Stripped out News's Daily Brief
Stripped Out News: The Daily Brief
There’s too much noise in the news cycle. We’re here to cut through it.
Stripped Out News is your fast-paced, daily 10-15 minute audio briefing designed to deliver exactly what you need to know to start your day, with none of the partisan spin, outrage bait, or editorializing.
We tell you what happened, who is involved, and what to watch for next, without ever telling you how to feel about it.
No sides. All facts. Let's dive in.
Stripped out News's Daily Brief
SOS: Deep Dive — "Don't Trust Your Eyes"
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
A finance employee in Hong Kong authorized $25.6 million in wire transfers after a video call with his CFO. Every face on the screen was a deepfake. A mother in Arizona heard her daughter sobbing and begging for help — her daughter was safe at a sleepover. Today we trace how deepfakes are stealing millions, terrorizing families, corrupting courtrooms, and how autonomous AI systems are learning to run these scams without any human involvement at all. The era of passive trust is over.
Dive deeper into today's news and explore 200+ unbiased sources at: https://strippedoutnews.com
Keep up with breaking coverage on X: @StrippedOutNews
Every day, stripped-out news gives you the facts in just a few minutes. But some stories are complex. They need room to breathe to get the full picture, start to finish. This is SOS Deep Dive. A longer look at the stories that matter. A finance office in Hong Kong. An employee at AirUp, one of the world's largest engineering consultancies, gets a message from his company's chief financial officer. There's a video call scheduled. The matter is urgent, confidential, and a significant transaction needs authorization. He joins the call. The CFO is on screen. He recognizes the face and the voice. Other senior colleagues are there too. People he's worked with. They discuss the transaction. The CFO gives specific instructions. Transfer the funds. Over the next several days, the employee authorizes 15 wire transfers totalling 200 million Hong Kong dollars, roughly 25.6 million US dollars, into five separate bank accounts. Days later, when he follows up with the real headquarters in London, the truth hits. There was no meeting, there was no transaction. The CFO was never on that call, and neither were the colleagues. Every person on that screen, every face, every voice, every gesture was generated by artificial intelligence. Every single one of them was a deepfake. $25.6 million. Gone. You're listening to SOS Deep Dive. Today, we're following the technology that's breaking the most fundamental thing humans have relied on for all of recorded history: the ability to trust what you see and hear. We'll trace how deepfakes are being used to steal millions from corporations, terrorized families with cloned voices of their own children, and corrupt courtroom evidence. And we'll look at how autonomous AI systems are learning to run these scams without any human involvement at all. This is that story, start to finish. AROOP is a multinational design and engineering consultancy headquartered in London, with offices in over 30 countries. They worked on the Sydney Opera House, the Beijing Water Cube, and Crossrail, a sophisticated organization with real security protocols. None of it mattered. The attack started with a message, likely an email or internal communication, from what appeared to be a senior executive. The pretext was a confidential financial transaction. In a global firm, that kind of request wouldn't raise eyebrows. But what made this different from every phishing scam that came before was the video call. The employee didn't get some vague email asking him to wire money, he got on a live video conference where he could see and hear the CFO and multiple colleagues talking in real time. Hong Kong police acting senior superintendent Baron Chan Shun Chang later told reporters, quote, everyone present on the video calls turned out to be fake, end quote. 15 wire transfers across five bank accounts, $25.6 million. A RUP confirmed the incident in May of 2024, after the Financial Times broke the story. A spokesperson said, quote, unfortunately, we can't go into details at this stage. Fake voices and images were used. Our financial stability and business operations were not affected, and none of our internal systems were compromised, end quote. Global Chief Information Officer Rob Grieg added, quote, like many other businesses, the number and sophistication of these attacks has been rising sharply in recent months, end quote. Arub framed the whole thing as technology-enhanced social engineering, not a technical breach. And that distinction matters. Nobody hacked their servers or cracked their encryption. The vulnerability was human trust, and that's a lot harder to patch. The case went viral in cybersecurity circles. Hacker news threads ran to hundreds of comments. Reddit's cybersecurity forums fixated on the fact that every face on the call, except one, was AI generated. LinkedIn filled with professional analyses about social