For years, workforce identity was treated as a solved problem. Organizations invested heavily in Zero Trust strategies, deploying single sign-on (SSO), multi-factor authentication (MFA), privileged access management, and passkeys to strengthen security and streamline employee access. Yet despite these investments, identity-based attacks continue to escalate at an alarming pace. Gartner research found that 62% of organizations have experienced a deepfake or AI-enabled identity attack in the past year, highlighting how identity deception is moving from isolated incidents into a mainstream enterprise security challenge.

The reason is increasingly clear: Most identity systems were designed to verify credentials, devices, and sessions, not the human being behind them. That distinction is rapidly becoming one of the defining cybersecurity challenges of the AI era.

Generative AI has fundamentally changed the economics of deception. Attackers no longer need advanced technical expertise to impersonate employees, contractors, executives, or candidates. Widely available AI tools can now generate convincing synthetic identities, deepfake videos, cloned voices, and manipulated imagery at scale.

The speed of this evolution is accelerating rapidly. According to the iProov 2026 Threat Intelligence Report, attacks designed to inject manipulated or synthetic content directly into digital identity systems surged in 2025, including a 1,151% increase targeting iOS devices in the second half of the year.

This matters because it signals a shift in attacker behavior. Rather than simply stealing passwords or exploiting software vulnerabilities, threat actors are increasingly targeting the mechanisms organizations use to verify identity itself using AI-generated imagery, deepfakes, virtual cameras, and injected synthetic media to impersonate legitimate users at scale. Put simply, they aren’t breaking in, they’re logging in.

For organizations that hire remotely, this challenge now begins before day one. Traditionally, workforce identity management started once an employee joined the organization. Today, identity is under attack throughout the hiring process itself. And the problem is likely far more widespread than many organizations realize. Online forums are increasingly filled with hiring managers asking the same question: “How do you know if candidates are real?” According to recent research, 17% of U.S. hiring managers reported encountering candidates who used deepfake technology during video interviews.

The consequences are already being felt across industries. Operatives linked to nations like North Korea, which are under U.S. sanctions, reportedly infiltrated more than 300 companies using stolen identities and live deepfake technology during remote interviews. One operation alone is believed to have generated more than $17 million in fraudulent salaries.

Beyond fraudulent hiring, identity deception is evolving into a broader enterprise risk. A deepfake video call led to $25 million in fraudulent transfers at engineering firm Arup. Meanwhile, a social engineering attack targeting an IT help desk triggered what has been described as the most costly cyber incident in UK history, with estimated losses exceeding £1.9 billion. These incidents reveal a common pattern: attackers target moments when organizations rely on human trust rather than technical verification.

Remote and hybrid work has dramatically expanded the risk. Hiring, onboarding, privileged access approvals, account recovery, and executive communications increasingly occur through digital channels where traditional assumptions about identity no longer hold.

Video calls, once considered inherently trustworthy, are becoming an increasingly large attack surface. Deepfake impersonation is rapidly expanding across everyday enterprise workflows, particularly video-based interactions. Separate Gartner research found that 37% of cybersecurity leaders encountered deepfake incidents during video calls in 2025, highlighting how quickly synthetic media is entering routine business operations.

Organizations are still searching for practical solutions to these challenges. Some may consider reducing remote hiring altogether, but that would create significant operational drawbacks, shrink talent pools, and slow recruitment processes. Others might rely on ad hoc “human detection” techniques during interviews, such as asking candidates to wave their hands in front of their faces or perform unexpected actions on camera. These approaches may occasionally catch unsophisticated attacks, but are unlikely to remain effective as AI-enabled deception continues to evolve.

The broader challenge is that organizations are trying to defend against AI-driven impersonation using processes designed for a pre-AI world.

As identity attacks become increasingly sophisticated, organizations will need to move beyond static authentication methods toward approaches that can establish genuine human presence in real time. Defending against AI-driven impersonation will increasingly require adaptive, layered identity assurance that evolves with emerging threats, rather than relying on one-time verification or static credentials alone.

Ultimately, the workforce identity challenge is not just about stopping fraud. It is about preserving trust in digital business itself.

Every organization now depends on digital interactions to hire employees, approve transactions, manage access, and maintain operations across distributed workforces. If businesses cannot reliably establish that the person on the other side of a digital interaction is real, every workflow built on trust becomes vulnerable.

Identity is no longer just an IT issue. It has become a strategic business risk, and increasingly, one of the defining cybersecurity battlegrounds of the modern enterprise. The organizations that will emerge strongest are those that embrace a new standard: authorize the human, not just the credential.