Remote hiring opened the global talent market. It also opened an entirely new area of risk.
Today, a growing number of organizations are confronting a scenario that would have sounded like science fiction just a few years ago:
- A candidate applies for a remote role using an AI-enhanced resume with AI-enhanced credentials, and gets selected for an interview.
- They interview through a video call and with the assistance of AI, ace the interview.
- They complete a technical assessment, and with further assistance from AI, they ace it.
- A job offer gets extended and accepted.
Everything looks legitimate. Until weeks or months later, when the company discovers the person they hired is not who they claimed to be.
In some cases, the motivation of the applicant is to get a high paying job, and even perhaps outsource it at a fraction of their pay and keep the difference. In others, the goal is far more nefarious: access to proprietary data, intellectual property, or sensitive systems.
The question companies are now beginning to ask is uncomfortable but unavoidable: If a deepfake candidate slips through the hiring process, who owns the risk?
The recruiter and the talent acquisition team? Or the Chief Information Security Officer (CISO)?
A New Category of Insider Threat
Traditionally, security leaders have thought about risk in two broad categories: External threats and insider threats.
External threats include attacks originating outside the company such as phishing campaigns, malware, or network intrusions. Insider threats involve people who already have legitimate access to internal systems.
Security teams invest heavily in monitoring and mitigating both. But AI-powered hiring fraud introduces a third category that sits somewhere between the two: the synthetic insider. In that role, bad actors do not hack into the organization. Instead, they apply for a job.
Using AI tools, applicants can now:
- generate highly tailored resumes
- fabricate detailed work histories
- optimize credentials for applicant tracking systems
- receive real-time assistance during interviews and tech tests
More concerning still, emerging tools allow candidates to manipulate their on-camera presence through deepfake video filters.
The result is a candidate who can appear qualified, articulate, and credible throughout the hiring process. Until, that is, they are inside the company network.
Recruiters Are Being Asked to Solve a Security Problem
Recruiters today operate under immense pressure. Hiring teams expect speed. Candidates expect responsiveness. Leadership expects results.
But detecting AI-assisted fraud was never part of the traditional recruiting toolkit.
In fact, many recruiters encountering suspicious candidates turn to LinkedIn communities for help. They share stories of interviews that felt “off.” Candidates who avoided turning on cameras. Technical responses that sounded suspiciously rehearsed.
Without clear guidance, recruiters are doing the best they can, comparing notes with peers and trying to develop instincts for spotting anomalies. But intuition is not a security strategy. And recruiters are not trained threat analysts.
A Conversation With a CISO
Recently, I had a conversation in Vancouver with a CISO responsible for security strategy at a major company. I asked a simple question: How do you evaluate threats to the organization?
Her answer was straightforward.
Like described above, her security team typically assesses both external and insider threats, and have security programs designed to monitor and mitigate both. But when our conversation turned to AI-enabled hiring fraud, an interesting gap emerged.
The CISO acknowledged that security teams would certainly care about the risk once the individual became an employee. Background checks, access monitoring, and behavioral analytics are often deployed at that stage.
However, the interview process itself sits outside the scope of security oversight. Like in many organizations, the hiring process is considered a purely HR function. Security becomes involved only after the employee joins the company.
The Blind Spot in the Hiring Process
That separation creates a dangerous blind spot. If security teams are focused on employees, and recruiting teams are focused on candidates, who is responsible for detecting threats during the interview process?
The scary thing is in many organizations, the answer is: No one.
This is not due to negligence. It is often simply a matter of organizational structure.
Two common scenarios illustrate the problem:
Smaller Companies
Organizations with fewer than 500 employees may not have a dedicated CISO or security team at all. Recruiters and hiring managers are effectively the first line of defense. But they are rarely equipped with tools or processes designed to detect sophisticated identity deception.
Larger Enterprises
Large organizations often have robust security programs. But those programs typically focus on existing employees and system access, not the interview pipeline. Unless the security team actively collaborates with HR, the hiring process can remain outside the security perimeter.
Historically, that boundary was guarded primarily through:
- background checks
- reference verification
- credential validation
But in an era of remote work and AI-assisted deception, those safeguards may no longer be sufficient. And if a stolen identity is used, those typical safeguards are worthless.
Why AI Makes the Problem Worse
AI does not simply make fraud possible. It makes it scalable. A single bad actor can now generate dozens of tailored job applications in a matter of hours. They can practice interview responses with AI coaching tools. They can receive real-time assistance during technical assessments. And in extreme cases, they can manipulate video presence using deepfake technology.
This creates a troubling asymmetry: Bad actors are using sophisticated AI tools. Recruiters are relying on intuition.
What is the Solution? More AI in the Hiring Process? Recruiters Using AI to Beat AI?
AI solves many challenges in the top end of the hiring funnel. If you have thousands of candidates applying, there are dozens of software solutions that detect fraud and/or verify identity, including Socure, Tofu, Polyguard, ID.me, Veriff etc. They could remove most (but not all) of the bad actors.
But when you’re at the final round where you are down to 2-4 candidates, there is just one approach that works 100 percent of the time for removing deep fakes and all AI-related hiring fraud: In-person interviews, either at your location or using proxy interview firms.
Relying on AI throughout the entire hiring process to solve the problem of deep fakes pits your AI against the AI of the bad actors. An endless game of whack a mole.
The solution: Use AI-based solutions for anti-fraud and identity verifiation at the top of the funnel PLUS employ an in-person solution during the final interview rounds to provide 100 percent assurance against hiring a bad actor, a fake candidate, or an AI bot.
The New Question for Companies
AI is transforming hiring at remarkable speed. It is helping organizations screen candidates faster and helping job seekers present themselves more effectively. But it is also creating new opportunities for deception.
That reality forces companies to confront an important question: If an AI-assisted imposter enters the organization through the hiring process, who was responsible for stopping them? The recruiter who conducted the interview? Or the security team responsible for protecting the company?
Lets stop turning recruiters into detectives and get them back to evaluating candidates. And give them the in-person option at the end of the recruiting cycle to catch fraud before it’s too late.