Deepfakes are now cheap, fast, and good enough to fool both busy humans and corporate security controls. Voice fraud, executive impersonation, fake "leaks," and AI-generated video approvals for fraudulent wire transfers are no longer theoretical. Real attacks have already bypassed standard Zero Trust defenses by exploiting the one thing the architecture was built on: identity verification.

This session covers how modern synthetic media is made, where it hits hardest, and the tells that still matter, then goes straight into what breaks and what doesn't at the architecture level. When an attacker can wear a manager's face on a live call, biometrics and voice authentication stop being controls. We'll walk through what replaces them: cryptographic identity, hardware-bound authentication (FIDO2), C2PA provenance-at-capture, and behavioral verification that current AI cannot trivially fake. At least, not yet.

We'll also cover what the EU AI Act and platform disclosure requirements actually change - and what they don't. You'll leave with a practical checklist for your teams and a clear picture of how Zero Trust needs to evolve to survive the synthetic identity era.