I Cloned TikTok CEO's Voice - Even Cybersecurity Professionals Couldn't Tell
A side-by-side comparison: the original voice vs AI clone. Close your eyes and listen. Can you tell which is fake? Most people can't, and that's the problem.
I used AI to clone TikTok's CEO's voice, and even cybersecurity professionals couldn't tell which was real.
The Experiment
I created a side-by-side demo: the original voice of TikTok CEO, Shou Zi Chew, and a cloned version saying the exact same thing.
Seriously. Close your eyes and listen. Can you tell which voice is fake?
The truth is that most people can't.
What Keeps Me Up at Night
Here's what makes this particularly concerning:
- Even tech-savvy security teams struggle to tell which voice is real and which is fake
- Minimal audio required: With only a short audio clip, scammers can clone anyone's voice and make them say *anything*
- Real-world impact: A company in Hong Kong lost ~US$25 million after a deepfake video-conference with a cloned CFO and fake colleagues triggered fraudulent wire transfers
The $25 Million Question
If a major firm can fall for this, is your company really safe from AI-driven scams?
Consider these vulnerability points:
- Executive impersonation: Cloned voices of C-suite requesting urgent wire transfers
- Vendor fraud: Fake suppliers requesting payment to "updated" accounts
- Internal manipulation: Impersonating IT or HR for credential theft
- Customer service attacks: Bypassing voice authentication systems
Building a Human Firewall
I built Veritas to help you simulate scenarios like this today, train your teams before the attackers arrive, and build a human firewall that isn't fooled by the voice.
Key Defense Strategies
- Multi-factor verification: Never act on voice alone for sensitive requests
- Callback protocols: Always call back on known numbers, not the one provided
- Slow down urgency: Attackers rely on pressure; establish cooling-off periods for large transactions
- Regular simulation training: Keep employees sharp with realistic scenarios
For Security Leaders
Think your defense is complete? Consider these questions:
- When was the last time you tested your team against voice cloning attacks?
- Do your employees know what to do if they receive a suspicious call from "the CEO"?
- Are your verification protocols sufficient for an era where voices can be perfectly cloned?
The technology exists today. The attacks are happening now. The question is: will you train your team before or after an incident?