engineering's next chapter, and firms like Trend Micro called it a textbook case. Hong Kong police classified the incident as obtaining property by deception. As of the latest reporting, no arrests have been made and no money's been recovered. It's considered largely unrecoverable. And the tools to pull off this kind of attack aren't classified military technology. They exist on the open internet, and some of them are free. The barrier to entry is collapsing fast. After a roop, companies across consulting and finance reviewed their approval processes. The emphasis shifted to out-of-band verification, phone callbacks to verified numbers, pre-agreed code words, and mandatory secondary approvals independent of video calls. Many firms added cooling-off periods for urgent requests. But a video call used to be proof. You could see the person, hear their voice, read their face. That was enough. It isn't anymore. If the Arab case represents the corporate end of deepfake fraud, tens of millions stolen from a global firm, then what comes next hits somewhere much closer to home. It starts with a phone call. Jennifer Destifano is a mother in Arizona. In April of 2023, her phone rang from an unknown number. She almost didn't pick up. When she did, she heard her 15-year-old dieter Brianna's voice. She was sobbing hysterically. Quote, Mom, I messed up. Mom, these bad men have me. Help me, help me, end quote. A man's voice took over and demanded ransom, initially a million dollars. Then he negotiated down. DiStefano was ready to pay $50,000. A neighbor who'd called 911 told her about AI voice cloning scams. She called Brianna directly. Her daughter was at a sleepover. She'd never been in danger. On June 13, 2023, Jennifer DiStefano testified before the United States Senate Judiciary Committee. She said, quote, it wasn't just Bree's voice. It was her cries. It was her sobs that were unique to her. I didn't believe this was a scam. End quote. No money was lost, but the psychological damage was real. The case became a national warning, and it became a template. Ruth Card is a 73-year-old grandmother in Regina, Canada. She got a call from someone who sounded exactly like her grandson Brandon. He was crying. He'd been in a car accident and hurt someone. He was in jail, didn't have his wallet or phone, and needed about $9,000 for bail. Don't tell his parents. Ruth and her husband went to the bank and withdrew the cash. She later said, quote, We were sucked in. We were convinced that we were talking to Brandon, end quote. The scammer even connected her to a fake lawyer. It wasn't until she called Brandon's mother that she realized he was safe. A woman in Florida lost $15,000 after a crying daughter call and left cash in a box for pickup. A mother in California sent thousands after hearing her daughter's cloned voice begging during a fake kidnapping. A man in Los Angeles lost $25,000 after scammers cloned his son's voice for a fake emergency. The Federal Trade Commission and the FBI report that Americans lost over $893 million to AI-enhanced fraud in a single reporting period spanning 2025 to 2026. Voice cloning technology now requires as little as three seconds of audio to work. A TikTok video, an Instagram story, or a voicemail greeting is enough to create a synthetic copy of someone's voice that's virtually indistinguishable from the real thing. Platforms like Eleven Labs, Resemble AI, and several open source alternatives let users upload a short voice sample and generate speech in that voice within minutes. Some of these tools are free, others cost less than $20 a month. The output quality has improved so dramatically since 2022 that trained audio engineers have difficulty telling cloned voices from authentic ones in blind tests. The old grandparent scam relied on vague impersonation and the victim filling in the gaps, a shaky voice, a vague excuse, and the emotional pressure of a grandchild in distress. The AI version doesn't leave gaps, the voice is right, the cadence is right, and the crying is right. Scammers can even adjust the emotional register of the cloned voice in real time, making it sound panicked, tearful, or calm, depending on what the situation calls for. The FBI has issued specific warnings about AI vocal cloning for impersonation and ransom. Their advice is to listen for unnatural tone, verify by calling back on a known number, and report to ic3.gov. The FTC ran a voice cloning challenge to develop detection solutions. And there's a low-tech defense that's gone viral, the family codeword. Families pick a secret phrase, a pet name, an inside jub, something only they'd know. If someone calls claiming to be your kid, you ask for the word. A scammer won't have it. The code word defense has spread across Instagram, Facebook, Reddit, and dozens of news segments. It's simple, free, and it works. It also says something uncomfortable about where we are. We now live in a world where you can't trust the sound of your own child's voice on the phone, where a mother has to ask a secret question before she can believe her daughter's in danger. Act 3. The Liar's