The $25M Video Call That Was Entirely Fake

Опубликовано: 02 Июль 2026
на канале: Battlefield Brief
15
2

A finance worker in Hong Kong joined a routine video call with his CFO and several colleagues. The faces were familiar. The voices were right. They told him to wire the money — and he sent $25 million. Every person on that call was a deepfake.
This is how AI turned the oldest crime in the book — impersonation — into something that scales like software. We take the real 2024 Arup heist apart step by step, show you exactly where the attack lives, and give you the one protocol that would have stopped it.
In this episode:

• Why "seeing is no longer verifying" — and what it means for every approval in your company

• The 5-step anatomy of a deepfake heist: harvest → clone → pretext → the call → extract

• Where NIST puts this threat — and why it's the hardest kind to fully mitigate

• A verification protocol you can install this week

• What to do in the first hour if it happens to you
This isn't about better detection software. It's about process — the one thing a deepfake can't fake.
NIST grounding: maps to the THWART function of NIST's Cyber AI Profile (NIST IR 8596 — draft) and Risk #8, Information Integrity, in the Generative AI Profile (NIST AI 600-1 — final). NIST guidance is voluntary; none of it certifies an organization.
⏱ Chapters

0:00 — A $25M video call

0:43 — What this episode covers

1:00 — Why deepfakes changed everything

2:36 — Secure · Defend · Thwart: the map

2:47 — What NIST actually says

3:55 — Anatomy of a deepfake heist

5:25 — The verification protocol

7:40 — Your job this week

8:05 — Next: Shadow AI
▶ Start the series: EP01 — Your Company Runs on AI. Nobody Secured It. (drop raw URL once live)

📺 Full series: Securing the Machine playlist
#AISecurity #Deepfake #Cybersecurity #NIST #CISO #FraudPrevention


This video uses a synthetic (AI-generated) presenter and visuals; the script and analysis are human-written. Labeled "Altered or Synthetic" per YouTube policy.