Hany Farid has spent three decades building the tools that detect fake images. Now the UC Berkeley professor who the New York Times calls the world's leading deepfake expert says the technology has outrun him — and he's scared.

Farid's public alarm, which surfaced in a Times profile last week and has been circulating through the Bay Area press since, is striking precisely because of who is saying it. This is not a pundit warning about AI in the abstract. This is the person the field turns to when it needs to know whether a photo is real — saying he no longer knows.

Farid holds joint appointments in Berkeley's School of Information and in Electrical Engineering and Computer Sciences. He is also, notably, the co-founder and Chief Science Officer of GetReal Security, a startup built specifically to sell deepfake detection to enterprises. When the person selling the alarm system says the alarms aren't working, that's worth paying attention to.

In a New York Times profile published June 14, as reported by Berkeleyside, Farid said AI-generated content is now so convincing that he no longer trusts his own eyes. His summary of where things stand: "We're pretty screwed."

The statement lands with weight because Farid has been tracking this problem longer than most. His digital forensics lab at Berkeley has produced researchers and datasets that underpin the field. His recent work includes the DeepSpeak dataset, published at CVPR this year, and peer-reviewed research on detecting AI-generated explosions — the kind of synthetic media that floods conflict zones.

But the volume has now overwhelmed the detection capacity. In a co-authored op-ed published in March on TechPolicy Press, Farid and Berkeley Ph.D. candidate Sarah Barrington described what their days actually look like: "As digital-forensic researchers who deal every day with the fall-out of AI slop, we were relieved at the news of OpenAI's shuttering of the Sora app." That app, they wrote, "combined the addictiveness of social media with the power of generative AI to make highly compelling and viral fake videos" — before OpenAI shut it down just six months after launch.

The implications aren't theoretical for Bay Area residents. GetReal Security's own research, published on its website, found that 62 percent of organizations experienced a deepfake attack in the past twelve months, according to Gartner data. Separately, GetReal's own study found that 41 percent of enterprises had unknowingly hired a physical imposter — someone who used AI-generated video to pass remote interviews as a different person. North Korean operatives have used this technique to infiltrate American tech companies, including at least one documented Bay Area case.

Farid and Barrington have laid out specific prescriptions: every AI company should embed cryptographically-signed content credentials (the C2PA standard) in every piece of generated content; every social media platform should read those credentials and label AI-generated material the way food packaging labels ingredients. Federal legislation, they argue, should clarify that Section 230 liability shields do not protect AI companies from harms their products create, and should give people legal rights over their own likenesses.

None of that has happened yet. What has happened is that the tools for generating convincing fakes have proliferated far faster than the tools for catching them — a gap Farid has been warning about for years from his Berkeley office and is now warning about from what looks, from the outside, like a place of genuine alarm.

His company sells the defense. His research builds the detectors. And he's still saying we're pretty screwed.

Bay Area readers have encountered the downstream effects of this technology directly. The Dissent reported in May on a Bay Area family defrauded by an AI voice-cloning scam that posed as a kidnapping.