Dividend. In 2018, law professors Bobby Chesney and Danielle Citron coined a term that's become central to the deep fake debate, the liar's dividend. In a world where deep fakes exist and where people know they exist, any authentic piece of evidence, real video, real audio, real photos, can be dismissed as fabricated. The technology gives liars a new weapon, plausible deniability. Deep fakes can frame the innocent, and they can protect the guilty. Both of those things are already happening in American courtrooms. In the trial of Guy Ruffitt, a January 6 Capitol riot defendant in 2022, videos clearly showed him leading a crowd toward the Capitol while armed. His defense attorney suggested on cross-examination that the footage could be AI manipulated, citing a 2017 Obama deepfake as an example. No supporting evidence was offered. Ruffitt was convicted and sentenced to 87 months. Joshua Christopher Doolin, another January 6 defendant, refused to stipulate that open source capital riot videos were authentic. Other defendants in related cases made similar, unproven claims. The case that stands out, though, is Mendonas vs. Cushman and Wakefield, a California civil case from around 2025. Self-represented plaintiffs submitted what they claimed were authentic witness testimony videos. Judge Victoria Kolakowski noticed something wrong. The faces were motionless, mannerisms repeated in loops, and the cuts looked unnatural. She identified the videos as AI-generated, making it one of the first detected instances of fabricated evidence in an American court. Then there's Huang vs. Tesla, the autopilot wrongful death lawsuit from 2023. Plaintiffs wanted to use a 2016 video of Elon Musk promoting autopilot safety. Tesla's lawyers refused to authenticate the video, arguing that Musk's fame made him a prime deepfake target. Judge Yvette Pennypacker called the argument, quote, deeply troubling, end quote. She warned that if this defense held up, famous people could say anything publicly and deny it later by claiming deepfake risk. She ordered a limited deposition of Musk to confirm which statements were real. The strategy backfired, it forced testimony rather than blocking it. The precedent matters. The deep fake defense is now a tool in the legal arsenal, and it doesn't have to succeed to be effective. Every time it's raised, it introduces doubt, slows proceedings, and forces courts to litigate reality itself. A federal judicial center of judges in early 2026, 931 responses, found these challenges are still rare. About 2% of judges had encountered one. Bare objections, where someone just says it's a deep fake with no evidence, get dismissed. Judges want a specific, articulable basis. But the legal infrastructure isn't built for this. The Federal Rules of Evidence, Rule 901, requires authentication. The proponent proves evidence is what they claim. Traditionally, a witness or device metadata was sufficient. That framework is straining under the weight of generative AI. The Advisory Committee on Evidence Rules is exploring amendments, including a proposed Rule 901c for AI-generated content. The approach would shift burdens. A challenger provides ASIS for a fabrication inquiry, then the proponent proves authenticity by preponderance. These changes could take effect in 2026 or 2027. The technology's already two steps ahead. Hani Farid, a digital forensics expert at UC Berkeley, has been warning about this for years. He advocates for cryptographic provenance, proving where content came from, rather than trying to analyze individual pixels. He believes the collapse of trust in raw images and video has already happened. Everything discussed so far, the aru heist, the voice scams, the courtroom games, required a human operator. Someone had to initiate the deepfake, make the call, or submit the evidence. What comes next doesn't need a human at all. Security researchers and the Boston Consulting Group have warned about agentic AI fraud, autonomous systems that execute end-to-end scams without human intervention. These systems handle everything from target identification and social media reconnaissance to voice synthesis, phishing emails, real-time phone conversations, wire transfers, and even money laundering through cryptocurrency mixers, all automated, running around the clock. In 2025, researchers demonstrated proof-of-concept systems that could identify vulnerable targets on social media, harvest their voice samples from public posts, generate personalized phishing content, and hold real-time phone conversations using synthesized voices. The systems cross-referenced publicly available data, social media profiles, obituaries, family relationship graphs, even financial disclosure records to build detailed profiles of potential victims and craft attack scenarios tailored to each one. The entire chain, from target selection to fund extraction, ran autonomously. A human-operated scam requires staff, infrastructure, coordination, and sleep. An autonomous system scales without any of those constraints. One server could simultaneously run thousands of social engineering attacks across