Deepfakes in 2026: What’s Real, What’s Hype?

1 September 2025

Deepfakes have come a long way. From political hoaxes to job interview scams, synthetic video and audio are already being used to trick ID verification systems around the world.
In 2025, we saw reports of North Korean operatives using deepfakes to pass remote job interviews. And according to the World Economic Forum, over 40% of companies faced a deepfake-related threat last year.
But how much of this applies to authentication?
Right now, the biggest impact is on identity verification (IDV), especially video-based onboarding. Fraudsters can replay videos, inject manipulated footage, or spoof interviewers in real-time.
But authentication is harder to crack.
To fool a biometric authentication system at scale, fraudsters would need to:
  • Recreate a person’s face convincingly.
  • Inject the fake into the camera feed.
  • Bypass device-level security checks.
That’s a high bar. And there are still easier ways to break in, like phishing SMS OTPs or re-registering FaceID on a stolen phone.
But deepfakes are evolving. And in the next 1-2 years, the risk to authentication will grow. That’s why organizations need to prepare now.
Our 2026 report outlines three layers of defense every biometric system, both verification and authentication, must have:
  • Presentation attack detection: spotting replayed or manipulated media.
  • Injection attack protection: blocking tools that fake the device feed.
  • Device + face verification: requiring both for authentication.
Keyless already deploys all three, including passive liveness detection and certified injection attack resistance.
Deepfakes might not be the main threat to authentication, but in 2026 they will begin to be.
Don’t miss our full analysis in The State of Authentication 2026, launching this October. The State of Authentication 2026 report will cover the five key forces reshaping authentication in the year ahead.
  • Stricter privacy and biometric compliance laws – and why decentralized biometrics are emerging as the only viable long-term solution.
  • Digital identity wallets – and how they’re set to replace traditional KYC and recovery flows.
  • The collision of IPR and PSD3 – and what it means for fraud, liability, and real-time authentication.
  • The evolving deepfake threat – and how organizations can future-proof their biometric systems today.
  • The limitations of passkeys – and why they’re not enough for high-risk scenarios.