Twenty-three percent of companies already report identity fraud among new hires. Gartner's 2024 prediction: 1 in 4 candidate profiles fake by 2028. That may be a few years behind the reality.

The technique is more systematic than most security teams expect. AI-generated resumes pass ATS filters because they're built from the same job descriptions the filters score against. Real-time face-swapping runs during video interviews. Fabricated government IDs clear document verification vendors that rely on visual inspection rather than behavioral signals.

The goal is to get badged: valid credentials, network access, and cover. The interview is just the obstacle.

Most enterprise responses add more document verification: better ID checks, stricter video controls, additional background screening. But this addresses the artifact layer (the resume, the ID, the Zoom frame), not the identity itself.

Checklist-based screening fails when the attacker controls the checklist inputs. The fabricated hire who passes screening is now an insider with a legitimate account, a plausible role, and months to operate inside the perimeter.

The signal that's harder to fake is behavioral. Does the new account authenticate where expected? Does the first week's access pattern match any known baseline for the role, or does it immediately reach outside its scope?

These questions are answerable, but only if you're running behavioral context against identity events, not just checking documents at intake. Abnormal's detection logic is built on that premise.

See the latest from Abnormal's product and engineering teams.