The potential power of small AI models

Deepfakes are becoming so convincing that they can barely be distinguished from real images and videos, raising fears that fraudsters can use artificial identities and circumvent Know Your Customer (KYC) checks to bypass defenses designed to prevent impersonation.

An industry source requesting anonymity said the threat has started permeating the banking, financial services and insurance (BFSI) sector.

“People are generating synthetic bank statements and there are issues of deepfakes during video KYC. There have been cases where such applications were processed and underwritten, leading to fraud of ₹15 to ₹20 crore in NBFCs (non-banking financial companies),” the person said.

But, the cost of organized fraud is becoming increasingly affordable for fraudsters as well as extremely burdensome

For the industry, thanks to the rapid pace of development of AI models.

Authorities said the fraud generally follows a familiar pattern: Customized tools built on top of these models are distributed through Telegram channels and dark-web marketplaces.

“The challenge is that fraudsters are not using standard models. Frontier models use trillions of tokens to train and are sophisticated. Instead, fraudsters use smaller models to generate deepfakes and run them on local, consumer hardware like gaming computers. This does not cost much. These models are shared on Telegram channels and other dark web platforms,” ​​said Sandesh GS, chief technology officer (CTO) of the bureau; A Technology Service Provider (TSP).

Deepfake injection involves injecting images into a compromised device that can fail liveness checks, while they also include examples of AI-based document tampering.

These deepfake passes have the potential to pass most liveness checks, especially at a time when KYC is designed around the principle that a live human face on camera is proof of that person’s presence.

The rapid proliferation of such tools among organized fraud networks may have prompted the Indian Cyber ​​Crime Coordination Center (I4C) to issue an advisory warning that fraudsters were using AI-powered techniques to circumvent existing cybersecurity safeguards.

Industry executives said some fraud models were trained specifically for deepfakes and could be built on open source models.

“These are wrappers built on top of an open source LLM (large language model), which are easily available at a fairly affordable cost. Also, the expertise required to perform all these sophisticated attacks is significantly reduced,” said Prakash Paritosh, Principal Product Manager (PM), IDFI; One tsp.

He told that the company was working on rolling out deepfake detection module.

The ability to detect synthetic identities after analyzing an image.

Banks in the country reported fewer fraud cases in the financial year 2025-26 (FY26), but the total amount involved rose to the highest in three years, driven by fraud in loans and advances and concentrated in state-owned lenders.

According to data released by the Reserve Bank of India (RBI) in its latest annual report, the industry reported frauds of ₹48,021 crore in FY26, up 46.4 per cent from ₹32,803 crore in FY25.

“It is extremely difficult for a common man to detect deepfakes. This issue is also growing because the devices themselves are compromised. Fraudsters can inject images or deepfakes for that matter. The first priority should be to secure the devices,” the bureau’s message said.

This fraud does not stop only at the BFSI sector.

These are a growing threat to e-commerce and quick commerce platforms, social media sites, dating apps, among others.

“There are sophisticated networks that perpetrate all such frauds. Even marginal models around identity accounts such as creating fake groups to exploit vulnerabilities are a possibility. Especially for documentation, where some documents are generated by ChatGate or the cloud,” IDFY’s Prakash said.

Officials said that since most of these deepfakes are created using models trained for malicious intent, they bypass GAN (Generative Adversarial Network) fingerprints or synthetic IDs.

These are unique identifiers that result from invisible patterns left behind images or data to detect deepfakes.

I4C also recommends that ‘customer onboarding systems, including fintech companies, should integrate deep fake and artificially generated content detection mechanisms.’