A finance worker at Arup, the global engineering consultancy, sat in his Hong Kong office watching a video conference call start. The usual members of the executive team joined one by one, including the company’s U.K.-based CFO. Each participant looked and sounded like their real-life counterparts — but every “person” on the call was a deepfake.

Attackers had created remarkably accurate AI-generated recreations of Arup executives. They harvested existing video and audio files from online conferences and virtual company meetings, according to Hong Kong police, and used that identity data to fabricate each executive’s likeness with precision.

Convinced the call was real, the finance worker followed the deepfake CFO’s instructions and transferred HK$200 million, around $25.6 million, across 15 transactions to five bank accounts. The first wire transfer took minutes. The theft went undetected until the employee checked with Arup’s U.K. head office. No transfer had been requested. Nearly a week had passed.

The Arup deepfake breach has become a cautionary tale that boards of directors still discuss. For the technology-minded board members, it forces a specific reckoning: the attack never touched a single endpoint, never tripped an intrusion detection system, never deployed malware. It worked because it targeted a collaboration channel where trust was the only authentication. The CFO appeared on camera. That was enough.

Eighty-two percent of detections in 2025 were malware-free, up from 51% in 2020, according to the CrowdStrike 2026 Global Threat Report. The Arup case illustrated exactly that: adversaries are not breaking in, they are logging in. The report tracked 281 adversary groups, recorded an 89% increase in attacks by AI-enabled adversaries, and clocked the fastest eCrime breakout at 27 seconds. Valid account abuse accounted for 35% of cloud incidents. Identity is not adjacent to the attack surface. It is the attack surface.

The financial exposure is accelerating to match. The Deloitte Center for Financial Services projects deepfake-enabled fraud losses in the United States could reach $40 billion by 2027, up from $12.3 billion in 2023. Scamming software sells on the dark web for as little as $20.

Pindrop’s 2025 Voice Intelligence and Security Report documented a 1,300% surge in deepfake fraud attempts in 2024, jumping from an average of one per month to seven per day. Gartner predicted that by 2026, 30% of enterprises would no longer consider identity verification and authentication solutions reliable in isolation due to AI-generated deepfakes.

Where human screening broke down

Arup’s finance worker initially suspected the request was a phishing attempt after the deepfaked CEO asked for a transaction and said it needed to be handled with discretion. Good instincts. But the attackers knew that stacking multiple communication channels kills doubt faster than any single channel builds it. They followed up with a deepfake CFO on a Zoom call. The suspicion died.

Rob Greig, Arup’s global chief information officer, later acknowledged in a statement reported by CNN that attacks against the firm had been escalating rapidly, marked by stepwise gains in sophistication and tradecraft. The most skilled attackers know more about gaps in infrastructure than IT teams do, and deepfakes let them assume the identities of senior managers to pry into restricted systems.

“Since with AI advances you can’t trust voice or video or even writing styles, you must have either preshared secrets or be able to validate a question only you and they would know,” Alex Philips, CIO at NOV, who previously served as the company’s CISO, told VentureBeat in an exclusive interview.

Why biometric authentication didn’t apply in the channel that mattered

Who's going to tell a CFO they must get scanned to get on a Zoom call? In most enterprises, nobody does. Anyone can join a video call, and the only verification is whether the face on screen looks familiar. Biometrics confirm the person of record in onboarding and authentication flows. The Arup attack operated entirely outside those flows. It exploited a channel where identity was assumed, never verified.

“Adversaries have figured out that one of the fastest ways to gain access to an environment is to steal legitimate credentials or to use social engineering,” Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, told VentureBeat in an exclusive interview. “Bringing malware into the modern enterprise that has modern security tools on it is kind of like trying to bring a water bottle into the airport. TSA is probably going to catch you.”

