Finance
Fake job seekers use AI to interview for remote jobs, tech CEOs say
An image provided by Pindrop Security shows a fake job candidate the company dubbed “Ivan X,” a scammer using deepfake AI technology to mask his face, according to Pindrop CEO Vijay Balasubramaniyan.
Courtesy: Pindrop Security
When voice authentication startup Pindrop Security posted a recent job opening, one candidate stood out from hundreds of others.
The applicant, a Russian coder named Ivan, seemed to have all the right qualifications for the senior engineering role. When he was interviewed over video last month, however, Pindrop’s recruiter noticed that Ivan’s facial expressions were slightly out of sync with his words.
That’s because the candidate, whom the firm has since dubbed “Ivan X,” was a scammer using deepfake software and other generative AI tools in a bid to get hired by the tech company, said Pindrop CEO and co-founder Vijay Balasubramaniyan.
“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”
Companies have long fought off attacks from hackers hoping to exploit vulnerabilities in their software, employees or vendors. Now, another threat has emerged: Job candidates who aren’t who they say they are, wielding AI tools to fabricate photo IDs, generate employment histories and provide answers during interviews.
The rise of AI-generated profiles means that by 2028 globally 1 in 4 job candidates will be fake, according to research and advisory firm Gartner.
The risk to a company from bringing on a fake job seeker can vary, depending on the person’s intentions. Once hired, the impostor can install malware to demand ransom from a company, or steal its customer data, trade secrets or funds, according to Balasubramaniyan. In many cases, the deceitful employees are simply collecting a salary that they wouldn’t otherwise be able to, he said.
‘Massive’ increase
Cybersecurity and cryptocurrency firms have seen a recent surge in fake job seekers, industry experts told CNBC. As the companies are often hiring for remote roles, they present valuable targets for bad actors, these people said.
Ben Sesser, the CEO of BrightHire, said he first heard of the issue a year ago and that the number of fraudulent job candidates has “ramped up massively” this year. His company helps more than 300 corporate clients in finance, tech and health care assess prospective employees in video interviews.
“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”
But the issue isn’t confined to the tech industry. More than 300 U.S. firms inadvertently hired impostors with ties to North Korea for IT work, including a major national television network, a defense manufacturer, an automaker, and other Fortune 500 companies, the Justice Department alleged in May.
The workers used stolen American identities to apply for remote jobs and deployed remote networks and other techniques to mask their true locations, the DOJ said. They ultimately sent millions of dollars in wages to North Korea to help fund the nation’s weapons program, the Justice Department alleged.
That case, involving a ring of alleged enablers including an American citizen, exposed a small part of what U.S. authorities have said is a sprawling overseas network of thousands of IT workers with North Korean ties. The DOJ has since filed more cases involving North Korean IT workers.
A growth industry
Fake job seekers aren’t letting up, if the experience of Lili Infante, founder and chief executive of CAT Labs, is any indication. Her Florida-based startup sits at the intersection of cybersecurity and cryptocurrency, making it especially alluring to bad actors.
“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”
Infante said her firm leans on an identity-verification company to weed out fake candidates, part of an emerging sector that includes firms such as iDenfy, Jumio and Socure.
An FBI wanted poster shows suspects the agency said are IT workers from North Korea, officially called the Democratic People’s Republic of Korea.
Source: FBI
The fake employee industry has broadened beyond North Koreans in recent years to include criminal groups located in Russia, China, Malaysia and South Korea, according to Roger Grimes, a veteran computer security consultant.
Ironically, some of these fraudulent workers would be considered top performers at most companies, he said.
“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.
His employer, the cybersecurity firm KnowBe4, said in October that it inadvertently hired a North Korean software engineer.
The worker used AI to alter a stock photo, combined with a valid but stolen U.S. identity, and got through background checks, including four video interviews, the firm said. He was only discovered after the company found suspicious activity coming from his account.
Fighting deepfakes
Despite the DOJ case and a few other publicized incidents, hiring managers at most companies are generally unaware of the risks of fake job candidates, according to BrightHire’s Sesser.
“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” he said. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”
As the quality of deepfake technology improves, the issue will be harder to avoid, Sesser said.
As for “Ivan X,” Pindrop’s Balasubramaniyan said the startup used a new video authentication program it created to confirm he was a deepfake fraud.
While Ivan claimed to be located in western Ukraine, his IP address indicated he was actually from thousands of miles to the east, in a possible Russian military facility near the North Korean border, the company said.
Pindrop, backed by Andreessen Horowitz and Citi Ventures, was founded more than a decade ago to detect fraud in voice interactions, but may soon pivot to video authentication. Clients include some of the biggest U.S. banks, insurers and health companies.
“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”
Cybersecurity and enterprise software stocks have been market dogs in 2026, with fears that AI will wipe out a wide range of companies in the enterprise space dominating the narrative. But they snapped a brutal losing streak this past week, joining in the broader market rally that saw all losses from the U.S.-Iran war regained by the Dow Jones Industrial Average and S&P 500.
Cybersecurity has been “a victim of some of the AI-related headlines,” Christian Magoon, Amplify ETFs CEO, said on this week’s “ETF Edge.”
It wasn’t just niche cybersecurity names. Take Microsoft, for example, which was recently down close to 20% for the year. Its shares surged last week by 13%.
A big driver of the pummeling in software stocks was a rotation within tech by investors to AI infrastructure and semiconductors and some other names in large-cap tech, Magoon said, and since cybersecurity stocks and ETFs are heavily weighted towards software companies, they were left behind even as those businesses continue to grow on a fundamental basis.
But Wall Street now has become more bullish with the stocks at lower levels. Brent Thill, Jefferies tech analyst, said last week that the worst may be over for software stocks. “I think that this concept that software is dead, and then Anthropic and OpenAI are going to kill the entire industry, is just over-exaggerated,” he said on CNBC’s “Money Movers” on Wednesday.
