%3Aquality(100)&w=640&q=75){kind=logo}
Generative AI Cannot Fake a Cryptographic Credential
The government case for identity-verified communications in the battle against deepfakes.
Jun 17, 2026
·Blog
·Secure Communications
%3Aquality(100)&w=3840&q=75)
In a recent, sobering profile by The New York Times, the world’s leading researcher in deepfake detection Dr. Hany Farid made an admission that should trouble every Chief Information Security Officer (CISO) and national security official.
After twenty-five years of successfully decoding visual manipulations, Farid conceded that generative artificial intelligence has scaled beyond human and computational triage. He noted that while calculating pixels and shadows to expose a deepfake can take hours or days, an AI-generated fiction achieves viral ubiquity across the internet in a matter of seconds.
Farid’s warning is clear: Our visual system is becoming useless and content-layer detection is an arms race we are actively losing.
For government communicators and mission-critical security architects, the Farid assessment shifts the problem from post‑facto detection to preventing deepfakes from entering the communications environment.
Effective mitigation requires identity and device verification at the point of communication.
Detection Was Always the Wrong Layer
Detection assumes synthetic media has already entered the channel and may have influenced a decision. In a crisis coordination environment, a command-and-control network, or a classified briefing chain, that sequence is unacceptable. By the time a deepfake is detected, the OODA loop has already been corrupted.
The institutional actors that have moved on deepfakes in 2026 have moved on the refusal side: the FEC deadlocked rather than mandated detection, the Canada Privacy Commissioner ruled a generative tool unlawful rather than requiring detection at scale, and YouTube’s biometric-likeness system is opt-in and scoped to named individuals. All of them are upstream controls that restrict what enters the environment rather than detection in any operational sense. Government secure communications require the same logic, applied at the infrastructure layer.
Verification Solves the Problem Detection Cannot
Deepfake attacks in government communications typically involve a synthetic voice on a command call. A fabricated video of a senior official issuing an order. A manipulated image used to trigger an emergency response. In every scenario, the attack succeeds because the recipient cannot independently verify that the sender is who they claim to be and that the device generating the communication is authorized.
Cryptographic identity and device verification eliminates that attack surface entirely.
BlackBerry® SecuSUITE® enforces certificate-based device authentication for every call and message. The sender’s identity is not inferred from voice, appearance, or behavior. It is verified against a cryptographic credential tied to a registered, managed device. No credential, no communication. The deepfake cannot pass that gate because the gate does not evaluate what the communication looks or sounds like. It evaluates who signed it.
BlackBerry® UEM extends the same logic to the device layer. Every endpoint in a managed fleet is known, enrolled, and continuously assessed. A device attempting to inject synthetic content into a communications chain is either not enrolled — in which case it cannot reach the channel—or it is enrolled and its compromise is detectable through policy enforcement and behavioral anomaly flags.
BlackBerry® AtHoc® applies the same verification architecture to mass notification and crisis coordination. When an alert is issued, recipients know it originated from an authenticated operator on a managed device. The communication carries institutional authority because the infrastructure enforces institutional identity.
The Sovereignty Dimension
Farid’s prescription is that the public should treat images and video as untrusted by default, the way it treats unsigned email, and look for cryptographic provenance and institutional source.
Government organizations should not wait for the public conversation to catch up. The architecture Farid is describing as a future media-literacy goal already exists in hardened government communications infrastructure: cryptographic provenance, institutional source verification, device-anchored identity.
The critical distinction for defense and national security contexts is key sovereignty. BlackBerry SecuSUITE is built on the principle that the cryptographic keys validating every communication remain under the control of the deploying organization, not a vendor. The government owns the trust anchor. A third party cannot be coerced, breached, or manipulated into undermining it.
That is the architecture the deepfake threat demands. Not better detection. Better provenance. Not smarter analysis after the fact. Stronger gates before it.
Defending the Perimeter of Truth
Farid is correct that public information ecosystems are poisoned. Mainstream social media platforms, driven by engagement and velocity, lack the unified infrastructure to validate the billions of media files uploaded daily. Outside the network firewall, the "Liar's Dividend" will likely persist, and public doubt will remain high.
However, the government network is not public social media. It is a controlled, regulated, and defensible space. Mission-critical operations simply need to enforce cryptographic accountability on our endpoints. When device identity and user authentication are absolute, synthetic illusions lose their power to deceive.
The Operational Conclusion
Detection has lost the race. The lag is structural, not incidental, and every generative model release widens it again. Organizations that continue to invest in detection as a primary deepfake mitigation are building defenses that are structurally outmatched on delivery.
The government organizations best equipped to operate in this environment have taken a different approach. Rather than trying to determine whether a message is real after the fact, they establish authenticity from the start. They know who is communicating. They know which device sent the message. They control the cryptographic keys that prove it.
That is not a technology preference. In 2026, it is an operational requirement.
BlackBerry® Secure Communications provides cryptographically verified, end-to-end encrypted communications for defense, government, and critical infrastructure organizations globally. BlackBerry SecuSUITE, BlackBerry UEM, and BlackBerry AtHoc are certified under Common Criteria, FIPS 140-2, and NATO standards.
