The threat is no longer theoretical. Multiple high-profile incidents in the last 18 months have involved synthetic audio, video, or both used to impersonate executives, manipulate financial markets, or seed political content. The technology has crossed the threshold where consumer tools produce material that fools casual viewers, and the financial incentives for bad actors are substantial enough that the volume of attempts is rising.
For communications teams, the response cannot wait until a deepfake of the brand's CEO surfaces. Preparation done in advance is fundamentally different in cost and effectiveness from response done under crisis conditions.
What deepfakes actually involve
The category includes several distinct technologies.
Voice cloning. Audio synthesis tools that, given enough source audio of a target speaker, can produce realistic audio of that speaker saying arbitrary text. The threshold for "enough" source audio has dropped sharply — minutes of clean recording is often sufficient. Public figures with substantial audio footprints are particularly exposed.
Face replacement video. Systems that replace a person's face in existing video with a target's face, producing video that appears to show the target in scenarios they were never in.
Full synthetic video. Generative video tools — OpenAI's Sora, Google DeepMind's Veo, and others — that produce video from text prompts, with the realism increasing rapidly with each release cycle.
Composite synthetic media. Combinations of the above, often paired with synthetic text or fake social media account activity, produce coordinated campaigns that appear more credible than any single piece would on its own.
The threat models that matter for brands
A few specific risk patterns worth thinking through.
Executive impersonation for fraud. Synthetic audio of an executive instructing a finance team to wire funds, a procurement team to authorize a vendor, or an IT team to share credentials. This category is mostly an internal-facing fraud risk, but it has communications implications when it succeeds and the failure becomes public.
Brand impersonation for misinformation. Synthetic content that appears to show a brand making statements, endorsing positions, or recalling products it has not. The damage radius can be large if the content circulates before correction.
Personal attack on executives or spokespeople. Synthetic content designed to humiliate, embarrass, or otherwise damage an individual associated with the brand. The motivations vary — political, competitive, personal grievance — but the response is similar regardless.
Market manipulation. Synthetic content designed to move stock prices through claimed product issues, executive controversies, or fabricated news. The risk is highest for publicly traded companies with significant retail investor attention.
Preparation that works
A few elements of a defensible preparation program.
An authentication chain for executive content. The brand should have a documented way to verify that video, audio, or text purportedly from named executives actually originates from those executives. This typically involves cooperation between communications, IT, security, and the executives themselves. Codewords, verified channels, dual-confirmation protocols — the specifics vary by organization but the function is consistent.
Detection vendor relationships. Several vendors specialize in deepfake detection — DeepMedia, Reality Defender, Truepic, and others — with varying capabilities and pricing. Having a relationship with at least one, with defined process for engaging them in a suspected deepfake situation, is reasonable preparation. The detection technology is imperfect and produces false positives and negatives, but it is meaningfully better than visual inspection alone for sophisticated synthetic content.
Legal pre-positioning. Brands should know which jurisdictions are most relevant for legal action against deepfake creators, what causes of action are available, and what evidence is needed to pursue them. This is jurisdiction-specific and changes as legislation evolves — Brookings tracks the federal and state legislative landscape regularly.
Press relationships specifically for verification. When a synthetic clip starts circulating, the brand needs trusted reporters who will allow time for verification before publishing. Those relationships are built before they are needed.
Internal escalation protocol. Employees often see suspicious content before the comms team does. A clearly communicated process for surfacing suspicious media to comms — a single inbox, a single point of contact, a clearly defined "if you see something" instruction — is basic hygiene.
Crisis communication templates updated for deepfake scenarios. Pre-positioned response language for a confirmed deepfake situation, for a suspected-but-unconfirmed situation, and for an aftermath situation where the brand needs to address public confusion. The templates do not eliminate the need for case-specific judgment, but they shorten the response window meaningfully.
What does not work
A few approaches worth avoiding.
Promises that the brand cannot be **deepfaked****.** Watermarking, content authentication initiatives, and detection technology are all useful but none are decisive. A brand that publicly claims immunity from deepfaking creates a target for adversaries to disprove the claim.
Aggressive denial of authentic but unflattering content. Reflexively claiming that real content is a deepfake is a path to losing credibility quickly. Authentication should be evidence-based, and brands should be willing to acknowledge real content even when it is unflattering.
Reliance on consumer-grade detection tools. Free deepfake detection services are unreliable. Professional-grade detection is paid, and brands that need it should budget for it as standard preparation rather than emergency procurement.
A reasonable resource commitment
The total annual investment in deepfake preparation — vendor relationships, training, infrastructure, template development, monitoring — is modest by enterprise communications standards. For most large brands, low-to-mid five figures per year covers a defensible preparation program. The cost of a poorly-handled deepfake incident is typically much larger.
The threat is real. The preparation is achievable. Brands that pre-position now will handle their first synthetic media incident much better than brands that wait to think about it until the incident happens.
