Applicant deception is not a new problem, but its mechanics have changed. Generative artificial intelligence now allows fabricated identities, synthetic resumes, and real-time deepfakes to enter recruiting pipelines at scale and at low cost. The shift is already registering with buyers: in RPOA's 2026 RPO Buyer Trends report, 22 percent of employers cited cyber fraud and fake applicants as a top challenge, and 58 percent said they want their RPO partner to help with fraud and risk mitigation. The same research found that only 15 percent of employers can correctly identify all the ways candidates are using AI in the hiring process, a visibility gap that compounds the risk. External projections point in the same direction, with Gartner estimating that by 2028, one in four candidate profiles worldwide will be fake (Gartner, 2025). For talent acquisition leaders, the consequence is structural: the hiring funnel has become part of the enterprise attack surface, and the controls built to evaluate fit were never designed to verify who a candidate actually is.
This article is based on an edited version of a recorded interview with Matt Moynahan, Chief Executive Officer of GetReal Security, an RPOA Silver Partner. The interview was conducted by Lamees Abourahma, CEO of the Recruitment Process Outsourcing Association (RPOA), as part of RPOA’s Talent Leader Council interview series, to which Moynahan is a contributor.
Key Takeaways for Talent Acquisition Leaders
- Treat the hiring funnel as an enterprise attack surface, not only a quality-of-hire process. The most damaging fraud is committed by organized adversaries using AI to operate at scale, not by ordinary candidates exaggerating credentials.
- Separate benign AI use from adversarial intent. Most applicants who use AI to polish a resume are not the risk. Governance should target sophisticated actors who reach the middle and bottom of the funnel.
- Retire manual interview tricks as a primary defense. Ad hoc tests are applied unevenly, degrade the candidate experience, and no longer detect high-quality deepfakes.
- Move identity verification earlier and make it repeatable. Confirm that the same person appears at every touchpoint and that identity attributes remain consistent and unique across applicants.
- Match the control to the funnel stage. Use automated anomaly detection at the top of the funnel and identity-consistency verification as candidates advance toward an offer.
Resource: For the full data set on what employers think of cyber fraud, fake applicants, and AI in hiring, read RPOA’s 2026 RPO Buyer Trends report.
The Scale of Applicant Fraud Is Larger Than Most Leaders Assume
The first leadership challenge is awareness. Many organizations observe a surge in suspicious applications without recognizing its source. Recent industry research indicates the gap between threat and preparedness is widening: in a GetReal Security study, 41 percent of surveyed enterprises reported having hired and onboarded a fraudulent candidate, while 40 percent still believed their defenses were adequate (GetReal Security, 2025). Moynahan frames the issue as an attack on the enterprise rather than a hiring-quality problem.
RPOA: How serious is applicant fraud right now, and why do so many leaders underestimate it?
Moynahan: The gravity has not yet registered with most executives. I recently spoke with a talent leader at a Fortune 100 company who was being flooded with fake resumes but could not explain why. The company had not changed, and good candidates had not suddenly turned dishonest. The more plausible explanation is that criminals, nation states, and other threat actors are deliberately targeting the company, using AI to operate at machine speed. To my mind, the recruiting pipeline is now subject to the same supply-chain compromise that affected enterprise software over the past two to three decades.
“It is not just about fake candidates. It is about enterprises being under attack, and the human capital supply chain being under attack, much like the software supply chain was for decades.” — Matt Moynahan, CEO, GetReal Security
Three Tiers of Threat, From Nation States to Dual Jobholders
Effective governance begins with distinguishing categories of risk, because the appropriate response differs by adversary. Moynahan separates legitimate productivity use of AI from deliberate deception, and then ranks the deceptive activity by severity. This distinction matters operationally: a blanket crackdown on AI use would penalize ordinary applicants without addressing the actors who pose real danger.
RPOA: What are the most common forms of applicant fraud, and which create the greatest risk?
Moynahan: I see three tiers. The most serious is nation-state activity. State actors historically placed skilled professionals inside high-value industries, and that technique has now been industrialized, most visibly through North Korea’s use of trained, capable IT workers. The second tier is organized criminal activity aimed at data and financial theft. The third, and least severe, is individual employment fraud, such as a skilled worker secretly holding multiple full-time jobs. Routine AI-assisted resume polishing, by contrast, sits at the top of the funnel and is not the core threat. The danger lies with sophisticated actors who pass initial screening and reach the middle and lower stages of the process.
