Why Deepfake Fraud Beats Your Workflows, Not Your Technology - with Jon-Rav Shende of Thales Group

· Source: The AI in Business Podcast · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Compliance & Risk Management · Depth: Intermediate, extended

Summary

Deepfake voice fraud is primarily exploiting enterprise agent workflows, not bypassing security technology, according to Jon-Rav Shende, Global CTO for Data and AI at Thales Group. High-risk areas include customer support, help desks, claims, payments, password resets, account recovery, and executive-facing workflows, where agents are measured on speed and customer satisfaction. The highest risk point occurs when identity, urgency, and business actions converge in a single call. Shende proposes a four-step response framework for regulated organizations: map risky voice journeys, define escalation decision points, build auditor-required evidence chains, and deploy AI as a risk signal layer without automating high-risk actions. This approach emphasizes shared ownership among security, operations, and customer experience teams to manage the multifaceted problem effectively.

Key takeaway

For CISOs or AI Security Engineers evaluating deepfake defenses, you must prioritize securing agent workflows over solely relying on technology. Map your high-risk voice journeys, define clear escalation paths, and build robust evidence chains for auditors and cyber insurers. Deploy AI as a risk signal, but avoid automating high-risk actions without strong controls. Ensure shared accountability across security, operations, and customer experience to minimize financial and regulatory exposure.

Key insights

Deepfake voice fraud exploits human workflows and agent instincts, not just technology, especially where identity, urgency, and business actions converge.

Principles

Method

A four-step framework involves mapping risky voice journeys, defining escalation decision points, building required evidence chains for auditors, and deploying AI as a risk signal layer.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Executive, Director of AI/ML, AI Security Engineer, Consultant

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The AI in Business Podcast.