Findings reveal job candidate fraud and imposter hiring outpacing prior industry predictions
AUSTIN, Texas, Dec. 11, 2025 /PRNewswire/ – GetReal Security, a leading cybersecurity company protecting enterprises from AI-driven identity attacks, released its Deepfake Readiness Benchmark Report today, revealing how rapidly deepfake and impersonation attacks have moved from fringe threat to everyday business reality in the final months of 2025.
According to the findings, 41% of IT, cybersecurity, risk, and fraud leaders say their company has hired and onboarded a fraudulent candidate. The results also show that deception driven by AI-generated content is now a routine enterprise problem: 88% of organizations encounter deepfake or impersonation attacks at least occasionally, and 45% of all leaders surveyed report that these types of attacks are now frequent occurrences.
These findings indicate an acceleration in AI-driven identity attacks directly targeting the enterprise and its digitized business processes, remote employees and contingent workforce. Of particular note, the rate and pace of hiring fraudulent candidates suggests the candidate fraud scenario Gartner Inc. predicted is arriving more quickly than many expected. “By 2028, 1 in 4 candidate profiles worldwide will be fake.”*
“Enterprises are facing a growing volume of AI-powered deepfakes and general identity manipulations on a daily basis. While alarming it should not be surprising given that the image, audio, and video generation models are achieving astonishing levels of realism,” explained Matt Moynahan, CEO of GetReal Security. “These attacks have crossed the chasm and are becoming mainstream.”
At the same time, 40% believe their current defenses are definitely adequate, underscoring a widening gap between the scale and effectiveness of AI-enabled identity attacks and enterprise confidence in defenses that lag behind.
“Remote work conditioned us to trust the people we see and hear on our devices, and more than 80% of respondents said they rely in some way on phone and video to confirm identities,” Moynahan continued. “But the world has changed since we all went remote, especially when GenAI innovations such as OpenAI’s Sora 2 can recreate a person’s image and likeness in minutes. We can no longer blindly accept what we hear or see on the other end of a call as validation.”
Deepfake threat priorities still taking shape
The survey revealed an understanding gap that underlies growing risk. Phishing scams, video impersonation, and synthetic identity fraud emerged as the top concerns for roughly half of cyber leaders, but there’s a lack of clear consensus on the most pressing risk. Despite 41% of enterprises admitting to having hired and onboarded a fake candidate, only 35% listed fake candidates as a primary concern.
“Leaders understand that a threat exists, but they still don’t grasp exactly what it looks like or how to protect against it,” explained Moynahan. “I can’t blame them, frankly. Conversations about deepfakes and identity manipulation have largely taken place outside of corporate contexts, but the potential risk to organizations is profound, and attacks of this nature are shockingly commonplace.”
Identity is the missing link
All top concerns cited by respondents tie directly to identity integrity, showing that identity-related issues are top of mind. However, there is work to be done connecting the dots to security. Only 52% say they’re definitely rethinking identity and access management (IAM) strategies to address AI-driven identity threats. And only 28% say deepfake-resistant verification tools are a priority for IAM modernization.
“Credential theft remains the leading cause of security breaches, and so single point-in-time verification and authentication no longer cuts it. There’s only one viable path forward for enterprises,” Moynahan said. “They need continuous digital identity defense built on real-time visibility into AI-powered identity threats and rapid policy enforcement when anomalies occur.”
To read the complete findings, download GetReal Security’s Deepfake Readiness Benchmark Report: Identity Manipulation, Synthetic Content, and the State of Enterprise Preparedness.
Methodology: The survey is based on responses from 668 IT, cybersecurity, fraud, and risk leaders conducted in September 2025, across major industries and organizations with at least 1,000 employees spanning 15 industries.
*Gartner, Mitigate Rising Candidate Fraud Through Identity Verification, Emi Chiba, Akif Khan, et al., 9 April 2025
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Media Contact
Melissa Cifarelli
Matter on behalf of GetReal Security
About GetReal Security
GetReal Security is the cybersecurity leader in detecting and mitigating threats posed by deceptive AI content, including deepfakes, impersonation, and synthetic identities. Our enterprise-class digital integrity platform combines advanced detection, forensics expertise, and threat intelligence to prevent fraud, maintain compliance, and restore trust. It delivers unmatched visibility through dashboards revealing AI-powered manipulation, the people impacted, and conversations affected, all seamlessly integrated with existing enterprise technology stacks.