“Big Short” investor Michael Burry wrote in a Substack post on Wednesday that he is becoming bullish about software stocks after the recent selloff. “Software stocks remain interesting because of accelerated extreme declines last week arising from a reflexive positive feedback loop between falling software stocks and changes in the market for their bank debt,” he wrote.
The Global X Cybersecurity ETF (BUG), is down about 12% since the beginning of the year, with top holdings including Palo Alto Networks, Fortinet, Akamai Technologies and CrowdStrike. But BUG was up 12% last week. The First Trust NASDAQ Cybersecurity ETF (CIBR) is down 6% for the year, but up 9% in the past week.
Piper Sandler analyst Rob Owens reiterated an “overweight” rating on Palo Alto Networks which helped the stock pop 7% — it is now down roughly 6% on the year. Its peers saw similar moves, including CrowdStrike.
Performance of Global X cybersecurity ETF versus S&P 500 over past one-year period.
Magoon said expectations may have become too high in cybersecurity, and with a crowding effect among investors, solid results were not enough to to push stocks higher. But the down-and-then-back-up 2026 for the sector is also a reminder that when stocks fall sharply in a short period of time, opportunity may knock.
“Once you’re down over 10% in some of these subsectors, you start to see the contrarians start to say, ‘well, maybe I’ll take a look at this,'” Magoon said.
He said AI does add both opportunity and uncertainty to the cybersecurity equation, increasing demand but also introducing new competition. But he added, “I think the dip is good to buy in an AI-driven world,” specifically because the risks to companies may lead to more M&A in cyber names that benefits the stocks.
For now, investors may look for opportunity on the margins rather than rush back into beaten-up tech names. “I think investors are still going to remain underweight software,” Thill said.
But Magoon advises investors to at least take the reminder to keep an eye on niches in the market during pronounced downturns. “The best-performing are often the least bought and do the best over the next 12 months versus late-in-the-game piling on,” he said.
While that may have been a mindset that worked against the last investors into cybersecurity and enterprise software in mid-2025 when the negative sentiment started building, at least for now, it’s started working for the stocks in the sector again.
Meanwhile, this year’s biggest winner is also a good example of what can be an extended trade in either a bullish or bearish direction. Last year, institutional ownership of energy was at multi-year lows, Magoon said, referencing Bank of America data. “Reverse sentiment can be a great indicator,” he said.
But he cautioned that any selective buying of stocks that have dipped does have to contend with the risk that there is a potentially bigger drawdown in the market yet to come in 2026. That is because midterm election years historically have been marked by large drawdowns. “If you think it is bad right now, it could get a lot worse,” Magoon said. But he added that there’s a silver-lining in that data, too, for the patient investor. The market has posted very strong 12-month returns after midterm election drawdowns end. So, for investors with a longer-term time horizon and no need for short-term liquidity, Magoon said, “stick in there.”
Sign up for our weekly newsletter that goes beyond the livestream, offering a closer look at the trends and figures shaping the ETF market.
New innovation in the exchange-traded fund industry could come at a cost to investors during extreme conditions.
According to MFS Investment Management’s Jamie Harrison, ETFs involved in increasingly complex derivatives and less transparent markets may be in uncharted territory when it comes to violent downturns.
“Those would be something that you’d want to keep an eye on as volatility ramps up,” the firm’s head of ETF capital markets told CNBC’s “ETF Edge” this week. “As innovation continues to increase at a rapid pace within the ETF wrapper, [it’s] definitely something that we advise our clients to be really front-footed about… Lack of transparency could absolutely be an issue if we’re going to start seeing some deep sell-offs.”
His firm has been around since 1924 and is known for inventing the open-end mutual fund. Last year, ETF.com named MFS Investment Management as the best new ETF issuer.
“It’s important to do due diligence on the portfolio,” he said. “Having a firm that has deep partnerships, deep bench of subject matter experts that plays with the A-team in terms of the Street and liquidity providers available [are] super important.”
Liquidity as the real issue?
Harrison suggested the real issue is liquidity, particularly during a steep sell-off.
“We’ve all seen the news and the headlines around potential private credit ETFs. That picture becomes much more murky,” he added. “It’s up to advisors, to investors [and] to clients to really dig in and look under the hood and engage with their issuers.”
He noted investors will have to ask some tough questions.
“What does this look like in a 20% drawdown? How does this liquidity facility work? Am I going to be able to get in? Am I going to be able to get out? And if I’m able to get out, am I able to get out at a price that’s tight to NAV [net asset value], and what’s the infrastructure at your shop in terms of managing that consideration for me,” said Harrison.
Amplify ETFs’ Christian Magoon is also concerned about these newer ETF strategies could weather a monster drawdown. He listed private credit as a red flag.
“If your ETF owns private credit, I think it’s worth taking a look at, kind of what the standards are around liquidity and how that ETF is trading, because that should be a bit of a mismatch between the trading pace of ETFs and the underlying asset,” the firm’s CEO said in the same interview.
Magoon also highlighted potential issues surrounding equity-linked notes. The notes provide fixed income security while offering potentially higher returns linked to stocks or equity indexes.
“Those could potentially be in stress due to redemptions and the underlying credit risk. That’s another kind of unique derivative,” Magoon said. “I would very closely look at any ETF that has equity-linked notes should we get into a major drawdown or there be a contagion in private credit or something related to the banking system.”
What that means for consumer loans
Checks and Balance newsletter: Of God and MAGA
Why software stocks, 2026’s market dogs, have joined the rally
Armanino adds Strategic Accounting Outsourced Solutions
New 2023 K-1 instructions stir the CAMT pot for partnerships and corporations