Generative AI Cannot Fake a Cryptographic Credential
The government case for identity-verified communications in the battle against deepfakes.
Jun 17, 2026
·Blog
·Secure Communications
In a recent, sobering profile by The New York Times, the world’s leading researcher in deepfake detection Dr. Hany Farid made an admission that should trouble every Chief Information Security Officer (CISO) and national security official.
After twenty-five years of successfully decoding visual manipulations, Farid conceded that generative artificial intelligence has scaled beyond human and computational triage. He noted that while calculating pixels and shadows to expose a deepfake can take hours or days, an AI-generated fiction achieves viral ubiquity across the internet in a matter of seconds.
Farid’s warning is clear: Our visual system is becoming useless and content-layer detection is an arms race we are actively losing.
For government communicators and mission-critical security architects, the Farid assessment shifts the problem from post‑facto detection to preventing deepfakes from entering the communications environment.
Effective mitigation requires identity and device verification at the point of communication.
Detection Was Always the Wrong Layer
Detection assumes synthetic media has already entered the channel and may have influenced a decision. In a crisis coordination environment, a command-and-control network, or a classified briefing chain, that sequence is unacceptable. By the time a deepfake is detected, the OODA loop has already been corrupted.
The institutional actors that have moved on deepfakes in 2026 have moved on the refusal side: the FEC deadlocked rather than mandated detection, the Canada Privacy Commissioner ruled a generative tool unlawful rather than requiring detection at scale, and YouTube’s biometric-likeness system is opt-in and scoped to named individuals. All of them are upstream controls that restrict what enters the environment rather than detection in any operational sense. Government secure communications require the same logic, applied at the infrastructure layer.
Verification Solves the Problem Detection Cannot
Deepfake attacks in government communications typically involve a synthetic voice on a command call. A fabricated video of a senior official issuing an order. A manipulated image used to trigger an emergency response. In every scenario, the attack succeeds because the recipient cannot independently verify that the sender is who they claim to be and that the device generating the communication is authorized.
Cryptographic identity and device verification eliminates that attack surface entirely.
BlackBerry® SecuSUITE® enforces certificate-based device authentication for every call and message. The sender’s identity is not inferred from voice, appearance, or behavior. It is verified against a cryptographic credential tied to a registered, managed device. No credential, no communication. The deepfake cannot pass that gate because the gate does not evaluate what the communication looks or sounds like. It evaluates who signed it.
BlackBerry® UEM extends the same logic to the device layer. Every endpoint in a managed fleet is known, enrolled, and continuously assessed. A device attempting to inject synthetic content into a communications chain is either not enrolled — in which case it cannot reach the channel—or it is enrolled and its compromise is detectable through policy enforcement and behavioral anomaly flags.
BlackBerry® AtHoc® applies the same verification architecture to mass notification and crisis coordination. When an alert is issued, recipients know it originated from an authenticated operator on a managed device. The communication carries institutional authority because the infrastructure enforces institutional identity.
The Sovereignty Dimension
Farid’s prescription is that the public should treat images and video as untrusted by default, the way it treats unsigned email, and look for cryptographic provenance and institutional source.
Government organizations should not wait for the public conversation to catch up. The architecture Farid is describing as a future media-literacy goal already exists in hardened government communications infrastructure: cryptographic provenance, institutional source verification, device-anchored identity.
The critical distinction for defense and national security contexts is key sovereignty. BlackBerry SecuSUITE is built on the principle that the cryptographic keys validating every communication remain under the control of the deploying organization, not a vendor. The government owns the trust anchor. A third party cannot be coerced, breached, or manipulated into undermining it.
That is the architecture the deepfake threat demands. Not better detection. Better provenance. Not smarter analysis after the fact. Stronger gates before it.
Defending the Perimeter of Truth
Farid is correct that public information ecosystems are poisoned. Mainstream social media platforms, driven by engagement and velocity, lack the unified infrastructure to validate the billions of media files uploaded daily. Outside the network firewall, the "Liar's Dividend" will likely persist, and public doubt will remain high.
However, the government network is not public social media. It is a controlled, regulated, and defensible space. Mission-critical operations simply need to enforce cryptographic accountability on our endpoints. When device identity and user authentication are absolute, synthetic illusions lose their power to deceive.
The Operational Conclusion
Detection has lost the race. The lag is structural, not incidental, and every generative model release widens it again. Organizations that continue to invest in detection as a primary deepfake mitigation are building defenses that are structurally outmatched on delivery.
The government organizations best equipped to operate in this environment have taken a different approach. Rather than trying to determine whether a message is real after the fact, they establish authenticity from the start. They know who is communicating. They know which device sent the message. They control the cryptographic keys that prove it.
That is not a technology preference. In 2026, it is an operational requirement.
BlackBerry® Secure Communications provides cryptographically verified, end-to-end encrypted communications for defense, government, and critical infrastructure organizations globally. BlackBerry SecuSUITE, BlackBerry UEM, and BlackBerry AtHoc are certified under Common Criteria, FIPS 140-2, and NATO standards.
%3Aquality(100)&w=3840&q=75)