Fighting AI with AI

NPR.

So Wayland, the other day I decided to give our colleague Angel Carreras a little test.

Hello Darian.

Hey hey.

Sorry, your headphones on.

Angel,

I need your help with something real quick.

What's up?

I need your help with something real quick.

You sound like AI.

Would you be able to go out and buy some gift cards for me?

You sound like I don't have time today.

It's a surprise for our colleague.

Darian, I'm so sorry.

You're not fooling me.

This is AI.

If you could just go out and buy like $200 in gift cards, that would be awesome.

Okay, actually, you've convinced me.

Where should I get these?

D-A-I-Darian?

Come on, quick on your feet, Darian.

Where?

Angel, I have to admit something to you.

Too sloppy, Darien.

This is not my real view.

Too sloppy.

I am a deep fake.

Gosh.

angel

i got you you got you got nothing you got nothing oh my gosh angel was so clever if you had called me i would have fallen for it immediately yeah i would have been like where do you want the gift cards from gap do you need a gap gift card

no i know and so yeah depending on the person depending on the situation like maybe it'd been urgent like a cousin calling from a hospital this could have really fooled somebody yeah a lot of people are falling for these kinds of audio deep fakes.

It's like millions of Americans have lost money to a scam call that uses an AI voice.

And the losses from these scams can be in the thousands of dollars.

But it's not all hopeless.

Businesses are using AI to fight AI.

This is the indicator from Planet Money.

I'm Darien Woods.

This week on The Indicator, we're going to bring you a special series on the evolving business of crime.

Today's show, Defending Against AI Voice Clones.

We speak with the company working to ferret out AI deep fakes, and we learn how banks are fortifying themselves in an age where anyone can sound like anyone else.

Support for NPR and the following message come from Indeed.

Just realizing your business needed to hire someone yesterday?

Speed up your hiring right now with Indeed.

Claim your $75 sponsored job credit now at Indeed.com slash indicator.

Terms and conditions apply.

This message comes from Schwab.

Everyone has moments when they could have done better.

Same goes for where you invest.

Level up and invest smarter with Schwab.

Get market insights, education, and human help when you need it.

Support for NPR and the following message come from Edward Jones.

A rich life isn't always a straight line.

Unexpected turns can bring new possibilities.

With 100 years of experience navigating ups and downs, Edward Jones can help guide you.

Let's find your rich together.

Edward Jones, member SIPC.

Banks are a big target of AI voice fraud.

I mean, that's where the money is, literally.

And so, if you're a chief information officer at a bank, you're constantly checking your websites and phone line systems for any vulnerabilities.

That's what Mark Kwapizewski is doing at PNC Bank.

Fraudsters constantly bang on every door trying to find any crack in essentially our armor or our remote around the bank as banking has gone more digital.

Obviously, the criminals have followed there.

One scheme calls people up, it records you talking for several seconds, and then it turns that into a cloned AI voice and uses that to bypass banks' voice verification on the phone.

Because it's so easy now to reproduce your voice, you really can't rely on any one vector to say, okay, I'm just going to accept it's you because I hear you.

One person has been on this problem for years, Ben Coleman, used to work for Goldman Sachs, and there he saw the early stages of these kinds of frauds.

So in 2021, he co-founded a tech company that would try to protect big institutions like banks from voice fraud.

He just didn't have the language for it yet.

But we didn't have the buzzword of DeepFix.

We didn't have generative AI.

We didn't have ChatGPT or anything.

So we said we can detect AI avatars and virtual humans, which are about to be this huge kind of tsunami of fraud.

How did you see this coming?

I just assumed if I was a hacker, what would I be doing?

How do I do more hacking?

That's what I ask myself every day, Darien.

Black hat hacker, wheeling along.

Watch out.

Ben thought that voice verification was this huge vulnerability for banks.

If the bank verified your voice on the phone, you could do a wire transfer or reset the password and gain complete control.

He named his company Reality Defender.

We're doing what's called inference, which is looking for different features that probabilistically indicate that AI was used.

An AI voice has a particular harmonic structure that the human ear doesn't hear, but Reality Defender software can detect.

There's indicators of AI, which means that the information is, yes, it's yours, but it's being used by somebody who's not you.

So your company is almost like one of these AI detection websites where teachers might put a student's essay and and say, is this AI?

Yeah, turnitin.com.

Yeah.