“We are not talking about the average candidate. These are sophisticated, talented people trying to do something at scale.” — Matt Moynahan, CEO, GetReal Security
Where the Risk Concentrates: High-Value IP and High-Volume Hiring
Leaders need to know where exposure is greatest in order to prioritize controls. Moynahan describes a threat that is broad-based but concentrated around two factors: the value of what an organization holds and the volume at which it hires. The financial stakes are documented. The U.S. Department of Justice has charged participants in schemes that placed North Korean IT workers at more than 64 U.S. companies and generated over $943,000 in salary payments routed overseas (U.S. Department of Justice, 2025), with related cases such as the Christina Chapman “laptop farm” reportedly tied to 309 companies and $17.1 million in revenue (Fortune, 2026).
RPOA: Are there specific industries or roles where the stakes are highest?
Moynahan: Historically, the focus was high-intellectual-property environments, such as pharmaceuticals, chemicals, and advanced manufacturing, where a small number of insiders could exfiltrate valuable designs. That exposure has broadened. I now hear regularly from small AI companies targeted for their algorithms, alongside the obvious targets in the Global 2000 and banking, where high hiring volume makes a single fraudulent applicant easier to miss.
As Rachel Wilson, Chief Data Officer at Morgan Stanley and a former National Security Agency official, has observed, some adversaries pursue money as well as intellectual property, because the proceeds fund the regimes that direct them. That dynamic can also expose an employer to legal liability, since paying such a worker may violate sanctions and employment law.
Why Manual Interview Controls No Longer Hold
Many organizations have responded with human controls invented on the spot. Moynahan’s assessment is that these tactics have reached their limit, both because the technology has advanced and because the controls are applied inconsistently. There is also a competitive cost: every hurdle placed in front of a real candidate shapes the employer brand in a tight market for talent. Gartner found that candidates actually respond well to rigor when it is predictable, reporting that 62 percent are more likely to apply when an organization requires in-person interviews (Gartner, 2025). The problem is not rigor itself, but improvisation.
RPOA: What can organizations do at the human level, and where do those measures break down?
Moynahan: Early deepfake controls, such as asking a candidate to wave a hand in front of the face, worked when the technology was crude but fail against a high-quality deepfake today. I have seen increasingly elaborate improvisations, including asking a candidate to hold a phone to a wall socket to prove their stated location, that range from intrusive to absurd and damage the candidate experience. Because such measures depend on the skill of each interviewer, they are applied unevenly. Given the severity of the threat, organizations need a repeatable, standardized process rather than interviewer-by-interviewer judgment. A documented standard for handling suspected fraud is a reasonable starting point, but it is not sufficient on its own.
“Whatever hurdle you ask a candidate to clear reflects the brand of the company they are interviewing with.” — Matt Moynahan, CEO, GetReal Security
Matching the Control to the Funnel Stage
The practical question for leaders is where to invest, given that no single check covers the entire process. This expectation is increasingly directed at external partners. RPOA’s 2026 RPO Buyer Trends report found that 58 percent of employers want their RPO partner to help with fraud and risk mitigation, which signals that identity verification and funnel-stage controls are becoming a shared responsibility between talent teams and their providers. Moynahan recommends mapping controls to the stage of the talent acquisition funnel, recognizing that sophisticated adversaries are built to clear early filters. A note of caution accompanies this: tooling should not treat strong performance as inherently suspect. He cites an application that flagged a candidate as fraudulent simply because the person was a near-perfect fit, which inverts the purpose of hiring.
RPOA: How should leaders use technology across the funnel, and what specifically should it verify?
Moynahan: At the top of the funnel, automated screening should look for anomalies in skills assessments and signals of low-effort or AI-generated submissions, since manual background checks on every applicant are not cost-effective. As candidates advance, the priority shifts to identity. Two conditions matter most: that the same human appears at every interaction with the company, and that identity attributes such as name, email, and phone number remain consistent and do not match those of other applicants. I point to documented adversary tactics, including proxy or laptop farms that share mailing addresses and borrowed U.S. phone numbers across multiple fake applicants. When ten applicants share one phone number or address, that is a clear signal, yet most organizations do not run those cross-checks.
“You need to make sure whoever shows up in the pixels and sound waves in front of you is the same person every time, and that every other attribute of their identity is consistent.” — Matt Moynahan, CEO, GetReal Security
Conclusion
Applicant fraud has moved from a quality-of-hire concern to a security exposure that intersects with intellectual property, financial loss, and legal liability. The evidence points in one direction: the volume of synthetic and impersonated candidates is rising, adversaries are organized and well resourced, and the controls most organizations rely on were designed for a different problem. For talent acquisition leaders, the response is to treat the funnel as defensible infrastructure: distinguish benign AI use from deliberate deception, replace improvised interview tests with repeatable standards, and verify identity continuously rather than at a single point in time. As a trusted convener of the RPO ecosystem and an evidence-driven authority on talent strategy, RPOA will continue to surface the operational practices that help leaders navigate this shift with clarity and credibility.
