Why Booz Allen’s CTO used generative AI to make a deepfake video of himself

He created a deepfake video of himself.

This week, Vass will promote a 30-second deepfake video where “he” briefly speaks to the camera to show Booz Allen employees and other workers how easy it is to create fake audio and video content. Vass contends that generative AI technology has gotten so advanced that a popular refrain, “believe none of what you hear and half of what you see,” isn’t cynical enough.

“You’re at a point with AI and these deepfakes where you are not going to be able to believe any video you see or audio you hear,” Vass says. The deepfake video of Vass will be promoted internally at Booz Allen so that employees “better understand the capabilities and how strong a deepfake can be,” he adds.

Booz Allen has previously trained workers to spot deepfakes by showing videos of celebrities, who tend to be easy targets given the vast prominence of their likeness in the public domain. But there are also hours upon hours of video and audio of Vass uploaded to YouTube, and it only takes a couple of minutes of content for criminals to make a deepfake that can trick workers.

The stunt deepfake video of Vass was created by Booz Allen in partnership with Reality Defender, a deepfake detection company that sells tools to identify AI-generated content within seconds to clients including IBM, Visa, and Comcast. Last year, Reality Defender expanded its Series A funding round, raising $33 million in total capital (from investors including Booz Allen’s venture capital arm) to further develop the startup’s technologies.

Vendors like Reality Defender are betting that processes for authenticating audio and video interactions will become as essential as other cybersecurity tactics like multi-factor authentication, a two-step verification process, and zero-trust authentication, which requires continuous verification of identity.

Alex Lisle, who became CTO at Reality Defender last week, says there is a growing list of risks CEOs and other C-suite executives must confront when it comes to deepfakes. While much of the attention is on social engineering cyberattacks that prey on workers, cybercriminals can also use AI to craft audio files where a CFO “announces” manipulated earnings results, which could move the stock. AI videos can be generated that depict a CEO issuing a fake public statement that could hurt a brand’s reputation.

“Unlike other emerging cybercriminal threats, which require an incredible amount of technical knowledge and foresight, this doesn’t,” Lisle says. Deepfakes, he adds, can be done with “off-the-shelf software and a basic knowledge of technology.”

Top executives at WPP, Accenture, and Ferrari have been targeted by deepfakes, though in the corporate world, the banking sector is a favored target. Half of finance professionals in the U.S. and U.K. have reported that they’ve experienced an attempted deepfake scanning attack. Accounting giant Deloitte has estimated that generative AI-enabled fraud losses could reach $40 billion by 2027, a compound annual growth rate of 32% from 2023’s level.

The cautionary tale that security executives frequently cite is a Hong Kong incident where a financial worker was fooled into paying $25 million to fraudsters that used a deepfake video call to impersonate the company’s chief financial officer. To avoid these types of scams, chief information security officers and other technologists have been investing in defensive systems and better employee training to detect attacks.

Vass, who joined Booz Allen in 2024 after previously serving as VP of engineering at Amazon Web Services, says social engineering attacks would even trip up employees at the Pentagon, where he worked as a senior executive in the office of the CIO in the late 1990s. The Department of Defense would hire external parties to attempt attacks, and Vass says it always amazed him how many times those teams would succeed, even after all of the training.

He recalls another incident at a startup he led, where a former employee sent a deepfake email that was purportedly sent from Vass, while also pretending to loop in the CFO. The note was sent to the procurement office, and a worker ended up processing a fake $25,000 invoice payment.

Generative AI, Vass adds, will only make cases like these all that more common. “People are going to have to learn to change their psyche to be more skeptical.”

John Kell

Send thoughts or suggestions to CIO Intelligence here.

NEWS PACKETS

Samsung, Tesla ink $16.5 billion AI chips deal. Samsung has agreed to make AI chips for electric vehicle manufacturer Tesla under a multiyear deal that is billed as a major win for the South Korean electronics giant’s U.S. foundry business. Tesla CEO Elon Musk confirmed on his social media platform X that Samsung’s new Texas semiconductor plant would be dedicated to making the auto company’s next-generation AI6 chip, which is expected to be used in humanoid robots, self-driving cars, and AI data centers, reports WSJ. The win is huge for Samsung, which has lost ground in chip manufacturing, most notably to Taiwan Semiconductor Manufacturing Co., which holds roughly two-thirds of the global foundry market and reportedly still can’t meet all demand. Samsung’s investors cheered the news, adding billions to the company’s market value.

Anthropic in talks to more than double valuation to over $170 billion. Anthropic is in talks with numerous investors about raising as much as $5 billion in a funding round that would value the four-year-old AI developer at $170 billion, according to the Financial Times. Fortune, meanwhile, separately reports this week on a class-action lawsuit against Anthropic that could expose the AI company to billions in copyright damages for allegedly using pirated books to train its models. Anthropic didn’t immediately respond to Fortune’s request for comment.

