ORLANDO, Fla. – At the recent cybersecurity conference, KB4-CON, a man in a backroom told News 6 anchor Matt Austin he could make Austin say anything he wanted — using nothing more than videos Austin had already posted online.
Perry Carpenter calls himself a Chief Deception Strategist with security company KnowBe4. When Austin joked that it sounded like a politician’s title, Carpenter didn’t disagree.
What Carpenter demonstrated next was unsettling. He pulled up Austin’s Instagram account mid-interview and began harvesting real videos the anchor had posted publicly. He dropped them into programs designed to clone a person’s voice and face, then used that data to generate a new version of Austin — one with very different intentions.
[WATCH BELOW: Real and deepfake Matt Austin]
In the fake video, “Austin” promoted a meme coin to his Instagram followers.
“Hey there, Instagram fam, Matt Austin here. Coming to you today with an offer you will not believe. It’s my new meme coin.”
The whole thing took about 45 minutes.
The fabricated Austin looked very convincing. He sounded fairly convincing. The real Austin knew it wasn’t him — but wasn’t sure a viewer would.
Carpenter says that’s exactly the point. He describes the most dangerous type of deepfake as taking a video of someone found online and making them say something they never said, to an audience they never intended to reach.
Then Carpenter went further. He wore Austin’s face in real time — a digital skin suit, the kind a scammer could use in a live video call to fully impersonate someone to their friends, family, or followers.
Carpenter even turned himself and News 6 producer Robert Breuer into Gandalf from The Lord of the Rings in real time.
These live deepfakes can be especially damaging as part of romance, investment, blackmail, or celebrity schemes.
News 6 recently reported that a Leesburg couple lost $45,000 to an alleged car giveaway from billionaire Elon Musk. The scheme included a deepfake video of Musk.
Public-facing people like Musk are especially exposed. Journalists, influencers, anyone who posts regularly online — every video is raw material waiting to be harvested.
Carpenter says bad actors could then make you say something - that you never said - to your audience that could end up costing them money or cause them to lose faith in you.
AI-generated videos can also be used as pranks, which can be criminal if they cross the line.
For example, in April, the Seminole County Sheriff’s Office announced a man was arrested on multiple charges after he reportedly showed an AI-generated video to a deputy and falsely reported a crime.
So what’s the takeaway?
“The lesson to learn is to realize that our reality is already so warped that we do not know what’s real and what’s not,” Carpenter said. “Healthy skepticism without giving in to cynicism, I think, is good.”
When asked if our viewers could use software or an AI tool to determine if a video is AI-Generated, Carpenter replied:
“It’s important that your viewers know that even though some sites say they can determine if a video is AI or not, they all have fundamental flaws that can lead people to a false sense of reality. I’ve been able to trick every single “deepfake detector” that I’ve ever tried. There is no reliable “easy button” for determining if something is AI-generated or not. As AI gets better, it’s getting harder and harder for both humans and machines to tell what’s real from what is not.”
It’s not a reassuring answer. But given what he just demonstrated with another person’s face in under an hour, it might be the honest one.
Hope for Humanity?
A new University of Florida study found humans still outperform artificial intelligence at detecting deepfake videos, correctly identifying fake clips about two-thirds of the time, even as AI programs struggled.
Researchers say the findings offer some hope as deepfake technology evolves, suggesting people can still recognize subtle inconsistencies in movement, expressions and timing that machines often miss.
What is Washington doing about deepfakes?
Members of Congress are pushing new federal protections against deepfakes and AI-generated impersonations through the bipartisan NO FAKES Act, legislation reintroduced last week by U.S. Reps. María Elvira Salazar and Madeleine Dean, along with Sens. Marsha Blackburn and Chris Coons
The bill would create federal protections for a person’s voice and likeness, allowing victims to take action against people or companies that create or profit from unauthorized digital replicas.
“In this new era of AI, bad actors are quickly and easily profiting from the creativity of others. Our laws must catch up,” Rep. Salazar said.
The Council for Innovation Promotion (C4IP), a bipartisan intellectual property advocacy coalition, also voiced support for the No Fakes Act, noting that the updated version of the bill includes additional protections for legitimate AI users, such as libraries and research institutions, while still targeting deceptive digital replicas.
“The growing sophistication of AI-generated deepfakes underscores the need for robust, clear, and consistent federal safeguards,” said Frank Cullen, executive director of C4IP.
Meanwhile, the Take It Down Act, signed by President Trump last month, mandates that social media platforms remove non-consensual intimate images and AI-generated deepfakes within 48 hours of notification. This federal law aims to combat the online publication of intimate content, with violations resulting in penalties.
Federal prosecutors have already charged two men with using artificial intelligence to create nude videos and photos of female celebrities under the new law.
More about KnowBe4 and KB4-CON
Staying ahead of security dangers like AI-generated deepfakes, is part of the reason why KnowBe4 launched KB4-CON in 2018.
Their website says, “It is the human risk management industry’s premier event, bringing together KnowBe4 customers, channel partners, prospects, plus security advocates and industry professionals.”
While News 6 was there for the deepfake demonstration, we observed hundreds of people in attendance. Many were on their way to and from the various security and product sessions.