Deepfake Impersonation and Legislative Response in the United States
The FBI has reported ongoing campaigns in which unknown actors use AI-powered voice cloning and deepfake technologies to impersonate senior U.S. government officials, including members of Congress and Cabinet-level leaders. These impersonators initiate contact via SMS and then move conversations to encrypted messaging apps such as Signal, WhatsApp, and Telegram, leveraging AI voice cloning to convincingly pose as high-level officials. The FBI's updated assessment reveals that these activities have been occurring since at least 2023, targeting not only officials but also their family members and acquaintances, with the intent to extract sensitive information or perpetrate scams.
In response to the growing threat of malicious deepfakes, the U.S. government has enacted the Take It Down Act, one of the first major federal laws specifically targeting the spread of nonconsensual AI-generated deepfake pornography. The law criminalizes the publication of such content, mandates its removal within 48 hours upon notification, and empowers the Federal Trade Commission to enforce compliance. The U.S. Sentencing Commission is now seeking public input on sentencing guidelines, proposing penalties of up to two years' imprisonment for adults and three years for minors, reflecting the seriousness with which lawmakers are treating the misuse of deepfake technology for harassment and abuse.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
FBI says deepfake impersonation of U.S. officials is ongoing since 2023
The FBI publicly reported that an ongoing campaign using AI-powered voice cloning to impersonate senior U.S. officials dates back to 2023. The disclosure highlighted tactics such as moving targets to encrypted apps, proposing meetings with officials, and harvesting passport images and contact lists to expand the scheme.
U.S. Sentencing Commission releases preliminary Take It Down Act guidelines
The U.S. Sentencing Commission released preliminary sentencing guidelines for offenses under the Take It Down Act and opened a public comment period. The proposal outlines how fines and prison penalties could be applied for crimes involving real and AI-generated nonconsensual intimate imagery.
Congress passes the Take It Down Act
Congress passed the Take It Down Act with overwhelming bipartisan support, creating a new federal framework targeting the publication of nonconsensual intimate imagery, including AI-generated deepfake pornography. The law also requires companies to remove reported content within 48 hours and gives the FTC enforcement authority.
Deepfake impersonation campaign targeting U.S. officials begins
According to the FBI, malicious actors began using AI-powered voice cloning and related impersonation tactics against senior U.S. government officials in 2023. The campaign used SMS and encrypted messaging apps such as Signal, WhatsApp, and Telegram to approach victims and solicit sensitive information.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
FTC Enforces 48-Hour Takedown Rule for Nonconsensual Deepfakes
The Federal Trade Commission said it will begin enforcing a key provision of the Take It Down Act on May 19, requiring covered websites and online services to remove reported nonconsensual intimate imagery and AI-generated deepfake content within 48 hours. FTC Chair Andrew Ferguson notified major platforms including Meta, Google, and X that failures to comply can trigger investigations and civil penalties of up to **$53,088 per violation**, and said companies must publish clear removal policies and provide accessible reporting channels, including for people who do not have accounts. The requirement applies broadly across websites, apps, social media, image and video sharing services, and gaming platforms. The FTC also urged companies to use hashing technologies and coordinate with groups such as the **National Center for Missing and Exploited Children** and **StopNCII.org** to prevent removed material from being reuploaded. Supporters said the enforcement regime gives the law real consequences for noncompliance, while civil liberties and policy experts warned the short deadline and steep fines could lead platforms to over-remove legitimate content or create openings for bad-faith complaints.
May 27, 2026
AI-Driven Deepfakes and Their Impact on Cybercrime and Digital Forensics
Artificial intelligence is increasingly being leveraged by both cybercriminals and law enforcement, fundamentally transforming the landscape of cybercrime and digital forensics. AI-powered tools are now capable of detecting cyber threats by recognizing malicious activity patterns and supporting digital forensic investigations, making it easier for specialists to identify relevant evidence such as images and chat logs while minimizing exposure to unrelated or distressing material. However, the same AI technologies are also being exploited by threat actors to create highly realistic deepfakes—synthetic images, videos, and voices—that are difficult to distinguish from genuine content. These deepfakes are used in a variety of malicious campaigns, including misinformation, fraud, identity theft, and sophisticated social engineering attacks. State-sponsored groups from countries like Iran, China, North Korea, and Russia have been documented using AI-generated media for phishing, reconnaissance, and information warfare, with specific examples including Iranian actors impersonating officials and North Korean hackers using fake job interviews to infiltrate organizations. The rapid evolution of deepfake technology has led to the development of advanced AI-powered detection tools that utilize machine learning, computer vision, and biometric analysis to identify manipulated content before it can cause harm. Despite these advances, challenges remain: AI models can struggle with altered media, such as deepfakes, and require constant retraining with supervised, high-quality data to avoid errors and hallucinations. Public concern over the misuse of deepfakes is growing, with surveys indicating that half of young people in the UK fear non-consensual deepfake nudes, and a significant portion of the population worries about financial losses, scams, and unauthorized access to sensitive information facilitated by AI-generated content. The emotional and psychological risks associated with malicious deepfakes are substantial, particularly when individuals or their families are targeted. There is also a notable gap in public understanding of deepfake threats, with a portion of the population unable to identify deepfake calls, underscoring the need for greater education and awareness. Organizations are increasingly adopting AI-powered security awareness training to help employees recognize and respond to evolving social engineering tactics. The dual use of AI in both cybercrime and its detection highlights the urgent need for ongoing collaboration, improved training, and the responsible development of AI technologies to mitigate risks while enhancing digital forensics capabilities. As AI continues to advance, both the sophistication of attacks and the tools to counter them are expected to grow, making vigilance and adaptability essential for cybersecurity professionals and the public alike.
Mar 21, 2026
Criminal Use of AI-Generated Media in Extortion and Deepfake Scams
Criminals are leveraging AI tools to manipulate publicly available images and videos from social media, creating convincing fake 'proof of life' media for use in virtual kidnapping and extortion scams. The FBI has warned that these scams involve contacting victims with claims of having kidnapped a loved one, often accompanied by doctored images or videos to increase credibility and pressure for ransom payment. The ease of accessing personal media online and the sophistication of AI-driven image and video manipulation have made these scams more convincing and difficult to detect, with the FBI noting a rise in such emergency scams and significant financial losses for victims. The proliferation of AI-generated media has also led to broader concerns about the spread of deepfakes and nonconsensual explicit imagery. Security researchers have uncovered exposed databases from AI image generator startups containing millions of manipulated images, including nonconsensual 'nudified' photos of real people and even children. These developments highlight the growing risks posed by AI-powered media manipulation, both for targeted extortion schemes and for the privacy and safety of individuals whose images are scraped and abused online.
Mar 21, 2026