Episode Details

It took 10 minutes and a free online tool to deepfake Jim's voice, with no expertise and no cost involved.

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined again by Alexandra Jorissen from identifAI, alongside Lorenzo Zoffoli, a cybersecurity professional with 12 years of experience. Following the huge response to our first deepfakes episode, which set a bit of a channel record with the number of views, we go further into the technology, the threats and what organisations can actually do about it.

The episode opens with a deepfake of Jim's voice, created by Lorenzo using a free online tool and 5 seconds of audio from our YouTube channel. It took 10 and cost nothing. That sets the tone for a conversation that goes well beyond what was covered in the first episode, into the industrialisation and scalability of deepfake attacks, the personalisation that makes them almost impossible to spot and why visual and audio content can no longer be treated as proof of truth.

From a Dutch bank discovering 46 fraudulent accounts opened by one person using deepfakes, to personalised attacks targeting family members and high net worth individuals, the threat has moved well beyond the boardroom. This episode gets into what organisations can actually do about it, from how detection technology works and where it fits in a security stack, to why verifying identity in digital spaces needs to become as normal as challenging someone without a badge in a physical office.

Three key talking points:

• The industrialisation of deepfake attacks: Creating a convincing deepfake used to take time, expertise and significant effort. That barrier has almost disappeared. Attacks can now be generated, refined and reused across hundreds of targets at speed and at almost no cost, using nothing more than publicly available social media content and free online tools.
• It's not just organisations at risk anymore: The first episode focused on corporate threats like fake board meetings and expense fraud. This one goes further into the personal risk, from deepfaked voice messages impersonating family members to compromising images generated from a single photograph. The technology doesn't care whether the target is a CISO or someone's mum.
• Why detection is now part of defence in depth: Deepfake detection needs to sit alongside email security, EDR and the rest of the standard security stack. This episode gets into how detection works at a pixel and byte level, why results are probabilistic rather than binary and what happens if smaller organisations are priced out of access.

If you caught the first episode, this one goes further. If you didn't, take a look! Either way, deepfakes aren't just on their way. They're already here.

On why the real problem is what we're not catching:

“We need to put doubt in any digital media we handle and get used to trying to verify if content coming from unknown sources can be manipulated or completely generated by AI tools.”

Lorenzo Zoffoli

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The Industrialisation of Deepfake Attacks Understand why deepfake attacks are no longer handcrafted for single targets but can be generated, refined and deployed at scale across hundreds of victims simultaneously.
• 46 Fake