The Hiring Pipeline You Can't Trust

Threat actors construct synthetic employees using AI-generated faces, cloned voices, and forged credentials that pass the hiring checks organizations currently run. This article covers how synthetic employees operate, why asynchronous video interviews have become the primary attack vector, and reveals why traditional HR identity checks fail to catch this threat. It also covers what detection embedded in the hiring workflow looks like in practice, and why closing the gap requires shared accountability between HR and security functions. The evidence suggests the problem is not emerging. It is already inside hiring pipelines at organizations that have no signal that it is happening.

What a Synthetic Employee Is and How They Get Through

One of your video interviews this week was probably synthetic. You passed them. Your applicant tracking system flagged 200 candidates. Your video interview platform reviewed 60. Not one of your tools asked whether any of them were real.

A synthetic employee is not a person using a fake name. They are a constructed identity, assembled from an AI-generated face, a cloned or synthesized voice, forged identity documents, and a fabricated employment history built to match the role they are applying for. The résumé contains the right keywords. The LinkedIn profile has the right connections. The headshot looks professional. None of it is real.

Why Asynchronous Interviews Are the Primary Attack Vector

The asynchronous video interview is where this threat finds its lowest point of resistance. In a recorded interview, the candidate films their responses on their own device, at a time of their choosing, with no live interviewer present. The hiring team reviews the recording later. There is no real-time interaction, no spontaneous follow-up, and no moment where an unexpected question disrupts a scripted performance. Asynchronous interview fraud succeeds because the format prioritizes convenience over verification. For a synthetic candidate, it removes the only variable that might expose them: an uncontrolled human exchange.

Generative tools can now produce a deepfake video interview recording of a synthetic face responding to pre-set questions with natural eye movement, appropriate pacing, and convincing audio. The recording looks like a candidate. It plays like a candidate. The platform scores it like a candidate. Nothing in the workflow asks whether the person in the video exists.

Since 2022, North Korean state-backed groups have run coordinated campaigns placing operatives inside Western companies through exactly this method, combining AI-generated headshots, fabricated credentials, and forged documents to pass hiring processes at scale. One documented operation generated 135 synthetic personas. These are not isolated incidents. They provide evidence that the pipeline has a structural vulnerability and malicious actors are already exploiting it.

HR Was Built to Evaluate Candidates, Not Verify They Are Human

Traditional identity checks, such as government-issued IDs and background checks, have limitations in detecting synthetic identities, highlighting the need for advanced detection solutions that address these gaps.

The rise of synthetic identity hiring is not a failure of vigilance but a design gap. HR processes assess qualification, character, and fit, and they rest on a foundational assumption that never needed testing: the candidate is a biological human being. Synthetic identity hiring exploits that assumption directly.

Gartner projects that one in four candidate profiles globally could be fake by 2028. The pipeline has already reached that scale and is operational. The gap lives at the biology layer, not the credential layer. A hiring process can verify that a document is valid, that a history is consistent, and that a face matches a photo, yet still lacks any signal that a person produced them. That is the verification that the current infrastructure cannot provide.

Detection Has to Happen Before the Offer, Inside the Workflow

The natural response to a new threat category is to add a step after the existing process—a final verification call. An additional identity check at the offer stage. A manual review of flagged candidates. These responses share a common problem: Unverified interactions already shape the hiring decision before these responses arrive.

Detection must be embedded in the workflow, not bolted on at the end. For asynchronous video interviews, that means analysis running on the recording before it reaches a reviewer, returning a signal, whether the media is authentic, suspicious, or manipulated, before a human scores the response. For live video interviews, it means detection operating inside the meeting platform in real time, generating a result before it concludes.

What Detection Embedded in the Workflow Actually Looks Like

Reality Defender determines whether a person in a video interview is authentic or synthetic by analyzing the audio and video feeds for forensic signals of AI manipulation, without collecting candidate PII, without requiring enrollment, and without changing the interview workflow for the hiring team. The result arrives before the decision does.

That sequencing matters. A detection signal that arrives after a hire receives an offer does not prevent the hire from happening. It documents a problem that has already reached the onboarding stage, where HR has already issued credentials, and IT is actively provisioning access. Detection before the offer is the only position in the workflow where the signal can change the outcome.

This Is a Shared Accountability Problem

Hiring pipeline security does not cleanly fall within either the CHRO's or the CISO's remit. HR owns the hiring pipeline. Security owns the access to the pipeline. When a synthetic candidate clears a video interview, passes a background check, and arrives at day one with provisioned credentials, the breach lives in both functions simultaneously.

The CHRO is accountable for the process that lets the candidate through. The CISO is accountable for the systems that the candidate now has access to. Neither can solve it independently, because the gap sits at the boundary between them, in the moment a hiring decision becomes an access decision.

Why Neither Function Can Solve It Alone

Verification infrastructure is a shared accountability problem that requires a shared solution. Detection embedded in the hiring workflow, with results that feed into both HR review and security operations, is the design that reflects that shared responsibility. An organization that treats synthetic employee fraud as an HR problem or as a security problem will build a partial response to a complete threat.

The Pipeline Has a Gap. Detection Is How It Closes.

Companies designed the pipeline to find the best candidate. It does not confirm that the candidate is a person. That is the gap. Detection is how it closes. See how Reality Defender closes the hiring pipeline gap, or talk to our team to discuss verification infrastructure for your hiring workflow.

https://www.realitydefender.com/get-in-touch

---

Frequently Asked Questions About Fake Job Candidates and Deepfake Detection in Hiring

What is a synthetic employee? A synthetic employee is a fabricated identity constructed from an AI-generated face, cloned or synthesized voice, forged identity documents, and a fabricated employment history. The identity passes standard hiring checks by design, including background verification and video interviews, without any biological person behind it.

Why are asynchronous video interviews the highest-risk stage in hiring? Asynchronous interview fraud works because the format removes the only variable that might expose a synthetic candidate: a live, uncontrolled human exchange. The candidate records responses on their own device with no real-time interaction, and a generative system can produce a synthetic face that responds to preset questions with natural movement and convincing audio. Nothing in a standard asynchronous platform asks whether the person in the recording exists.

Can background checks detect synthetic identity hiring fraud? Standard background checks verify that a document exists and that a history matches a record. They do not determine whether the face, voice, or document was produced by a human or generated by AI. The gap is at the biology layer, not the credential layer.

What does deepfake detection in hiring actually look like? Detection runs on the video and audio feed of a deepfake video interview, analyzing forensic signals of AI manipulation before the recording reaches a reviewer or before a live interview concludes. It returns a signal indicating whether the media is authentic, suspicious, or manipulated, without collecting candidate PII or requiring enrollment. The result arrives before the hiring team makes the decision.

Who owns hiring pipeline security, HR, or the CISO? Both. HR owns the hiring pipeline. Security owns access to the pipeline's products. When a synthetic candidate clears a video interview and arrives at onboarding with provisioned credentials, accountability lies with both functions. Detection embedded in the hiring workflow, with results available to both HR and security operations, reflects that shared responsibility.