of 2024, best-in-class research detectors (e.g. from the FaceForensics++ benchmark) achieve high accuracy on held-out data from known generation methods but drop significantly on unseen generators. In competitions run by DARPA (the Media Forensics programme, MediFor) and Facebook (the Deepfake Detection Challenge, 2020), winning models achieved around 65–82% accuracy on novel deepfakes — useful but far from reliable enough for high-stakes single-video decisions.
Detection tools that analyse biological signals — subtle patterns in heart rate (rPPG, remote photoplethysmography) or micro-expression timing that synthesis models fail to reproduce — have shown promise in research settings. But they require high-quality, uncompressed video and fail with heavy compression.
An alternative to detection is provenance — instead of trying to identify fakes, ensure all authentic media carries verifiable proof of origin. Two approaches have emerged:
C2PA content credentials (described above) work by attaching signed metadata at capture. Watermarking works by embedding imperceptible signals into the pixels or audio waveform itself — signals that survive moderate compression and editing. Google's SynthID, launched in 2023, embeds invisible watermarks in images generated by Imagen and in audio generated by Google's systems. Meta and OpenAI have published research on robust watermarking for AI-generated text and images.
The fundamental limitation of watermarking is that it only identifies AI-generated content as such — it cannot identify manipulated real content, and watermarks can potentially be removed by adversarial processing (though this is non-trivial for well-designed watermarks).
Every detection method published in a research paper gives deepfake developers a training target. The history of GAN development shows that discriminators are effectively free optimisation signals for generators — publication of a detector is simultaneously the publication of a roadmap for defeating it.
Researchers increasingly argue that technical solutions cannot solve what is fundamentally a social and epistemic problem. Media literacy — the capacity to critically evaluate media sources, apply verification heuristics, and tolerate uncertainty — is a necessary complement to technical tools.
Studies from the Reuters Institute and MIT Media Lab suggest that source credibility heuristics — asking "who published this, and why?" before asking "is this video real?" — are more reliable guides to accuracy than automated detection tools in most everyday contexts.
Institutional resilience includes: newsrooms with established deepfake verification workflows; platforms with rapid-escalation channels for suspected political synthetic media; election authorities with public communications plans for the scenario in which a deepfake goes viral 48 hours before polls open; and legal frameworks that assign liability clearly enough to create deterrence.
The SIFT method (Stop, Investigate the source, Find better coverage, Trace claims) developed by researcher Mike Caulfield has been adopted in media literacy curricula across the US and Europe as a practical framework applicable before any technical analysis.
The most robust defence against synthetic media is not a single tool but a layered system: cryptographic provenance at capture, platform-level watermark verification, automated detection as a triage signal (not a verdict), trained human reviewers for high-stakes cases, and populations with sufficient media literacy to apply scepticism proportionally — to fakes and to real content being falsely denied.
You are advising a major news organisation on its synthetic media policy. They want to know: when a viral video arrives at their verification desk, what is the full decision tree? Your AI assistant can walk through detection tools, provenance checks, source heuristics, and the SIFT method. Design a verification workflow that is practical under newsroom time pressure.