
Chief Executive Officer
Published: February 18, 2026

The 2026 NIST baseline says four things clearly. Voice biometrics can no longer stand alone as a login factor. Presentation Attack Detection has to keep the imposter-accept rate below 0.07. Official media needs verifiable provenance — signed metadata or cryptographic proof of origin. And continuous monitoring plus deepfake-aware drills are now part of normal operations. The publications doing the work are SP 800-63-4, AI 100-4, AI 600-1, and IR 8596.
The NIST deepfake standards are a coordinated set of U.S. federal publications, issued between 2023 and 2026, that spell out how organizations should defend themselves against synthetic media impersonation and AI-driven social engineering. The stack covers identity proofing (SP 800-63-4), synthetic content (AI 100-4), generative AI governance (AI 600-1), and AI-specific cybersecurity guidance (IR 8596). Read together, they form the first practical U.S. baseline for deepfake defence.
In This Article
In early 2024, a finance worker at Arup wired $25 million after joining what looked like a routine video call with the company's CFO. Every other face on the screen was a deepfake. Cases like that have stopped being curiosities. They're a category of fraud now, and they hit voice calls, video meetings, and email inboxes at the same time.
NIST has been writing the rulebook for how organizations are expected to respond. Between 2023 and 2026, the agency published a stack of guidance covering identity proofing, synthetic content, generative AI governance, and the cybersecurity framework itself. If your team handles sensitive data, runs remote onboarding, or sits on a target list for executive impersonation, those publications are now the baseline you'll be measured against.
The reason NIST is acting now is that the attack surface changed faster than the defenses did. What used to require a post-production studio can now run on a laptop, in real time, clean enough to fool people who are actively looking for a fake. WPP saw a cloned-voice attempt on its CEO in 2024. Ferrari's executives got the same treatment a few weeks later. Those weren't edge cases. They were the new normal arriving early.
Three patterns run through IR 8596 and the related publications:
AI-enabled phishing.
Emails, phone calls, and video meetings can all be staged convincingly. Spear-phishing has effectively gone multi-channel.
Executive targeting.
Attackers go after the voices people are conditioned to obey — the CFO asking for an urgent transfer, the CEO requesting an "off-the-books" approval.
Inside-the-org impersonation.
A deepfaked colleague is harder to suspect than an external sender. The trust radius itself becomes the attack vector.
The thread tying it all together is that deepfake risk is a human problem at least as much as a technical one. NIST is now writing requirements that reflect that.
"The systems most organizations still rely on were built for a world without real-time deepfakes. NIST's 2026 framework is the first regulator-level acknowledgement that the gap has to be closed at the user's eye level — not just inside the SOC." — Sandy Kronenberg, Cybersecurity Executive, Netarx
There isn't one regulation to pin to the wall. NIST has threaded deepfake and impersonation requirements through its identity, cybersecurity, and AI frameworks separately, and the picture only resolves when you read them together. These are the publications doing the heavy lifting for compliance teams in 2026:
NIST SP 800-63A-4:
Digital Identity Guidelines — Enrollment and Identity Proofing
NIST SP 800-63B-4:
Digital Identity Guidelines — Authentication and Lifecycle Management
NIST AI 100-4:
Reducing Risks Posed by Synthetic Content
NIST AI 600-1:
Artificial Intelligence Risk Management Framework — Generative AI Profile
NIST IR 8596:
Cybersecurity Framework Profile for Artificial Intelligence
SP 800-63 Revision 4 — the digital identity suite — is where the hardest controls live. The drafters were specifically thinking about attackers injecting deepfake video into a remote verification flow, or using cloned audio to defeat a phone-based check. Three controls do most of the work:
No voice biometrics as a sole factor.
SP 800-63B-4 uses the language "SHALL NOT." That's the strongest form of NIST requirement. Audio deepfakes are now cheap enough to make voice authentication an open door.
Liveness and injection detection.
Presentation Attack Detection (PAD) has to confirm a real human is in front of the camera — not a screen, not a virtual cam, not a pre-recorded video being piped in.
Numbers, not adjectives.
PAD performance is measured. The Imposter Attack Presentation Accept Rate must stay below 0.07. Anything looser doesn't pass.
