"Even so, using a deepfake video to apply for a security researcher role with a company that does threat modeling for AI systems seems incredibly brash. "It's one of the most common discussion points that pops up in the CISO groups I'm in," Expel co-founder and CEO Jason Rebholz told The Register, talking about the North Korean-type job interview scam. "I did not think it was going to happen to me, but here we are.""
"Before starting his own AI security shop, Rebholz worked as an incident responder and chief information security officer (CISO). He has researched deepfakes for years, and even used them in his presentations - so he's not an easy target for this type of scam. In January, Rebholz posted a few job openings at his firm on LinkedIn. Within a couple hours, he received a direct message from someone he didn't know personally saying that they knew someone who would be a good candidate for the security researcher role."
"The purported job-seeker's profile pic wasn't of a real person. Rebholz says it looked like an anime character, and calls it the "first red flag" in this whole experience. But he still gave the candidate the benefit of the doubt. "In the security community, people get freaked out about privacy, and so it's not outside of the norm if somebody has an alias or don't have a real picture," he said. "This was the first instance of me trying to justify what I was seeing.""
Companies of all sizes regularly encounter fake IT applicants and occasionally hire them. A deepfake video was used to apply for a security researcher position at a firm that performs AI threat modeling. The firm's CEO, an experienced incident responder and former CISO who has researched and demonstrated deepfakes, received a LinkedIn message recommending a candidate. The candidate's profile picture was an anime-like image and the resume was hosted on Vercel, raising suspicions. The CEO initially gave the candidate the benefit of the doubt due to common privacy and alias practices in the security community. A co-founder suspected the resume was AI-generated.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]