Ben says the majority of top 20 banks use Reality Defender software and many use other services like Ben's.

But he says that banks should step up even further.

Unfortunately, many institutions, not only banks, but also government organizations, insurance companies, media organizations,

are still using what are called voice biometrics, which is a short way of saying your voice is your password.

Ben thinks banks should just remove seeing a voice as a kind of password entirely.

We asked Mark Kwapazewski at PNC Bank why it was still using voice ID.

Are there risks to PNC using voice authentication technology?

I think if you're only using the one dimension, there's risk in everything.

There'd be risk in accepting a driver's license, for example, somebody walking into your branch, which is why you're starting to see a lot more technologies that are looking for

multi-factor authentication or even just those other signals.

So I would sort of say you always want to have layers of security.

And that's probably the key thing

that we're always looking at is which, how well do we feel we have our various layers covered?

And then you're able to learn where you might be overusing one of those signals and adjust.

So it's not just your voice the banks are looking at, but also your location, the device you're calling from, details like your birthday, a text message verification code, all kinds of things.

In fact, Mark says criminals flock to where the weakest defenses are.

And thanks to software like Reality Defender, the greatest vulnerability isn't with bank phone lines.

It's with the customers.

So it's a little bit in reverse.

How do you know that the company that just called you is actually PNC?

We've spent a lot of time and money with

the telecom carriers, different technology companies, so that if somebody's trying to spoof one of PNC's numbers, it gets blocked and it never gets delivered to you.

The fraudster tries to build a sense of urgency that you need to move your money.

Maybe they say the bank account's being compromised.

We'll never ask you to move your money.

If we think an account has been compromised, the bank will move your money for you, you know, within the bank.

But he says a lot of people believe they're talking to the bank.

The supposed bank worker will tell them to buy gold or cryptocurrency or withdraw cash and hand it over to someone, thinking that will keep the money safe.

It's a scam every time.

Another voice scam is going straight to the customer pretending to be a loved one in need.

Being in this part of the business I have with my family is essentially a safe word.

And we all

know if there's ever a situation where somebody is either really in trouble and asking for money,

it's consistent.

We will ask for the safe word.

Angel could have used that.

Yeah, I mean, he didn't need one.

But, you know, I thought the voice clone was actually pretty good.

And that's why Ben Coleman from Reality Defender doesn't think that protecting banks is enough.

He wants all content online to be vetted for whether it was AI generated from text to voice to video.

Yeah, like celebrity scams are a problem right now.

We've recently had revelations of scammers pretending to be pro-golfers on Instagram and Facebook.

I think we're going to look back and say, I can't believe there was a time when we didn't have automated defect detection.

Our challenge is just this technology is moving quicker than regulations.

And that's why Ben went to Congress to try to advance regulation.

That would mean when you logged into Instagram or got a Zoom call or a WhatsApp voice memo, you would be informed about whether it was AI.

We just gave testimony in Congress and in the Senate about this.

We deepfaked Senator Blumenthal and Senator Hawley.

First on we're going to ask the audience and those on the DS which ones are real and which ones are fake.

Hi, my name is Richard Blumenthal, United States Senator from Connecticut, and I'm a die-hard Red Sox fan.

That clip of Richard Blumenthal was AI, by the way.

Geez, he needs a safe word.

Should be Red Sox.

By the way, we at The Indicator are not immune from AI deep fakers.

We've heard reports of scammers pretending to be us at The Indicator.

So note that we will always use an at npr.org email address.

Tomorrow in our Vice series, we bring you an episode on what's supercharging data breaches.

This episode was produced by Cooper Cats McKim with engineering by Robert Rodriguez.

It was fact-checked by Sierra Juarez.

Cake and Cannon edits the show and the indicator is a production of NPR.

This message comes from NPR sponsor Pete and Jerry's Eggs, inviting you to tag along with one of their organic, pasture-raised hens as she heads out for her day in the pasture.

She and her friends start to roam and forage, hunting for tasty organic snacks.

And with 108 square feet per hen, there's plenty of space for everyone.

Under the open sky, they can hear songbirds nesting in the trees.

They bask in the sounds of nature as they prepare to lay their rich, delicious eggs.

And when the sun starts to set, the crickets begin to sing.

Time to catch one last squiggly snack before bedtime.

To learn more about Pete and Jerry's organic pasture-raised eggs and the certified humane farms where their hens roam, visit peteandjerry's.com.