Fighting AI with AI

Speaker 1 NPR.

Speaker 2 So Wayland, the other day I decided to give our colleague Angel Carreras a little test.

Speaker 2 Hello, Darian. Hey, hey.
Sorry, Jeff headphones on. Angel,

Speaker 2 I need your help with something real quick. What's up? I need your help with something real quick.
You sound like AI. Would you be able to go out and buy some gift cards for me?

Speaker 2 You sound like I don't have time today.

Speaker 2 It's a surprise for our colleague. Darian, I'm so sorry.
You're not fooling me. This is AI.
If you could just go out and buy like $200 in gift cards, that would be awesome.

Speaker 2 Okay, actually, you've convinced me. Where should I get these?

Speaker 2 D-A-I-Darian.

Speaker 2 Come on, quick on your feet, Darian. Where? Angel, I have to admit something to you.
Too sloppy, Darien. This is not my real view.
Too sloppy. I am a deep fake.

Speaker 2 Gosh.

Speaker 2 angel

Speaker 1 i got you you got you got nothing you got nothing oh my gosh angel was so clever if you had called me i would have fallen for it immediately yeah i would have been like where do you want the gift cards from gap do you need a gap gift card

Speaker 2 no i know and so yeah depending on the person depending on the situation like maybe it'd been urgent like a cousin calling from a hospital this could have really fooled somebody yeah a lot of people are falling for these kinds of audio deep fakes.

Speaker 1 It's like millions of Americans have lost money to a scam call that uses an AI voice. And the losses from these scams can be in the thousands of dollars.

Speaker 2 But it's not all hopeless. Businesses are using AI to fight AI.
This is the indicator from Planet Money. I'm Darien Woods.

Speaker 2 This week on The Indicator, we're going to bring you a special series on the evolving business of crime.

Speaker 1 Today's show, Defending Against AI Voice Clones.

Speaker 1 We speak with the company working to ferret out AI deep fakes, and we learn how banks are fortifying themselves in an age where anyone can sound like anyone else.

Speaker 3 This message comes from LinkedIn Ads. One of the hardest parts about B2B marketing is reaching the right audience.
That's why you need LinkedIn ads.

Speaker 3 You can target your buyers by job title, company, role, seniority, and skills. All the professionals you need to reach in one place.
Get a $250 credit on your next campaign so you can try it yourself.

Speaker 3 Just go to linkedin.com slash nprpod. That's linkedin.com slash nprpod.
Terms and conditions apply. Only on LinkedIn ads.

Speaker 4 This message comes from the National Marine Sanctuary Foundation, connecting Americans to their shared maritime heritage for over 25 years.

Speaker 4 The protection of important marine habitats and species, cultural heritage, and historic shipwrecks creates strong marine economies for America's coastal communities.

Speaker 4 This giving season, please help keep the ocean, coasts, and great lakes clean, open, and accessible to all. Make your gift now at marinesanctuary.org/slash NPR.

Speaker 3 This message comes from NPR sponsor Veeam. AI promised intelligence, but it also exposed everything people couldn't see.

Speaker 3 Veeam and Security AI bring protection, governance, and AI trust together to accelerate safe AI at scale. Learn more at Veeam.com.

Speaker 2 Banks are a big target of AI voice fraud.

Speaker 1 I mean, that's where the money is, literally.

Speaker 2 And so if you're a chief information officer at a bank, you are constantly checking your websites and phone line systems for any vulnerabilities. That's what Mark Kwopizewski is doing at PNC Bank.

Speaker 5 Fraudsters constantly bang on every door trying to find any crack in essentially our armor or our moat, you know, around the bank.

Speaker 5 As banking has gone more digital, obviously the criminals have followed there.

Speaker 1 One scheme calls people up, it records you talking for several seconds, and then it turns that into a cloned AI voice and uses that to bypass bank's voice verification on the phone.

Speaker 5 Because it's so easy now to reproduce your voice, you really can't rely on any one vector to say, okay, I'm just going to accept it's you because I hear you.

Speaker 2 One person has been on this problem for years. Ben Coleman used to work for Goldman Sachs, and there he saw the early stages of these kinds of frauds.

Speaker 2 So in 2021, he co-founded a tech company that would try to protect big institutions like banks from voice fraud. He just didn't have the language for it yet.

Speaker 6 But we didn't have the buzzword of DeepFix. We didn't have generative AI.
We didn't have ChatGPT or anything.

Speaker 6 So we said we can detect AI avatars and virtual humans, which are about to be this huge kind of tsunami of fraud.

Speaker 2 How did you see this coming?

Speaker 6 I just assumed if I was a hacker, what would I be doing?

Speaker 6 How do I do more hacking?

Speaker 1 That's what I ask myself every day, Tarian.

Speaker 2 That's a black hat hacker, Will and Long.

Speaker 2 Watch out.

Speaker 1 Ben thought that voice verification was this huge vulnerability for banks. If the bank verified your voice on the phone, you could do a wire transfer or reset the password and gain complete control.

Speaker 1 He named his company Reality Defender.

Speaker 6 We're doing what's called inference, which is looking for different features that probabilistically indicate that AI was used.

Speaker 2 An AI voice has a particular harmonic structure that the human ear doesn't hear, but Reality Defender software can detect.

Speaker 6 There's indicators of AI, which means that the information is, yes, it's yours, but it's being used by somebody who's not you.