different time zones, languages, and demographics without a person touching a keyboard. And unlike a human caller who gets tired or makes mistakes after hours of work, the AI maintains the same quality of impersonation on its thousandth call as it does on its first. Traditional fraud leaves footprints, call centers get raided, operators get arrested, and phone numbers get traced. An autonomous system running on rented cloud infrastructure through anonymizing networks is extraordinarily hard to attribute. It might rent its own servers, acquire its own phone numbers, and launder its own proceeds, with no human ever touching the operation. The Boston Consulting Group estimated that agentic AI could enable fraud at a scale orders of magnitude beyond what human scam centers achieve, with potential annual losses projected in the billions. We're moving from an era where people use AI as a tool to commit fraud into an era where AI commits fraud on its own, at speeds and scales no human organization can match. So what's the law doing about this? A lot and none of it's enough. As of June 2026, there's no comprehensive federal deepfake law in the United States. What exists is a patchwork. The Take It Down Act, signed in May of 2025, is the only major federal legislation directly addressing deepfakes. It criminalizes non-consensual publication of intimate images, including AI-generated ones. Platforms must remove flagged content within 48 hours, and the FTC has enforcement authority. But the Act is narrow. It covers intimate images, but doesn't touch financial fraud deepfakes, political disinformation, courtroom evidence manipulation, or voice cloning scams. It's an important first step, but it addresses one branch of a problem with dozens. At the state level, the picture is chaotic. Over 40 states have introduced or enacted deepfake-related legislation, but there's no consistency. Most target election interference or non-consensual intimate images, and penalties and enforcement mechanisms vary wildly. Several state election laws have already been challenged on First Amendment grounds. California's AB 2839 was partially struck down, and Minnesota's facing ongoing litigation. Courts are skeptical of broad speech restrictions, even for fabricated content. The 2024 Biden Robocall was a catalyst for much of this activity. During the New Hampshire primary, voters got calls featuring an AI-generated Biden voice, urging them not to vote. Crude by current standards, but it demonstrated the vulnerability and triggered a wave of legislative attention. The European Union took a different approach with Article 50 of the EU AI Act, fully applicable August 2nd, 2026. It requires transparency for synthetic content. Providers must mark AI-generated outputs in machine-readable formats, and deployers must disclose deepfakes depicting real people. The EU framework is broader than anything in the US, but it creates its own problems. American companies serving European users have to comply, which is driving adoption of labeling standards. But enforcement across borders is complex, and stripping metadata from content is trivial. Industry responded with the Coalition for Content Provenance and Authenticity, or C2PA, an open standard backed by Adobe, Microsoft, Google, and camera manufacturers like Nikon, Sony, and Leica. It embeds cryptographic provenance data and watermarks into content, creating a chain of custody showing where media was created and whether it's been modified. Google developed SynthID, an invisible watermark designed to survive crops, compression, and edits. OpenAI joined the C2PA Steering Committee in 2026 and began layering synth ID onto image outputs. These are real, meaningful steps, but metadata can be stripped. A screenshot removes providence data, heavy compression defeats watermarks, and open source AI models don't participate in voluntary labeling. Critics from the Electronic Frontier Foundation and the ACLU have raised alarms about legislative overreach. Their concern is First Amendment overbreadth. Laws restricting AI content risk chilling satire, parody, artistic expression, and political speech, which is generally protected even when false, per U.S. v. Alvarez. Their preferred solution is technology based provenance over content bans. Prove where content came from, rather than trying to outlaw categories of speech. Fragmentation undermines everything. Federal intimate image rules and EU labeling create baselines, but state level Variances, enforcement gaps, and constitutional challenges leave enormous room to operate. The technology outpaces the law. It always will. Deep fake detection is now a multi-billion dollar industry. The market's projected to reach $1.84 billion by 2034, with dozens of companies, hundreds of researchers, and massive government investments racing to build tools that can tell real media from synthetic. The consensus as of 2026 is they're losing. Reality Defender offers multimodal analysis across video, audio, image, and text, with internal benchmarks showing 95 to 98% accuracy. Sensity AI claims 98% on public datasets. Intel built