AI in Hiring: From “Polished CVs” to Deepfake Fraud

AI has made hiring faster. It has also made it significantly riskier.

In remote tech and cyber roles, identity and access overlap dangerously. UK employers are no longer just dealing with embellished CVs; they are facing proxy interviews, real-time AI audio feeds, and deepfakes.

At the extreme end, this isn’t just about bad hires, it’s about fraud.

 

Here is a range of AI misuse we are seeing in the UK market today, and how to stop it without treating every applicant like a suspect.

The Range of AI Misuse

AI on laptop
The “Perfect” CV

The entry-level nuisance.

What it is: Polished, soulless writing that matches every keyword in your job description but says absolutely nothing.

Red Flags:

  • No concept of scale, constraints, or trade-offs.
  • Zero measurable outcomes.
  • Answers that collapse the moment you ask the human question: “Okay, but what did you actually do?”

The Fix: Good questioning exposes this in minutes. If they sound like a Wikipedia article, dig deeper.

Real-Time AI Interviewing

The “Invisible Co-Pilot.”

What it is: Live transcription feeds your questions into an LLM (like ChatGPT), and the candidate reads the generated answer back to you.

Red Flags:

  1. Instant, perfectly structured responses that feel weirdly generic.
  2. A clear disconnect between their “prepared answers” and their ability to think on their feet.

The tell: Eyes darting back and forth like they’re watching a fast game of tennis. They aren’t thinking; they’re reading.

Proxy Interviews

The Bait and Switch.

What it is: You interview a rockstar. A different, significantly less qualified person shows up on Monday morning.

The Risk: You never actually met the person on your payroll. It’s the corporate equivalent of a bad Tinder date, but much more expensive.

Deepfake Identity Fraud

The Security Threat.

What it is: Real-time manipulation of face and voice to impersonate someone else.

The Evidence:

  • University Admissions: Applicants have been caught using face-swapped footage during online interviews. source.
  • Corporate Fraud: Engineering firm Arup confirmed a ~£20m loss after an employee joined a video call where all “colleagues” were deepfake recreations. Same trust gap, different doorway. source.
The Dangerous End: “Hire Me for Access”

What it is: State-sponsored actors or organised crime groups seeking employment solely to gain privileged access.

The Context: UK employers have been explicitly warned about schemes involving fake North Korean IT workers using false identities and UK-based facilitators to handle the laptops. source.

The Reality: This isn’t a recruitment issue; it is a cybersecurity issue. A fraudulent hire with privileged credentials is an insider threat with a clean payroll record.

Why You Should Care (Even if You Aren’t Hiring Cyber Teams)

Bad hires are expensive. Fraudulent hires are catastrophic.

According to YouGov, 67% of large companies report increased AI-driven application fraud. source. If your hiring process can be defeated by a browser tab and a prompt window, you aren’t evaluating skills, you’re evaluating performance theatre.

Practical Controls (That Won’t Destroy Candidate Experience)

You don’t need airport-style security. You just need to verify the human.

Set the Rules Early

Add a clear statement to your job ads and interview invites. Have candidates acknowledge it:

  • AI for preparation? Fine.
  • AI generating answers live? Not fine.
  • Misrepresenting identity? Immediate disqualification.
The Analogue Fix (Where Possible)

If the role is hybrid, bring them in. It is surprisingly hard to use a deepfake filter or read a hidden ChatGPT prompt when you are sitting across a real table. For local roles, physics is still the ultimate background check.

Verify Identity Before the Offer

For remote roles or anything with root access, introduce an ID checkpoint before the final offer. If something feels off on Day One, check again.

Make Interviews “Prompt-Proof”

AI is great at polish, but it fails at “lived reality.”

  • Go Deep: Pick one real project and drill down. Ask about the mess.
  • Test Reasoning: Ask “Talk me through your decision points” rather than “How do you do X?”
  • Live Tasks: Use a short screen-share walkthrough. AI is terrible at describing authentic failure, it doesn’t know what it feels like to delete a production database at 3 AM. Humans do.
Fix Your Assessments

Take‑home tests reveal what a candidate can deliver with hours of polish, external support, and as many retries as they like. What they don’t reveal is how they think, how they reason, or how they handle real‑time complexity.

They’re also incredibly easy to outsource to a friend, a contractor, or an LLM, which makes them far less trustworthy than they used to be.

  • Better: A 15–30 minute live exercise.
  • Best: “Debug this” tasks rather than “Build this” tasks. It’s much harder for AI to fake the context of broken code.
Onboarding is Security

For sensitive roles, apply Least Privilege on day one. Stage their access rights over weeks, not minutes.

If the job needs full permissions immediately, you can still protect yourself with:

  • Session recording for privileged actions
  • Real-time alerts on unusual behaviour
  • Justification prompts before executing sensitive commands
  • 4-eyes approval for destructive/change operations

Quick Guide: Tactics vs. Controls

 

TacticWhat it looks likeWhat actually stops it
AI‑Written CVSlick, generic, buzzword‑heavy.Deep technical questioning; validated references.
Live AI AnsweringPolished answers with no real insight.Reasoning‑driven questions; on‑screen exercises.
Proxy InterviewExcellent interview, poor practical ability.In‑person round; ID verification before offer.
DeepfakeVisual artefacts, laggy lips, uncanny delivery.In‑person checks; liveness prompts.
Remote FraudCamera avoidance; odd requests around payments or locations.KYC processes; staged access controls.
The Balanced Take

We aren’t anti-AI. We use it too. But we are pro-human verification.

If you want help pressure-testing your process for a specific role type (Engineering, Cloud, AppSec, or Data) without turning your interview into an interrogation, reach out to us.

InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. With the success of companies fundamentally driven by the quality of their people, acquiring and retaining talent has never been more important. We believe that recruitment, executed effectively, elevates and enables your business to prosper.

 

We also understand that cyber and information security recruitment can genuinely change people’s lives, that’s why we take the duty of care to those we represent very seriously. All our actions are underpinned by our core values:

  • Always do the right thing
  • Be the best we can be
  • Add value

We work with businesses in the cyber/tech arena, from start-ups and scale-ups to FTSE100 and central Government, many of whom are always looking for great people.

 

Call us directly on 01242 507100 to discuss opportunities or email info@infosecpeople.co.uk.

www.infosecpeople.co.uk

Linkedin