Cybercriminals no longer need to break into systems the old way. In 2026, they show up to video calls looking and sounding like your CFO, pass identity checks with AI-generated faces, and walk away with access they were never meant to have.

A Flashpoint AI Threat Report covering April 2026 analyzed over 2.3 million posts across forums, marketplaces, and chat services discussing artificial intelligence in the context of illicit activity. The findings show deepfake-powered identity fraud has moved well beyond experimental attacks. It is now a structured, commercially sold operation with buyer support, real-time updates, and platform-specific customization.
What Is a Deepfake KYC Bypass
Know Your Customer (KYC) verification is a security process businesses use to confirm a person’s real identity before granting account access, financial services, or onboarding. Most platforms require a live video check, a photo ID match, or both.
Deepfake KYC bypass attacks defeat these checks by replacing a real person’s appearance and voice with AI-generated media that passes as genuine. The attacker presents a synthetic face during a live video session, uses cloned voice audio to answer prompts, and submits AI-altered or fully fabricated documents alongside the session.
These are not low-quality fakes. Flashpoint analysts found that sellers actively updated their toolkits based on buyer feedback, adjusting outputs to match specific platform requirements and verification workflows.
What These Deepfake KYC Bypass Kits Actually Contain
Flashpoint identified 63,763 posts in April 2026 alone advertising or discussing KYC bypass methods using AI. Many of those posts were not just discussion threads. They were active storefronts selling complete toolkits.
A typical kit bundles:
- Synthetic video generation designed to mimic live verification behavior, including real-time head movement and eye contact
- Voice cloning tuned to produce natural-sounding responses to verification prompts
- Scripted interaction prompts that guide the attacker through the session
- Fake documentation including forged IDs and supporting paperwork formatted to match real credentials
Some sellers went further, offering guidance on adapting kits to specific platforms. Listings updated in real time as buyers flagged issues or new verification systems introduced new requirements.
This level of service mirrors a legitimate software-as-a-service model, with seller support, version updates, and buyer feedback loops built in.
How the Fraud Workflow Connects to Broader Cybercrime
The KYC bypass activity does not operate in isolation. Flashpoint found that stolen credentials, session tokens, phishing infrastructure, and AI-enabled impersonation methods increasingly run alongside one another in the same criminal workflows.
An attacker might use a phished credential to initiate a session, then deploy a deepfake kit to pass the live verification check, and finally use a forged document to complete account onboarding. Each layer has its own tooling, its own marketplace, and its own community of sellers and buyers.
If you want to understand how the earliest stage of these attacks reaches end users, AI security scams used to announce themselves with obvious red flags. That is no longer the case in 2026, which is exactly why the verification bypass problem has become harder to solve at the user level.
Where These Deepfake Kits Are Being Sold and Distributed
Telegram accounted for the largest share of observed activity, with 1,395,075 posts in April tied to AI services and discussions. Reddit, GitHub Gist, Pastebin, Discord, and smaller forums accounted for significantly lower volumes.
The distribution across platforms is not random. Each serves a different operational purpose:
- Telegram functions as the primary distribution layer for prompts, jailbreak methods, fraud tooling, and service advertisements
- GitHub Gist and paste sites host scripts and supporting materials
- Forums support reputation building and longer technical discussions
- Discord communities center around specific models, prompt collections, or jailbreak workflows
Methods introduced in one community regularly reappear in others, especially when they produce reliable outputs or help users bypass platform moderation controls.
Jailbreaks and Alternative Models Are Now Commodities
Beyond deepfake toolkits, Flashpoint tracked a significant shift in how criminals interact with AI models themselves. The focus has moved away from building new malicious AI tools. Instead, threat actors are concentrating on maximizing what existing models can produce.
That means jailbreak methods, prompt-sharing workflows, and migration to platforms perceived as less restricted than mainstream services like ChatGPT or Gemini.
VeniceAI saw a notable spike in mentions during April 2026, driven largely by newly created Reddit and Discord communities dedicated to the platform. The interest reflects a broader search for models that produce fewer content restrictions on demand.
Prompts themselves have become tradeable commodities. Phishing scripts, step-by-step impersonation workflows, and fraud-oriented prompt collections circulate across communities in the same way that malware kits did in earlier years. When a prompt stops working, community members share updated versions within short timeframes.
This is not so different from how other criminal tooling spreads. The Verizon 2026 Data Breach Investigations Report found that vulnerability exploitation is now the top breach entry point, and the AI prompt economy operates on a similar cycle of exploitation, refinement, and redistribution.
The $25 Million Video Call Problem
Flashpoint opened its April report with a scenario that is now well-documented as a real attack pattern: a finance employee joins a video call with their CFO and several colleagues. The faces match. The voices sound right. The request seems routine. Minutes later, $25 million transfers out, and the employee discovers that every other participant on the call was AI-generated.
This is not a hypothetical edge case. Attacks matching this pattern have been reported by multiple organizations, and the tooling required to execute them is now openly sold across Telegram channels and forums.
Social engineering attacks have become dramatically harder to catch when every element, including the face, the voice, and the documents, can be fabricated convincingly. Attackers previously relied on compromising endpoints or planting malware to steal credentials. Now they bypass that step entirely by impersonating the people who already have access.
Related techniques appeared in other recent attacks. Hackers used Kash Patel’s website to steal Mac users’ passwords through a ClickFix-style social engineering campaign, which shows how credential theft and impersonation tactics continue to evolve across different targets and platforms.
What Security Teams Should Prioritize
Flashpoint’s core recommendation is visibility. Security teams that cannot see where these methods are being developed and refined cannot respond to them effectively until after an incident has already occurred.
Practically, that translates to several defensive priorities:
- Review verification workflows: Any onboarding process, account recovery flow, or identity check that relies on video or document submission should be evaluated against current deepfake capabilities. Static liveness checks and single-factor document verification are no longer sufficient on their own.
- Layer verification methods: Combining behavioral signals, device fingerprinting, biometric consistency checks, and human review for high-value transactions reduces the success rate of purely synthetic identity attacks.
- Monitor threat intelligence sources: The communities where these kits are sold and refined produce observable signals. Threat intelligence programs that track criminal forums and Telegram channels provide earlier warning than relying solely on post-incident detection.
- Train employees on synthetic media risks: Video call impersonation attacks succeed primarily because employees trust what they see and hear. Training that specifically addresses deepfake scenarios and establishes out-of-band verification procedures for financial transactions can interrupt the attack before any transfer occurs.
- Treat prompts as attack infrastructure: Phishing scripts and impersonation workflows built on jailbroken LLMs are now as operationally significant as traditional malware. Security teams that monitor only traditional indicators of compromise will miss the AI-native attack patterns described in this report.
The underlying message from Flashpoint’s data is that AI-enabled fraud has moved past the experimental stage. The tooling is mature, the distribution networks are established, and the feedback loops that improve these kits operate continuously. Defenders who treat this as an emerging threat rather than a current one are already behind.
