In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications. He addresses the effectiveness and limitations of watermarking, AI-based detection, and the potential of emerging technologies in securing media authenticity.
Colman also emphasizes the importance of public education, sector-specific AI implementation, and proactive research collaboration to counter rapidly advancing deepfake tactics.
Given the evolution of deepfake generation technologies, what are the current limitations of detection methods in real-world applications? How effective are traditional techniques like watermarking or AI-based detection, particularly when faced with high-quality, GAN-based deepfakes?
Both watermarking-based (provenance) detection and AI-based (inference) detection can be and are highly efficacious in rooting out deepfakes in any/all use cases. However, the former faces unique issues of implementation — that is, “buy in” from platforms and generative tools. Simply put, if an AI generation model is not signing with a provenance watermark because it has simply not opted in, using provenance can be limiting in this case. There is also the worry that if anyone were to be able to sign content regardless of authenticity with a watermark used by platforms checking for watermarks, that would defeat any checking of said watermark.
In terms of inference-based detection, ground truth is never known and assumed as such, so detection is based on a one to ninety-nine percentage that the content in question is or is not likely manipulated. Inference-based platform needs no buy-in from platforms, but instead needs robust models trained on a wide variety of deepfaking techniques and technologies in various use cases and circumstances (as well as a variety of matching real media as a counterbalance).
To stay ahead of emerging threat vectors and groundbreaking new models, those making an inference-based solution can look to emerging gen AI research to implement such methods into detection models as or before such research becomes productized. To also take a page out of the provenance playbook, working with generative AI and deepfaking platforms to access models and technologies before public deployment for the express purpose of training on the data future models generate is also key in mainlining robustness.
What are the potential benefits and limitations of using blockchain, metadata, and digital watermarking for authenticating media? Are there emerging technologies or hybrid approaches that show promise in improving deepfake detection accuracy?
Unlike detection of violent imagery or CSAM — which often requires checks against known databases that catalog such content — deepfakes have no known databases and building such databases are futile due to the breadth and depth of deepfakes, as well as deepfaking technologies and models. That said, single detection methods fare worse than combined detection methods — your “swiss cheese” approach in cybersecurity. Inference-based and provenance-based detection methods working in tandem can compliment each other and provide more data on each media file scanned than on their own.
Deepfakes have already been used for disinformation, cyber harassment, and other malicious activities. How can AI tools for detecting deepfakes be implemented in public and government sectors to protect information integrity without infringing individual freedoms?
As we’ve seen in the last year alone, securing communications is paramount — especially in financial and government sectors. At the most critical points of entry, we can say from experience that many of these entities are already implementing some level of deepfake detection due the financial and security risks deepfakes — especially audio and video — pose in call environments and over web conferencing platforms, respectively.
To have effective detection in these spaces, the datasets used to train these detection models must be balanced and representative of the greater population — including, but not limited to, accents, dialects, skin tones (across the Monk skin tone scale), facial asymmetry, and an extensive list of factors that help make these datasets truly representational of the people. This is not just for a wholly robust system; it is for the fairness of those on the other line who are not deepfakes — preventing false positives and negatives due to lack of representation of one set or subset.
How effective is public education as a tool to combat deepfake threats? What additional measures could be taken to help users recognize manipulated media?
Much of the public already knows about the wonders of AI, but fewer know of the harms. Greater public awareness and education will always be of immense importance, especially in places where content is consumed that could potentially be deepfaked or artificially manipulated. Yet deepfakes are getting so convincing, so realistic that even storied researchers now have a hard time differentiating real from fake simply by looking at or listening to a media file. This is how advanced deepfakes have become, and they will only continue to grow in believability and realism.
This is why it is crucial to implement deepfake detection solutions in the aforementioned content platforms or anywhere deepfakes can and do exist. Users cannot and should not be required to use their own senses to determine whether, say, a convincing audio file is or is not real, especially as audio improved in realism by leaps and bounds in less than two years. So, yes, raising awareness and making it part of basic cybersecurity/anti-social engineering training is key, but it is not the end-all, be-all.
Given that deepfake creators adapt quickly to detection methods, how do you envision future developments in AI that might assist in preemptively identifying and mitigating new deepfake tactics?
As mentioned before, looking at where the research is heading and collaborations across the industry are absolutely key in detecting newer techniques and models quickly. We are fortunate to have partnered with some of the most well-known companies in the industry expressly for this purpose, as they share our mission in securing communications against dangerous deepfakes in enterprise and government spaces. Increasing access to these methods before public launch through partnerships and collaborations has and will stop new threats and bad actors from emerging.