The most trusted organizations do not just sell products. They sell judgement, discretion and trust. That trust is now being actively tested by AI-enabled deception — at scale, and at the onboarding stage, precisely when verification decisions are made.
Artificial intelligence is no longer a future risk. It is already being used to manufacture identities: Deepfake video interviews, synthetic executive profiles built from fabricated credentials, digital histories engineered to pass surface-level scrutiny. AI is not merely generating misleading content. It is generating entire people.
The question facing firms is no longer whether this is happening. It is whether their current processes are capable of detecting it.
The acceleration of disinformation
AI-driven disinformation now spreads faster than institutional verification cycles can respond. That asymmetry — between the speed of deception and the pace of discovery — is where professional misrepresentation operates. Generative AI platforms are already experiencing large-scale data leaks, creating secondary networks where fabricated materials are refined and redistributed. What enters as a crude forgery can emerge as a document that passes almost any manual review.
Deepfake video interviews are no longer theoretical. A November 2025 report from Greenhouse found that 91 percent of hiring managers had caught or suspected AI-driven candidate misrepresentation — including fabricated backgrounds, AI-generated interview scripts and deepfake video interviews. Nearly one in five reported direct exposure to deepfakes.
AI-generated CVs and professional narratives are increasingly indistinguishable from authentic ones — not because they are accurate, but because they are coherent. They contain the right keywords, the right institutional affiliations, the right career logic. They are designed to satisfy the kind of search-driven, pattern-matching review most firms conduct.
Synthetic identities go further still. Rather than falsifying a single document, sophisticated actors construct layered digital personas across LinkedIn, professional directories, publication records and speaking histories — ecosystems of fabricated credibility, built specifically to survive the checks firms currently perform.
The financial and reputational cost of getting it wrong
The financial exposure of onboarding failure is already material. The United States Department of Labor estimates the cost of a bad hire at a minimum of 30 percent of first-year wages. For a senior executive hire, that represents significant direct exposure. AI-enabled misrepresentation multiplies it — adding executive liability, regulatory penalties, client loss, internal disruption and professional liability exposure to the base calculation.
The reputational calculus is more severe still. A headline reading, “Firm Fooled by Deepfake Hire,” does not stay on the business pages. It reaches clients, candidates and regulators. It calls into question every preceding hire and every live client relationship. In any industry where reputation is the product, the public failure of a due diligence process is itself a liability event — one with no fixed ceiling.
Why traditional KYC and background checks cannot detect synthetic risk
Conventional verification was designed to find red flags. Synthetic identities do not contain red flags. They are engineered to present fabricated green flags — and current tools are not designed to question the authenticity of what appears clean.
Google indexes an estimated four percent of the total web. Research from Cornell University suggests any given search may return as little as 0.03 percent of information that exists online. A synthetic identity built on a curated digital footprint is not hiding from Google — it is constructed to perform well there. A clean search result, in this environment, is a designed output, not a verification outcome.
CV checks validate declared data against declared data. If the underlying claim is fabricated with sufficient coherence, cross-reference confirms the fabrication. References can be engineered or AI-assisted. LinkedIn profiles can be constructed ecosystems, where endorsements, connections and activity patterns manufacture social proof through the platform’s own mechanisms.
HireRight’s 2025 Global Benchmark Report found that one in six organizations globally experienced confirmed identity fraud during hiring, with a further three in ten unsure whether it had occurred. Those figures reflect detection rates under current regimes — meaning a significant volume of synthetic risk is passing through undetected.
The Dual-Use Reality of AI
The same AI that enables sophisticated misrepresentation can be deployed to detect it. Firms that treat AI only as a threat will remain permanently reactive. Those that deploy it as a verification capability will be structurally better positioned.
AI-powered pattern recognition can analyze digital timelines for inconsistencies that human review would miss — gaps that suggest a profile was constructed rather than lived, endorsements that appeared in coordinated clusters, activity patterns inconsistent with a claimed career trajectory. Network inconsistency analysis can expose fabricated ecosystems that appear entirely plausible in isolation. Identity anomaly detection and deepfake signal analysis are deployable capabilities today, not experimental research.
Responsible AI deployment strengthens institutional resilience against the attack ecosystems it has helped create. Multi-source cross-verification, applied systematically, creates a verification layer that no fabricated identity can fully satisfy.
From illusion to verification infrastructure
What firms need is decision-grade onboarding intelligence: An approach that moves beyond basic screening to provide the depth of insight required to make genuinely defensible decisions. In the context of synthetic identity risk, that means explicitly building anti-fabrication infrastructure into the verification process.
Multi-layered identity verification confirms not just that documents match declared information, but that the identity itself has a coherent, verifiable history across independent sources and jurisdictions. Cross-platform behavioural pattern analysis assesses whether a professional presence reflects lived experience or constructed narrative. Alias mapping surfaces secondary identities that may carry adverse history a primary profile has been designed to obscure. Litigation and regulatory database integration ensures professional conduct is assessed rather than assumed.
Critically, this cannot be a point-in-time exercise. Continuous post-onboarding monitoring ensures that verification is the beginning of ongoing intelligence, not the end of a compliance process.
The question organizations should now be asking
The boardroom question has shifted.
It is no longer sufficient to ask whether due diligence was conducted. Firms must now ask whether they can prove that the person they are onboarding is the person they believe them to be — across time, across jurisdictions, and across the full landscape of their digital identity. Firms that cannot answer the second question are not protected by their ability to answer the first. The firms that lead in the years ahead will be those that build verification infrastructure designed not to confirm what they have been shown — but to interrogate whether what they have been shown is real.
Matt Winlaw is CEO of EDD Group, an intelligence and risk advisory firm headquartered in London and New York. EDD specializes in onboarding due diligence, identity verification, and reputation intelligence for law firms, financial institutions, and corporate enterprises across more than 40 countries.