Speaker 2 So your company is almost like one of these AI detection websites where teachers might put a student's essay and say, is this AI?

Speaker 6 Yeah, turnitin.com. Yeah.

Speaker 1 Ben says the majority of top 20 banks use Reality Defender software, and many use other services like Ben's. But he says that banks should step up even further.

Speaker 6 Unfortunately, many institutions, not only banks, but also government organizations, insurance companies, media organizations, are still using what are called voice biometrics, which is a short way of saying your voice is your password.

Speaker 2 Ben thinks banks should just remove seeing a voice as a kind of password entirely. We asked Mark Kwapazewski at PNC Bank why it was still using voice ID.

Speaker 2 Are there risks to PNC using voice authentication technology?

Speaker 5 I think if you're only using the one dimension, there's risk in everything.

Speaker 5 There'd be risk in accepting a driver's license, for example, somebody walking into your branch, which is why you're starting to see a lot more technologies that are looking for

Speaker 5 multi-factor authentication or even just those other signals. So I would sort of say you always want to have layers of security.
And that's probably the key thing

Speaker 5 that we're always looking at: which, how well do we feel we have our various layers covered? And then you're able to learn where you might be overusing one of those signals and adjust.

Speaker 1 So it's not just your voice the banks are looking at, but also your location, the device you're calling from, details like your birthday, a text message verification code, all kinds of things.

Speaker 1 In fact, Mark says criminals flock to where the weakest defenses are. And thanks to software like Reality Defender, the greatest vulnerability isn't with bank phone lines.
It's with the customers.

Speaker 5 So it's a little bit in reverse. How do you know that the company that just called you is actually PNC?

Speaker 5 We've spent a lot of time and money with

Speaker 5 the telecom carriers, different technology companies, so that if somebody's trying to spoof one of PNC's numbers, it gets blocked and it never gets delivered to you.

Speaker 2 The fraudster tries to build a a sense of urgency that you need to move your money. Maybe they say the bank account's been compromised.

Speaker 5 We'll never ask you to move your money. If we think an account has been compromised, the bank will move your money for you, you know, within the bank.

Speaker 1 But he says a lot of people believe they're talking to the bank.

Speaker 1 The supposed bank worker will tell them to buy gold or cryptocurrency or withdraw cash and hand it over to someone, thinking that will keep the money safe.

Speaker 5 It's a scam every time.

Speaker 1 Another voice scam is going straight to the customer, pretending to be a loved one in need.

Speaker 5 Being in this part of the business I have with my family is essentially a safe word.

Speaker 5 And we all, you know, know if there's ever a situation where, you know, somebody is either really in trouble and asking for money,

Speaker 5 it's consistent. We will ask for the safe word.

Speaker 1 Angel could have used that.

Speaker 2 Yeah, I mean, he didn't need one, but you know, I thought the voice clone was actually pretty good.

Speaker 2 and that's why ben coleman from reality defender doesn't think that protecting banks is enough he wants all content online to be vetted for whether it was ai generated from text to voice to video yeah like celebrity scams are a problem right now we've recently had revelations of scammers pretending to be pro-golfers on instagram and facebook i think we're going to look back and say i can't believe there was a time when we didn't have automated defect detection our challenge is is just this technology is moving quicker than regulations And that's why Ben went to Congress to try to advance regulation.

Speaker 1 That would mean when you logged into Instagram or got a Zoom call or a WhatsApp voice memo, you would be informed about whether it was AI.

Speaker 6 We just gave testimony in Congress and in the Senate about this. We deepfaked Senator Blumenthal and Senator Hawley.

Speaker 6 First on we're going to ask the audience and those on the DS which ones are real and which ones are fake.

Speaker 7 Hi, my name is Richard Blumenthal, United States Senator from Connecticut, and I'm a die-hard Red Sox fan.

Speaker 2 That clip of Richard Blumenthal was AI, by the way.

Speaker 1 Geez, he needs a safe word. Should be Red Sox.

Speaker 2 By the way, we at The Indicator are not immune from AI deep fakers. We've heard reports of scammers pretending to be us at The Indicator, so note that we will always use an at npr.org email address.

Speaker 2 Tomorrow in our Vice series, we bring you an episode on what supercharging data breaches.

Speaker 2 This episode was produced by by Cooper Cats McKim with engineering by Robert Rodriguez. It was fact-checked by Sierra Juarez.
Kekin Karen edits the show, and the indicator is a production of NPR.

Speaker 4 This message comes from the National Marine Sanctuary Foundation, connecting Americans to their shared maritime heritage.

Speaker 4 Help keep the ocean, coasts, and great lakes clean, open, and accessible to all. Make your gift now at marinesanctuary.org/slash npr.

Speaker 3 Support for NPR and the following message come from Edward Jones. What does it mean to live a rich life? Maybe it's full of brave first leaps, tearful goodbyes, and everything in between.

Speaker 3 And with over a hundred years of experience, your Edward Jones financial advisor can help. Edward Jones, member SIPC.

Speaker 3 This message comes from NPR sponsor Charles Schwab with its original podcast on investing. Each week, you'll get thoughtful, in-depth analysis of both the stock and the bond markets.

Speaker 3 Listen today and subscribe at schwab.com/slash on investing or wherever you get your podcasts.