Sam Altman recently issued a stark warning: AI-powered impersonation is no longer a future threat — it’s already here.
The OpenAI CEO predicted that AI-generated voice and video impersonation will soon be used to rob banks and commit fraud at scale, calling it a “crisis-level” risk for the financial system.
And he’s not alone. A recent Axios report highlighted growing concern among lawmakers about using AI to clone voices and faces for scams, fraud, and identity theft. The cost of inaction? Catastrophic.
As attackers gain the ability to mimic voices, faces, and even behavioral patterns with uncanny accuracy, traditional identity verification methods — like passwords, security questions, or even facial recognition — are rapidly becoming obsolete.
Continue reading to learn more about AI misuse and see how Varonis helps organizations fight back by detecting the activity of AI-driven impersonation attempts, blocking identity compromise, and securing sensitive data before a fooled user can grant access or give away credentials.
AI fraud is getting smarter. Are we?
According to IBM’s 2025 Cost of a Data Breach Report, 16% of breaches now involve attackers using AI, most often for phishing (37%) and deepfake impersonation (35%).
These attacks are not just more convincing — they’re faster and cheaper to execute. Generative AI has reduced the time to craft a phishing email or call script from 16 hours to just five minutes.
The financial impact is significant. AI-driven breaches cost organizations an average of $4.49 million USD. These attacks often bypass traditional detection systems by exploiting human trust, making them harder to catch and more damaging when successful.
The recent wave of Salesforce-related breaches orchestrated by Scattered Spider (UNC3944) and UNC6040 (also known as ShinyHunters) is a chilling example of this shift. These groups didn’t need to break down the door—they convinced someone to open it for them.
Identity and data security: Your last line of defense
Prevention alone isn’t enough. There will always be users who succumb to convincing video and audio fakes, and security teams need to assume breach.
Organizations must then be able to detect and contain AI-related risks to quickly minimize damage and the impact of a breach. That requires a layered approach:
- Modern identity security: Implement phishing-resistant authentication (e.g., passkeys), enforce credential lifecycle management, and monitor both human and non-human identities. If a user mistakenly provides their credentials or information over the phone, the attacker theoretically won’t be able to bypass these measures.
- Data security fundamentals: Sensitive data should be protected by encryption, access controls, and key management. AI-aware data security solutions can detect anomalous access patterns and prevent exfiltration. Users shouldn’t be able to share highly sensitive data with an external user via email, even if they believe they’re answering a request from the CEO.
- Blast radius control: 90% of organizations have sensitive M365 files exposed to all employees. Deep fakes and voice cloning attacks are successful when they can gain access to an account with broad and deep privileges. By automating permissions remediation, attackers won’t gain the far-reaching access they desire after gaining a foothold.
While breaches are inevitable, the damage doesn’t have to be. Organizations that use AI and automation extensively across their security lifecycle save an average of $1.9 million USD per breach and resolve incidents 80 days faster.
These solutions accelerate detection, reduce alert fatigue, and enable faster, more precise responses. They also help security teams scale their efforts without scaling headcount, which is critical in an industry facing persistent talent shortages.
How Varonis helps stop AI-powered identity fraud before it spreads
As attackers use AI to impersonate senior leaders or other authorities and exfiltrate sensitive data, organizations need more than just firewalls and MFA. They need real-time visibility into who is accessing what — and whether they should be.
That’s where Varonis comes in:
- Identity threat detection and response (ITDR): Varonis continuously monitors user behavior and flags suspicious activity, like a user suddenly accessing large volumes of sensitive files or logging in from unusual locations. This is critical when attackers use deepfakes to steal credentials to “log in” instead of “break in.”
Detect a compromised account from vishing or deepfake deception with a robust ITDR solution.
Detect a compromised account from vishing or deepfake deception with a robust ITDR solution.
- Data-centric security: Our industry-leading Data Security Platform automatically discovers and classifies sensitive data and maps who has access to it, and how they use it. If a user is compromised and their activity shows them accessing something they shouldn’t, Varonis blocks the threat in real time and alerts you.
- Identity resolution: Varonis seamlessly maps accounts across an organization’s entire ecosystem to a single person and further correlates roles, memberships, and entitlements. Visibility is then enhanced using proven machine learning techniques to classify which accounts associated with that user are privileged, executive, service, external, or non-human and machine. Security teams can then easily understand and shut down access across dozens of cloud resources when a user falls victim to a vishing attack.
Seamlessly map identities and users across multiple cloud and on-prem environments.
Seamlessly map identities and users across multiple cloud and on-prem environments.
- Automated response: When a threat is detected, Varonis automatically quarantines users, revokes access, or can trigger incident response workflows — minimizing damage before it spreads.
In a world where attackers can fake your voice, face, and credentials, Varonis gives you the visibility and control to stop them before they even hit play.
Don’t wait for the deepfake to hit your desk
Attackers are using gen AI tools to clone voices, forge videos, and manipulate trust at scale. The question isn’t if your organization will be targeted — it’s when.
Now is the time to act. Audit your exposure, strengthen your identity and data security posture, and build resilience into your breach response strategy.
Get started with a free Data Risk Assessment. In less than 24 hours, you’ll have a clear, risk-based view of your data that matters most and a clear path to automated remediation.