Fate Catcher, which analyzes blood flow patterns in skin pixels, a technique called photoplethography, to detect whether a face on screen has a real pulse. It hits 96% accuracy in controlled settings and about 91% in the real world. PinDrop, focused on voice authentication, claims 99% accuracy against known clones and roughly 90% against ones it hasn't encountered before. In a lab, with controlled lighting, no compression, and no adversarial manipulation, those numbers are impressive. In the real world, they fall apart. Independent benchmarks from 2026 show top commercial tools hitting 89% in controlled scenarios, but dropping 10 to 20 percentage points when exposed to real-world conditions. Compression, cropping, re-encoding, and screenshots all degrade accuracy. Adversarial techniques, methods specifically designed to fool detectors, push it down further. Generators improve continuously. Every time a detector learns to spot a specific artifact, the generator retrains to eliminate it. Detection models learn dataset-specific tells rather than generalizable characteristics, which means a detector trained on last month's deepfakes might fail on this month's. Academic work from MIT, Stanford, and Berkeley reflects this. Papers focus on multimodal detection and transformer-based approaches, but many aren't scalable for real-time deployment, and performance drops 10 to 15 percentage points on unfamiliar datasets. Social media platforms where deepfakes spread fastest have been slow to respond. X relies mostly on reports and policies. YouTube, Meta, and TikTok require creator disclosure and provide labels, but compliance is inconsistent and enforcement is reactive. Viral deepfakes routinely circulate for hours before anyone flags them, and compression and re-uploads break detection signals. The security research community's mood, tracked across social media and forums, is frustrated. Viral demonstrations of detectors failing against newer generators circulate constantly, and the emerging consensus is that detection is a stopgap rather than a solution. Farid's position is blunt. The shift has to move from detecting fakes to authenticating originals. Provenance, proving content is real rather than proving it's fabricated, is the only approach that scales. But provenance has limits too. Not every camera embeds C2PA metadata, and not every platform preserves watermarks. In a world where anyone can screenshot a video and re-upload it stripped of all metadata, the chain of custody breaks at the weakest link. In late January of 2024, a finance employee in Hong Kong sat on a video call with people he recognized. He saw their faces, heard their voices, and trusted what his senses told him, the way humans have trusted their senses for as long as we've had them. That instinct failed him. A three-second audio clip from a social media post can now clone a person's voice convincingly enough to fool their own mother. A defendant in a courtroom can point to real video evidence and say, that's a deepfake, and force prosecutors to prove otherwise. Autonomous AI systems can identify targets, synthesize voices, and conduct fraud at industrial scale with no human involvement. The defenses under construction, detection algorithms, watermarks, legislative patchwork, are necessary, but they aren't sufficient. Detection tools train against artifacts that next month's generators will have already eliminated. Laws get challenged on constitutional grounds before the ink dries and become obsolete before enforcement catches up. Provenance standards are promising but voluntary, and the tools to strip them are trivial. The question is social, not technical. How do you establish trust when nothing you see or hear can be taken at face value? The family code word, that simple, free, low-tech idea that went viral after Jennifer DeStefano's Senate testimony, might be the most honest answer available right now. Not because it solves the problem, but because it acknowledges the problem. It says, we can no longer assume the voice on the phone is real. We need a new way to verify. Whether that verification is a code word between family members, a cryptographic signature on a media file, or an out-of-band phone call for a financial transaction, it requires accepting something uncomfortable. The era of passive trust is over. You can't simply believe what you see and hear anymore. You have to verify every time. The question is whether we adapt before the damage becomes irreversible. All facts in this episode are drawn from contemporaneous news reporting by CNN, The Financial Times, and The Guardian, FBI and FTC public advisories, congressional testimony, federal court filings, academic research, and publicly available industry reports. We haven't editorialized. We haven't told you what to think. We've presented the documented record. If you have a story, a tip, or a deep dive you think we should cover, reach out to us at hello at stripptoutnews.com. If this episode meant something to you, share it with someone. That's how we grow, and that's how these stories stay in the light. We'll see you next week.