In February 2024, a finance employee at the Hong Kong office of British engineering firm Arup joined what looked like a routine video call with the company's CFO and several colleagues. Every face on the call was a deepfake. The employee, convinced by the real-time synthetic video and audio, authorized 15 transfers totaling roughly $25 million. The case became one of the most widely cited examples of why deepfake fraud detection has moved from a research curiosity to a board-level procurement priority. Attackers no longer need hours of footage or a rendering farm — commodity tools can now clone a voice from seconds of audio and puppet a face in a live call.
This guide is for security, fraud, and identity teams evaluating tools that can flag synthetic audio and video as it happens, not after the wire has already gone out. We'll walk through the criteria that actually separate a usable real-time detector from a lab demo, then give a fair look at named vendors in the space, including where each one falls short.
What "Real-Time" Actually Means in Deepfake Fraud Detection
Vendors use "real-time" loosely, so it's worth pinning down before you compare anyone. In practice there are three distinct modes:
- Pre-call or pre-transaction verification — a one-time liveness or identity check before a session starts (common in onboarding and KYC).
- In-session monitoring — continuous analysis of an ongoing video call or voice conversation, scoring frames or audio segments as they stream.
- Post-hoc forensic analysis — uploading a recorded file for deep analysis after the fact, useful for investigations but useless for stopping a live wire transfer.
Only the first two categories belong in a true deepfake fraud detection workflow where the goal is to intervene before money or data moves. If a vendor's core product is forensic upload-and-wait, it may still be valuable for incident response, but don't buy it expecting it to stop an Arup-style call in progress.
Detection Modality: Video, Audio, or Both
Fraud rarely arrives in a single modality. A convincing attack combines a manipulated face with a cloned voice, so the strongest deployments pair a video detector with an audio/voice detector rather than relying on one signal. When evaluating synthetic media detection tools, ask specifically:
- Does the tool analyze the live video stream, the audio stream, or both simultaneously?
- Can it detect voice cloning and synthetic speech, not just face-swaps and generative video?
- Does it handle degraded conditions — compressed video conferencing codecs, background noise, low bandwidth — that are common in real business calls and that can suppress the subtle artifacts detectors rely on?
Accuracy vs. False Positives in Live Fraud Workflows
Every vendor will show you a favorable benchmark. The more useful question is how the tool behaves on your traffic, not a curated test set. Detection models trained on last year's generation techniques degrade against newer diffusion- and GAN-based generators, so ask vendors how frequently models are retrained and how they handle novel synthesis methods they haven't seen before. Also weigh the cost of false positives: a fraud team that gets paged on every slightly compressed video call will tune out real alerts within weeks. Look for confidence scoring and tunable thresholds rather than a binary real/fake verdict.
Integration and Latency for Fraud Prevention Pipelines
A detector that adds three seconds of lag to a live call, or that only works as a standalone web app, will not survive contact with a production fraud prevention pipeline. Evaluate:
- SDKs and APIs for the channels you actually use — Zoom, Teams, telephony/IVR, custom web conferencing.
- Latency budget: sub-second scoring is generally needed for in-call intervention; a few seconds may be tolerable for asynchronous review queues.
- How alerts route into existing case management, SIEM, or fraud-ops tooling, since a detector that lives in its own silo won't get acted on fast enough.
Explainability and Evidentiary Value
If a detection is going to justify freezing a transaction or opening an HR investigation, "the model said 92% fake" is not enough on its own. Better tools surface which frames or audio segments triggered the score, what artifacts were detected (lip-sync mismatch, unnatural blink rate, spectral anomalies in speech), and produce a report usable in an investigation or, increasingly, in litigation. This matters most in regulated industries where a false accusation carries its own legal exposure.
A Fair Deepfake Vendor Comparison: Six Tools Worth Evaluating
No single vendor dominates every modality and use case, so most serious buyers end up running a deepfake vendor comparison across at least two or three tools rather than picking one. Here's an honest look at six names that come up repeatedly in fraud and identity RFPs.
Reality Defender
Reality Defender offers a multimodal API covering image, video, audio, and text, positioned explicitly for real-time integration into call platforms and content pipelines. Its breadth across modalities is a genuine strength for teams that don't want to stitch together separate vendors for video and voice. The tradeoff is that, like most detectors in this space, it's a proprietary model whose internals aren't independently auditable, and coverage of brand-new generation techniques inevitably lags their public release.
Sensity AI
One of the longest-running players in deepfake detection, Sensity built its reputation on a large threat-intelligence database of known deepfakes circulating online, alongside identity-verification and monitoring products. That history gives it strong visibility into deepfake campaigns beyond a single company's traffic. Its roots are more in monitoring and detection-at-scale than in low-latency, in-call interception, so teams specifically chasing live video-call fraud prevention should scrutinize the real-time product line separately from the monitoring platform.
Hive Moderation
Hive is best known as a large-scale content moderation API, and it has extended that infrastructure to flag AI-generated and manipulated media. The advantage is maturity and scale — Hive already processes enormous volumes of content for platform customers, and its AI-generated-content classifiers ride on that same infrastructure. The limitation is specialization: a general content-moderation stack tuned for platform trust-and-safety isn't the same as a purpose-built fraud detector tuned for the specific artifacts of a live executive-impersonation call.
Pindrop
Pindrop has spent years on voice biometrics and synthetic-voice detection for call centers, and it's a genuine leader when the fraud vector is audio — vishing, cloned-voice authorization calls, and IVR fraud. Its call-center integrations and voice liveness detection are mature and battle-tested at scale. The clear limitation is scope: Pindrop is not a video deepfake detector, so it needs to be paired with a video-focused tool if your threat model includes video calls like the Arup incident.
iProov
iProov focuses on biometric liveness and identity verification, primarily at the moment of onboarding or authentication — proving a real, present human is behind a selfie or verification step, and catching injection or presentation attacks including deepfake-based spoofing. It carries strong independent certifications (NIST and iBeta testing among them) that matter in regulated KYC contexts. Its design center is a discrete verification moment rather than continuous monitoring of an ongoing meeting, so it's a better fit for onboarding fraud than for policing an hour-long video call.
GetReal Labs
Founded by deepfake-detection researcher Hany Farid, GetReal Labs takes a multi-detector ensemble approach, running several independent models against the same media to reduce the blind spots any single detector has. That academic pedigree and layered methodology is a real differentiator for teams worried about single-model brittleness. As a newer, smaller company, it has a shorter public track record of large-scale enterprise deployments than the more established players above, which is worth weighing if you need extensive reference customers before signing.
How Safeguard Helps
Deepfake fraud rarely stays contained to a single conversation — the Arup case started as a video call and ended as unauthorized wire transfers executed through real corporate systems and approval workflows. Safeguard's focus is the software supply chain and the identity and access trust that underpins it: who can approve a deployment, who can onboard as a vendor or contractor, and which humans sit behind the credentials touching your build and release pipeline. As synthetic media makes voice and video a weaker basis for trust, we work with security teams to harden the adjacent controls that a deepfake call is usually trying to bypass — strong out-of-band approval steps for financial and infrastructure changes, provenance and verification requirements for new contributors and vendors entering the supply chain, and monitoring for anomalous approval patterns that don't match how a legitimate request would normally flow. No detection model catches every synthetic video or cloned voice; pairing a dedicated deepfake fraud detection tool from this guide with supply-chain-level verification controls gives fraud attempts fewer places to land even when the media itself gets past the detector.