If you can't trust the source of a video, an image, or an audio clip, every downstream control gets weaker. AI 100-4, AI 600-1, and SP 800-218A push organizations toward provable origins for the media they create and circulate. The point isn't to detect every fake after the fact — it's to make authentic content cryptographically verifiable up front. Two practical expectations come out of the guidance:
Track where media came from.
Preserve metadata or cryptographic proof of origin for official communications and sensitive content. A fraudster's altered version then fails the provenance check before anyone has to argue about pixels.
Use watermarks and signed metadata
Technical markers attach a chain of custody back to a verified source. Recipients have a way to confirm authenticity that doesn't depend on their own ability to spot a fake.
Technical controls are necessary but not enough on their own. IR 8596 is explicit about the human side: detection has to extend to the channels where impersonation actually happens, and the people on the receiving end have to be prepared for what they'll see. Three expectations land on most security teams:
Monitor for impersonation signals.
Watch access attempts, communication channels, and reported incidents for the hallmarks of deepfake-enabled social engineering. IR 8596 names AI-enabled phishing, chatbots, and video/audio manipulation as detection priorities.
Train for the actual threat.
Annual phishing simulations don't cover this. Personnel — especially anyone with approval authority or third-party access — need ongoing drills that include impersonation scenarios. Protection has to work for the average employee, not just the SOC.
Build incident response plans that account for synthetic impersonation.
Plan for detection, internal response, and external notification when a deepfake breach happens, because at some point it will. Coordination with law enforcement is encouraged.
Most of the legacy stack — voice biometrics, occasional phishing simulations, SOC-only alerting — was built for a different threat model. Finance, healthcare, insurance, and any team running distributed work are the ones exposed first.
Netarx was built around the threat NIST is now describing: voice, video, and email impersonation, handled together, in real time, in front of the user. The platform maps to the new controls in three blocks.
Injection detection.
The platform inspects video and audio streams for the signatures of virtual cameras, screen replays, and injected feeds — the techniques used to push a deepfake into a remote verification session.
Liveness verification without the friction.
Presentation Attack Detection runs across video, audio, and face-swap manipulation, using a mix of inference models and proprietary detection. Performance lines up with the IAPAR threshold NIST set.
No voice-only authentication.
Voice is never the sole factor. That's where most cloned-voice fraud gets in, and it's the first place NIST closed.
Cryptographically signed communications.
Official messages get a verifiable signature, so a recipient can confirm a sender is who they claim to be before acting on a request. Provenance becomes a check, not a guess.
Always-on threat monitoring.
User activity and communication flows are watched for the patterns IR 8596 names — spear-phishing, impersonation attempts, anomalous access.
Alerts and forensic logging.
Suspicious activity triggers an alert to the security team and a logged record for after-action review.
Incident response, integrated.
The platform supports the early-detection-to-notification workflow NIST asks for, including handoffs to external stakeholders when needed.
The platform surfaces a simple visual signal to the person in the conversation — a clear green, yellow, or red indicator that translates the underlying detection into an immediate choice. A traditional SOC alert can take minutes to reach the right inbox. By then, the wire has gone out. Surfacing the signal to the employee already on the call shrinks that window to a few seconds and stops most impersonation attempts before they land.
Below is the working list of NIST publications — final and draft — that carry explicit deepfake, synthetic-media, or AI-impersonation requirements in the 2023–2026 window. If a compliance program touches identity, AI, or fraud, these are the documents to read.