Meyers told VentureBeat that voice phishing surged 442% in 2024, and that AI-generated phishing emails achieve a 54% click-through rate, compared with 12% for human-crafted messages. The 2026 report confirms this accelerated further: AI-enabled adversary attacks rose 89% in 2025, and its conclusion warns that fast-paced vishing campaigns targeting SaaS applications will almost certainly continue.

Liveness detection wasn’t in the loop

Liveness detection protects onboarding and authentication. It does not protect the Zoom call where the CFO approves a $25.6 million wire transfer. The deepfake didn’t need to defeat liveness detection because it operated in a channel where no such check existed. That gap is not a technical limitation. It is an architectural blind spot that most enterprises have never mapped.

The real problem is speed, not sophistication

The 2026 report recorded average e-crime breakout times of 29 minutes, with the fastest clocked at 27 seconds. In one intrusion, data exfiltration began within four minutes of initial access. OpenAI’s Voice Engine demonstrated that convincing voice clones can be generated from just 15 seconds of audio. The tools are fast, cheap, and available to anyone with a browser.

Cristian Rodriguez, CrowdStrike’s field CTO for the Americas, framed it directly. “The old model of quarterly access reviews or static policies simply can’t keep up with machine-speed threats. We need AI defending against AI, with humans setting strategy instead of chasing alerts,” he told VentureBeat.

The Arup attackers used cheap, available AI tools to fabricate a convincing video call. The employee had suspicions. The attackers overcame them in minutes. Layered defenses fail if none of the layers operate at the speed of the attack.

What to do Monday morning

  1. Mandate out-of-band verification for every wire transfer above your corporate-defined threshold. Establish verified callback numbers in an internal directory that cannot be overridden by email, chat, or video. Require preshared code words for high-value approvals. The Arup employee relied on visual recognition alone. A five-second callback would have killed the attack.

  2. Lock down meeting-level identity controls on any call involving financial approvals. Require verified participant lists maintained by IT and regularly audited. Check that the Zoom main account restricts external join permissions. Any payment authorized over video should be confirmed through a separate, verified channel before execution. Most enterprises cannot embed real-time liveness detection into video conferencing platforms yet. These controls fill the gap.

  3. Enforce zero trust principles at the point of transaction, not just at login. NOV deployed zero-trust gateways that force conditional access at every transaction, not just at session start, making stolen session tokens functionally useless. Apply conditional access policies that force revalidation when a financial transaction is initiated.

  4. Revoke session tokens instantly, not passwords. Once attackers compromise an identity through social engineering, they use stolen session tokens to move laterally. Philips told VentureBeat that resetting a password is insufficient, citing how time-consuming it is for enterprises to revoke the active session token at the resource level. Build and test a token revocation playbook before you need it.

  5. Enforce separation of duties. This is the control that would have killed the Arup attack. One employee authorized $25.6 million across 15 transfers with no independent check. No second approver, no out-of-band confirmation, no system-enforced hold. Philips advises that it is imperative to ensure no one person or service account can reset a password, bypass multi-factor authentication, and override conditional access. If your highest-value transactions can be approved by a single human on a single channel, that is not a controls gap. That is an open door.

  6. Train teams specifically on deepfake recognition in live video and audio. Traditional phishing programs do not address real-time impersonation. Employees need to know that asking a video participant to turn sideways, change lighting, or answer a personal verification question is not paranoia. At Arup, the employee’s initial suspicion was correct. The video call overrode it. Run deepfake tabletop exercises monthly for senior management. This technology is progressing so fast that recognition skills decay within weeks.

  7. Audit every collaboration channel for identity verification gaps. Map where identity verification runs in your environment, and where it does not. Video conferencing, messaging platforms, voice calls. If a channel can be used to authorize spending or access changes but has no identity controls, it is an open attack surface. The Arup attackers didn’t find a vulnerability. They found channels nobody was watching.

Start with the collaboration channel audit. Map every channel that can authorize money movement or access changes. Give yourself 30 days. The Arup attackers needed 90 seconds. Your controls need to move faster than that.