Your Face and Voice Now Work Against You

AI PrivacyOPSECMarch 2026~8 min read

A few seconds of audio can clone your voice. One photo can identify you. A stack of public images can fake a video of you saying anything. Consumer hardware does this now.

Key points

Voice cloning works with 3 to 10 seconds of audio. A public clip is enough.
Set a family code word now. No code word, no money transfer, no matter how real the voice sounds.
PimEyes can identify a stranger from one photo in seconds. Fewer indexed photos now means fewer matches later.

3 sec

AUDIO TO CLONE VOICE

ElevenLabs / Resemble AI

€220K

CEO FRAUD LOSS (2019)

First documented AI voice fraud

$25M

HONG KONG DEEPFAKE (2024)

Full video call deepfake

50B+

CLEARVIEW AI FACE DATABASE

Scraped social media photos

None of this is hypothetical. People already use it against journalists, activists, executives, and random families.

3 Seconds Can Be Enough

ElevenLabs, Resemble AI, and open-source tools like XTTS-v2 can clone a voice from 3 to 10 seconds of audio. The sample can come from a social post, podcast, voicemail, or recorded call. The FTC has warned consumers about AI voice cloning scams, and the FTC's 2024 AI report treats voice fraud as a priority.

Known attacks include:

CEO fraud / BEC (Business Email Compromise): In 2019, scammers used an AI clone of a parent company CEO to push a UK energy executive into sending €220,000. By 2025, this scam was ordinary.
Family emergency scams: Parents get a call from what sounds like their child and hear panic, urgency, and a demand for money. The FBI issued warnings in 2023 after the cases spiked.
Authentication bypass: Some banks still trust voiceprints. Cloned samples can beat them.
Political disinformation: Fake clips of politicians can spread before anyone checks them.

Video Deepfakes Stick Longer

Face-swap deepfakes need more data than voice cloning, usually dozens of photos or minutes of video. Most people with a social presence already gave that away. AI-made intimate imagery now drives extortion, harassment, and reputation attacks.

It also drives:

Corporate fraud: In February 2024, a finance worker in Hong Kong sent HK$200 million, about $25M USD, after a video call where every participant, including the fake CFO, was a deepfake.
Activist targeting: Belarus, Russia, and Iran have all seen fabricated confession videos used for propaganda and prosecution.
Extortion: Attackers build fake intimate images from public photos, then demand money or compliance.

Facial Search Turned Public

PimEyes, FaceCheck.ID, and similar tools let anyone upload a face and search for matching images across the public web. Clearview AI built a database of more than 50 billion facial images scraped from social media and sells access to law enforcement.

In 2024, Harvard researchers AnhPhu Nguyen and Caine Ardayfio paired Meta Ray-Ban smart glasses with PimEyes and pulled strangers' names, home addresses, and family links from a live camera feed. The chain was simple: glasses camera, face extraction, PimEyes match, reverse OSINT. It took under 30 seconds per person.

By 2026, smart glasses with cameras are normal retail hardware. Real-time face search is no longer a lab trick.

Shrink Your Biometric Surface Area

Face

Cut indexed photos. Fewer clear photos means less training data and fewer matches. Audit your social accounts. Remove sharp, high-resolution shots from multiple angles. Google's "Results about you" tool can also remove some image results.

Use opt-outs where they exist. PimEyes offers an opt-out process. Submit your own photos and get out of their public index. This will not touch Clearview AI, but it still cuts exposure to consumer-facing search tools.

Use adversarial makeup and clothing. CV Dazzle showed that asymmetric face paint can break facial landmark detection. In spaces heavy with cameras, high-contrast patterns around the eyes and nose can throw off commercial models. IR-blocking makeup can also blunt near-infrared capture in some settings.

Voice

Limit public recordings. Remove old clips where you can. Think hard before leaving podcasts, interviews, and recorded calls online forever. A 10-minute YouTube video is rich training data.

Set a family verification rule. The scam works because the voice sounds right and the timing feels bad. Pick a nonsense code word. No code word means no transfer.

Treat urgent video or voice requests as suspect. If someone asks for money on a call, hang up and call back on a number you verified yourself. The Hong Kong case worked because the victim trusted the call alone.

Deepfakes Also Break Reputations

Defamatory deepfakes now show up in targeted harassment campaigns. Laws move slowly. The UK's Online Safety Act criminalises non-consensual intimate deepfakes. The EU's AI Act adds rules. Some US states did the same. Cross-border enforcement still drags.

Practical mitigation:

Track your name and face with Google Alerts and "Results about you"
Sign original content with C2PA or Adobe Content Credentials so provenance survives
Keep records of your real posting history to help prove when a fake appeared
Report fast. Major platforms now have deepfake takedown paths, especially for intimate content

You Cannot Rotate a Face

Face geometry, voiceprint, and gait now act like permanent attack surfaces. Once public, they stay useful to attackers. A stolen password can be replaced. Your face cannot.

Reducing your biometric footprint is basic OPSEC now.

Cunicula receives no funding from any AI company, biometric technology provider, or surveillance contractor.

Follow the Money

The market splits in two. One side sells creation tools that make fraud cheap. The other side sells detection tools back to the same institutions getting hit.

$Deepfake industry money flows: creation tools vs detection market

Creation tools: HeyGen $50M+ revenue. $60M Series B. Synthesia $90M ARR. Enterprise clients. ElevenLabs $19M ARR. Voice cloning market projected at $2.5B by 2027.
Fraud losses: $43B financial fraud in 2023. $1.1B vishing losses. Known cases: $25M Hong Kong deepfake, €220K CEO fraud by voice clone.
Detection industry: Microsoft: $13M detection grants. Reality Defender: $15M Series A. Pindrop: $100M Series D for voice auth. Intel FakeCatcher. Nuance acquired by Microsoft for $19.7B.

Frequently Asked Questions

How little audio does it take to clone someone's voice with AI?

Very little. Tools like ElevenLabs and Resemble AI can build a convincing clone from 3 to 10 seconds of audio. A social clip, voicemail, podcast snippet, or recorded call can be enough. By 2024, the quality already fooled some voiceprint systems used by banks. A 10-minute YouTube video gives an attacker more than enough training material.

What are deepfakes used for in fraud and scams?

They drive CEO fraud, family emergency scams, fake video meetings, extortion, and political disinformation. Known cases include a €220,000 CEO fraud in 2019, a $25M Hong Kong fraud in 2024 where every person on the video call was fake, AI-made intimate imagery built from social photos, and cloned voices used to push relatives into wire transfers.

How do you protect yourself from voice cloning scams?

Use three rules. First, set a family code word: a nonsense phrase anyone must say before you send money. Second, if a call or video asks for money fast, hang up and call back on a number you already trust. Third, cut down the public recordings of your voice. Podcasts, YouTube clips, and media appearances become training data.

Can someone identify you from a photo using AI facial recognition?

Yes. Services like PimEyes let anyone upload one photo and search for matching images across the public web. In 2024, Harvard students showed that Meta Ray-Ban smart glasses paired with PimEyes could pull strangers' names, home addresses, and family links from a live feed in under 30 seconds. Clearview AI holds more than 50 billion scraped social media photos. The best defense is fewer indexed photos of your face.

← PreviousPrivacy on Mainstream Socials: Reducing Damage Without Going Dark Next →How AI-Enhanced KYC Works and Why No-KYC Exchanges Exist