A 95% Confidence Score Falls Apart If the Media Was Faked Before You Ran the Match

In February, a cybersecurity firm ran an experiment with NATO. They introduced deepfake media — synthetic video and audio — into a simulated military scenario and watched what happened. Experienced officials, people trained to assess threats under pressure, struggled to catch it. Not because they were careless. Because the fakes were that good. If military intelligence professionals operating in high-stakes conditions can miss synthetic media, what does that say about the average investigator who glances at a photograph and thinks, "looks real to me"?

Here's what modern identity work actually looks like when it's done correctly. It's not one step. It's two. First, you validate whether the photo, video, or audio recording you're holding is even authentic. Then — and only then — you run facial comparison on media you've already confirmed is real. Skip that first layer, and you're not doing an investigation. You're doing pattern-matching on evidence you haven't proven exists.

The 80% Problem Nobody Talks About

Digital forensics expert Hany Farid has noted something that should make every investigator uncomfortable: some systems used to detect deepfake attacks are only about 80% effective, and many fail to explain how they reached their verdict. That 20% miss rate isn't a rounding error. At scale, it's a disaster waiting to happen.

But the explainability gap is actually the more dangerous problem. A system that tells you "this media is 94% likely to be authentic" without showing you which signals it evaluated to reach that conclusion is handing you a number with no evidence behind it. In any serious investigation, a number without reasoning is not evidence — it's noise wearing the costume of evidence.

According to peer-reviewed forensic research published in PMC, interpretability and explainability in deepfake detection aren't just technical refinements — they are prerequisites for trust, accountability, and defensible decision-making in legal and forensic contexts. A detection system that can't show its work can't be cross-examined. And evidence that can't withstand cross-examination has no place in a case file. This article is part of a series — start with Eu Digital Omnibus Will Redraw The Rules On Biomet.

And Gartner predicts that by 2026, 30% of enterprises will no longer consider face-based identity verification reliable when used in isolation — precisely because deepfake generation is outpacing detection improvement. The trajectory isn't subtle. Attackers are moving faster than the tools built to catch them, which is exactly why the process matters more than the technology.

Two Attack Vectors. One Step Most Investigators Miss.

Deepfake attacks on identity verification systems come in two distinct flavors, and understanding the difference changes how you think about validation entirely.

The first is the obvious one: a synthetic face — or voice — convincing enough to pass as real. These are typically generated using one of two approaches. Generative Adversarial Networks (GANs) work through an adversarial process where two neural networks compete against each other. A generator creates synthetic samples. A discriminator tries to flag them as fake. Through thousands of iterations of this game, the generator gets so good at producing realistic output that even trained humans can't distinguish it from genuine footage. The problem with GANs is they can fall into "mode collapse" — producing outputs that look real but repeat certain patterns — which is one of the forensic traces a skilled investigator can learn to spot.

Diffusion models, the newer generation of generative AI, work differently. They start with random noise and gradually denoise it into a coherent image, producing outputs with different statistical fingerprints than GAN-generated content. The forensic implications matter: what you're looking for in a GAN deepfake isn't the same as what you're looking for in a diffusion-generated fake. Knowing the generation method shapes the detection strategy.

The second attack vector is less discussed but arguably more dangerous: injection attacks. Instead of creating a convincing deepfake and hoping it passes detection, an attacker bypasses the camera or microphone entirely and injects a pre-recorded synthetic video stream directly into the verification pipeline. The detection system never sees a live person — it sees a video feed that was substituted before it ever reached the sensor. A deepfake detector can flag 100% of the fakes it actually evaluates. Against an injection attack, that perfect score is completely meaningless. Previously in this series: 3D Facial Landmarks Determine Match Score Accuracy.

"Deepfake defense must evolve from spotting manipulated pixels to validating the authenticity of entire verification sessions. Layered defenses across media authenticity, device integrity, and behavioral signals are the most reliable way to reduce false acceptance without adding unnecessary friction for legitimate users." — Digital Watch Observatory

The Chain of Custody Analogy That Changes Everything

Think about how fingerprint evidence actually works in a real investigation. The comparison step — does this print match that one? — is actually the easy part. Before any comparison happens, the forensic examiner establishes a chain of custody: Where was this fingerprint collected? Who handled it? Was the surface contaminated? Was the sample stored correctly between collection and analysis?

A technically perfect fingerprint match on contaminated evidence isn't just worthless — it's worse than worthless. It's false confidence dressed up as certainty. It can send an investigation in exactly the wrong direction while feeling completely rigorous.

Media authenticity verification is the chain of custody for digital evidence. Before facial comparison means anything, someone has to answer: Where did this image or video originate? Has it been modified since capture? Does the metadata align with the claimed source and timestamp? Can we establish that this file is what it claims to be? Skip those questions, and the facial match — however technically accurate — is built on a foundation that hasn't been tested.

At CaraComp, this two-layer thinking is foundational to how we approach identity verification: confirm the integrity of the media first, then trust the comparison. The match is only as meaningful as the evidence feeding it.

The Misconception That's Quietly Corrupting Case Files

Here's what most investigators get wrong, and it's genuinely understandable why: they assume that running a deepfake detection tool before facial comparison covers the authenticity question. If the tool says the media is real, they move to the match. Job done. Up next: A 95 Confidence Score Falls Apart If The Media Was.

The problem is that a confidence score without explainability tells you nothing actionable. Digital Watch Observatory's analysis of deepfake defense strategies makes this explicit: organisations must combine detection technologies with stronger verification procedures and provenance tracking. Detection alone isn't the answer. Provenance — knowing the documented origin and handling history of a piece of media — is what makes detection results meaningful.

Why do investigators default to trusting the tool? Partly because the alternative feels slow. Partly because "the system said 94% authentic" sounds authoritative. And partly because research published in PMC on human deepfake detection found something quietly alarming: people's actual accuracy at spotting deepfakes averages around 57.6% — barely above random guessing — yet many feel confident in their judgments. That gap between perceived ability and actual performance is where bad evidence slips through. The investigators most likely to skip the validation step are often the ones most confident they'd catch a fake if they saw one.

So here's the question worth sitting with the next time a critical photo or video lands in a case file: before you ask "does this face match?", can you actually answer the question that comes before it? Do you know where this media came from, who handled it, whether it has been modified since capture, and whether it is showing you something that actually happened?

If the answer to any of those is "I assumed so" — then the facial match hasn't started yet. You're still on step one.