Publication | Date | Doc ID | Status | Why it matters |
|---|---|---|---|---|
Artificial Intelligence Risk Management Framework (AI RMF 1.0) | Jan 2023 | NIST AI 100-1 | Final | Establishes governance and monitoring expectations including third-party risk and provenance of training data. |
OpenMFC 2022 Evaluation Program | Jan 2023 | OpenMFC | Final | NIST-run benchmarking for manipulation and deepfake detection (confidence scores, AUC/ROC metrics). |
AI RMF: Generative AI Profile | July 2024 | NIST AI 600-1 | Final | Adds genAI-specific actions for content provenance, deepfake/synthetic detection, third-party incidents, and continuous monitoring. |
Secure Software Development Practices for Generative AI & Dual-Use Foundation Models | July 2024 | NIST SP 800-218A | Final | Developer / acquirer control set for training-data provenance, model weight protection, and input/output logging. |
Reducing Risks Posed by Synthetic Content | Nov 2024 | NIST AI 100-4 | Final | Most direct NIST treatment of synthetic content: provenance tracking, detection, testing/evaluation methods. |
Guardians of Forensic Evidence: Evaluating Analytic Systems Against AI-Generated Deepfakes | Nov 2024 | Forensics@NIST | Public | Describes a NIST deepfake detection evaluation program emphasizing generalization and robustness. |
Managing Misuse Risk for Dual-Use Foundation Models | Jan 2025 | NIST AI 800-1 (2pd) | Draft | Practices for monitoring misuse, privacy-preserving monitoring, watermarking likeness video as anti-social-engineering mitigation. |
Privacy Framework 1.1 | Apr 2025 | NIST CSWP 40 (IPD) | Draft | Updates privacy risk framing for AI, including generative AI producing privacy-invasive images/video/audio. |
Digital Identity Guidelines (Rev. 4 suite) | July 2025 | NIST SP 800-63-4 suite | Final | Strongest controls for deepfake-related impersonation: PAD/liveness metrics, injection-attack framing, voice biometric prohibition. |
Cybersecurity Framework Profile for Artificial Intelligence | Dec 2025 | NIST IR 8596 (iprd) | Draft | Maps CSF 2.0 outcomes to AI threats; explicitly calls out deepfake-enabled phishing. |
Deepfake impersonation isn't a technical problem in isolation. It's a trust problem — and the 2026 NIST framework is the first regulator-level attempt to write that down. The teams that come out ahead will be the ones that treat the new baseline as architecture, not paperwork.
Netarx exists to make that easier. The platform turns each control NIST is asking for into something a finance manager, an HR lead, or a remote contractor can actually use in the moment a deepfake hits their inbox or their video call.
SOURCES & REFERENCES
NIST. (2025). Digital Identity Guidelines, SP 800-63 Rev. 4 Suite. pages.nist.gov/800-63-4
NIST. (2025). SP 800-63B-4 Authentication and Lifecycle Management. pages.nist.gov/800-63-4
NIST. (2024). AI 100-4 — Reducing Risks Posed by Synthetic Content. nvlpubs.nist.gov
NIST. (2024). AI 600-1 — AI RMF Generative AI Profile. nvlpubs.nist.gov
NIST. (2025). IR 8596 — Cybersecurity Framework Profile for Artificial Intelligence. nvlpubs.nist.gov
NIST. (2024). SP 800-218A — Secure Software Development Practices for GenAI & Dual-Use Foundation Models. nvlpubs.nist.gov

Chief Executive Officer
CEO/Founder of Netarx LLC, Real-time detection of deepfake and social engineering threats via enterprise video, voice and email. Managing Partner of Koach Capital, a Private Equity firm managing a multitude of commercial real estate (CRE) funds whose focus is retail sale-leasebacks. Sandy's entrepreneurial success began by founding a network integration and services provider that served large enterprises. We focused on advanced technologies including Business Intelligence (BI), Network & Information Security, Virtualization, Storage Area Networks, Unified Communications and Data Center Services. In 2009, Netarx acquired the VAR business of Analysts International (including Sequoia and Entree Systems). In 2011 Netarx was acquired by Logicalis (a division of Datatec - Symbol LSE: DTC) and stayed on as its Chief Technology Officer. He continued to build by founding Verge.io (Formerly Yottabyte) and Service.com. Also, Sandy served as a General Partner of Ludlow Ventures, a venture capital fund focusing on investments in early-stage tech companies. Sandy contributes to the community via lectures, publications and developing new technologies - he currently holds 8 Patents.
The new NIST deepfake standards are a coordinated set of U.S. federal publications, issued between 2023 and 2026, that establish how organizations should defend against synthetic media impersonation. The main documents are SP 800-63-4 (digital identity), AI 100-4 (synthetic content risk), AI 600-1 (generative AI governance), and IR 8596 (AI cybersecurity profile). Together they ban voice-only authentication, mandate Presentation Attack Detection, and set measurable thresholds for liveness verification.