Walmart is “all in” on AI agents. Retail behemoth Walmart last week rolled out the company’s vision for how AI agents will overhaul the way customers shop, the ways that corporate and store employees work, and how vendors sell and track their merchandise performance within the Walmart ecosystem. This range of four AI agents, displayed at a media event attended by Fortune, included a generative AI digital assistant named Sparky that can answer product questions for customers. There were also some internal agentic use cases that can accomplish mundane and repetitive tasks, which is where much of the focus on AI agents has been since companies started to embrace the technology in earnest earlier this year. In yet another sign of Walmart’s seriousness when it comes to AI, the Wall Street Journal reports of key hires, including Daniel Danker, an executive at Instacart, who will steer global AI acceleration, product, and design.

Microsoft-OpenAI contract talks advance. Bloomberg reports this week that Microsoft is in “advanced talks” to secure an agreement that would give the tech giant ongoing access to OpenAI’s technology. The new terms, people familiar with the matter say, would give Microsoft use of OpenAI’s latest models, including if the startup achieves its goal of building a more powerful artificial general intelligence (AGI), a theoretical concept in which an AI system would have capabilities that rival those of a human. The news outlet reports that the pair have been meeting regularly and that a deal could come together within a matter of weeks. Microsoft has already invested $13.75 billion into OpenAI, and these negotiations would also avoid losing access to the latter company’s technology before the end of the current deal terms, which is set to expire in 2030.

ADOPTION CURVE

Majority of business leaders believe agentic AI can manage entire business divisions. EY’s latest U.S. AI Pulse survey, released this week, found that 73% of the 500 U.S.-based decision-makers say they believe agentic AI, which can act autonomously and perform complex tasks with little-to-no human supervision, will “manage entire business units.” But the business community is still quite a bit away from making that level of automation a reality. The consulting firm also reports that 34% of senior leaders say their companies have already started to implement agentic AI technology, though it is only fully implemented at 14% of those organizations.

Dan Diasio, EY’s global consulting AI leader, tells Fortune that the firm’s clients are quite bullish on agentic AI’s potential, but that most still keep a human in the loop to monitor tasks. “The parts of transforming and changing the way the business operates around the technology—creating new jobs, creating new controls that can ensure the technology works responsibly—are still lagging the implementation,” Diasio says.

A big hurdle to overcome remains human change management. Sixty-four percent of senior leaders agreed that the fear of replacement, as opposed to augmentation with agentic AI, will stifle adoption. Yet only 24% said that employee resistance is one of the biggest barriers, as cybersecurity and data privacy concerns each ranked higher, at 35% and 30%, respectively.

Courtesy of EY

JOBS RADAR

Hiring:

– Northwestern Mutual is seeking a VP, chief information security officer, based in Milwaukee. Posted salary range: $308K-$572K/year.

– The Minneapolis Star Tribune is seeking a chief product and technology officer, based in Minneapolis. Posted salary: $300K/year.

– Northeast Arc is seeking a chief information and technology officer, based in Danvers, Mass. Posted salary range: $155K-$175K/year.

– Nebraska Department of Health and Human Services is seeking a CIO, based in Lincoln, Neb. Posted salary range: $150K-$200K/year.

Hired:

– Norwegian Cruise Line appointed Daniel Henry to serve as EVP and chief digital and technology officer, where he will navigate the integration of the travel company’s IT and digital experience teams. Previously, he served as EVP and global CIO for fast-food giant McDonald’s and spent 17 years in various technology leadership roles at American Airlines, including as a VP of customer technology.

– Fulton Bank named Kevin Gremer as chief operations and technology officer, joining the Mid-Atlantic regional bank to oversee the IT and operations teams. Since 2022, he has served as SVP and head of operations of banking and investment services at City National Bank, a subsidiary of Canadian bank RBC. He also has more than 20 years of management experience at Capital One.

– CIQ announced the appointment of Peter Nelson as CTO, joining the software infrastructure firm after most recently serving as VP of engineering at Apple’s Claris software development subsidiary. Before that, he served as the chief product officer at headphones and speakers manufacturer Bowers & Wilkins.

– Everon appointed Ibrahim Kassem as CTO, where he will oversee the development of the company’s commercial security, fire, and sprinkler safety systems. Previously, Kassem served as CIO at security company Stealth Monitoring, as SVP of IT at home and business security systems provider ADT, and as VP of IT at Protection 1 Security Solutions, which merged with ADT in 2016.

– Candescent named Satheesh Ravala as CTO, joining the digital banking services provider after most recently serving as CTO at corporate-governance software company Diligent. He previously held senior leadership roles at financial services company Intercontinental Exchange (ICE) Mortgage Technology and mortgage software provider Ellie Mae.

– Arch Insurance promoted David Maher to the role of CIO, effective immediately. In this role, Maher will lead the delivery of the global insurance company’s IT strategy and infrastructure. He joined Arch in 2024 as international head of delivery. Previously, he served as a head of engineering at Lloyds Banking Group and also held technology leadership roles at banking giants including Bank of America and Merrill Lynch.

– InspereX appointed Ira Lehrman as CTO, where he will spearhead the financial technology company’s product roadmap. Lehrman joins InspereX from digital capital marketplace Clear Bid Global Markets, where he served as CTO. Previously, he held senior positions at fintech company Broadridge, investment manager Nuveen, and Merrill Lynch.