How AI Goes Wrong:
From Hallucinations and Bias to Synthetic Abuse
AI risk is not limited to fake images or cloned voices. More often, AI invents details confidently, amplifies bias, or wraps authentic material in false context. This chapter maps those risks together so you are not only defending against deepfakes, but understanding why AI-generated or AI-amplified content misleads people at all.
The Complete Manipulation Technology Spectrum
| Type | Tech Threshold | Cost | Detection Difficulty | Primary Use |
|---|---|---|---|---|
| Cheapfake | ⭐ | $0 | ⭐⭐ | Political attack, emotional manipulation |
| Photoshop | ⭐⭐ | Low | ⭐⭐⭐ | Faking crime scenes, forging documents |
| GAN Synthetic Faces | ⭐⭐⭐ | Medium | ⭐⭐⭐⭐ | Fake accounts, fake review farms |
| Face Swap | ⭐⭐⭐⭐ | Medium | ⭐⭐⭐⭐ | Political disinformation, non-consensual sexual content |
| Voice Cloning | ⭐⭐⭐ | Low | ⭐⭐⭐⭐⭐ | Fraud, political interference |
| Multimodal Deepfake | ⭐⭐⭐⭐⭐ | High | ⭐⭐⭐⭐⭐ | Corporate fraud, high-value deception |
Three Types of Cheapfakes
The term "cheapfake" was popularized by journalist Nina Schick and Sam Gregory (WITNESS media watchdog) to describe manipulated media created using simple, low-cost techniques without AI.
- Speed manipulation: Adjust playback speed (usually slowed to 70-80%). Effect: Anyone appears drunk or mentally sluggish. Detection: Notice voice pitch (slower speed = lower pitch) and background sounds (ambient audio abnormally low-pitched).
- Context stripping: Keep only out-of-context clips so politicians' or experts' words seem completely different. Detection: Search for original full video and check surrounding context.
- Loop editing: Cut a few-second clip into a seamless loop to make viewers believe an event lasted much longer (common in crowd violence, explosions, protest scenes). Detection: Carefully watch for repeating objects in the background (cloud movement, crowd positioning).
GAN Synthetic Faces: Identifying "People Who Don't Exist"
Technologies like StyleGAN and Stable Diffusion can generate highly realistic photos of "people who don't exist," widely used to create fake social media accounts, fake review farms, and forged expert credentials.
- Asymmetric ears: GAN faces often have oddly shaped ears, or clearly asymmetric left-right ears
- Abnormal background: Background objects may merge, straight lines curve, objects "disappear"
- Inconsistent eye catchlights: Real eyes have nearly identical catchlights in both eyes; GAN faces often have different catchlights in each eye
- Hair and teeth anomalies: Fine strands of hair may merge into blobs; teeth may have wrong count or abnormally perfect edges
- Necklaces and glasses: These two items are where GANs most often fail — may be asymmetric or bizarrely shaped
How to Detect Face Swap Deepfakes
Face swap deepfakes use deep learning to "paste" one person's facial features onto another person's body video. Common technologies include DeepFaceLab, FaceSwap, and various NVIDIA face-swapping models.
- Facial boundary halos: Face swap edges often show semi-transparent "halos" during lighting changes, especially in profile views, low light, or fast movement
- Abnormal blink rate: Early deepfake tech rarely blinked (fewer closed-eye training images); modern deepfakes may blink excessively
- Head rotation artifacts: When the head rapidly turns beyond 45 degrees to the side, facial rendering quality visibly degrades
- Skin tone boundaries: Under different lighting, the swapped face's skin tone may not match the neck or ears
- Lip sync mismatch: Especially in specific languages (like Chinese), lip movement may not perfectly match the audio
AI Voice Cloning: When the Phone Isn't Who You Think
Modern AI voice cloning technology (like ElevenLabs, Coqui TTS, OpenAI's Voice Engine) requires only 3-5 seconds of voice sample to generate convincing clones. Cost: virtually zero. This dramatically lowers the technical barrier for phone fraud.
- Abnormal breathing rhythm: AI voices often lack natural breath sounds, or breathing occurs at unnatural sentence positions
- Overly flat prosody: Emotional passages (anger, excitement, sadness) have less natural pitch variation than real humans — sounds like "reading a script"
- Background audio "splicing feel": There may be slight volume or audio quality switching between AI-synthesized voice portions and background ambient sound
- Specific pronunciation errors: Chinese dialects, Taiwanese, regional accents, and technical terms are where AI voice cloning most often fails
Multimodal Deepfakes: The Most Dangerous Combination Attack
Single-modality deepfakes (only visual, or only voice) are relatively easier to detect. But when attackers simultaneously fake visual, audio, and text modalities, the three mutually "confirm" each other, dramatically improving deception success rates. This is called "multimodal deepfake attack" — currently the most technically mature and dangerous form of deepfake.
Typical attack flow: Attackers first collect public videos and audio of the target (e.g., a corporate executive); use face swap to generate deepfake video; use voice cloning to generate audio; and forge email to "confirm" the instructions. The victim sees the video, hears the voice, receives the email — three channels all "pointing to the same instruction" — therefore believing its authenticity.
Slide Deck
Case Studies
About three weeks after Russia's invasion of Ukraine, a deepfake video circulated online in which "Ukrainian President Zelensky" appeared to tell soldiers to lay down their weapons. Media reports and platform security teams identified it as fabricated, and Meta said it removed the clip under its manipulated-media policy.
Public reporting described the video as low quality, with suspicious face-body proportion, voice-video synchronization, and blending issues. The teaching point is that even crude deepfakes can spread quickly when the surrounding context is fear, war, and urgency.
Meta publicly stated that it removed the video, and Zelensky released a rebuttal video making clear that the surrender message was false. High-consequence political videos should be checked against official channels and reliable reporting before any sharing.
This case illustrates an important principle: Even technically low-quality deepfakes can be effective under certain social conditions (war panic). Defense strategy: Any video involving major political decisions or high-consequence statements like "surrender/attack" must wait for official media and government channel confirmation, not be judged based on the first social media source.
Taiwan has seen many investment scams impersonating celebrities or government agencies. Some use AI-altered images, fake group photos, fake news pages, or fake websites to create trust. Taiwan FactCheck Center has checked scams impersonating Morris Chang and AI-packaged investment claims involving public agencies and business figures.
Common signals include stolen public images, links to LINE investment groups, fake-news layouts, promised high returns, and pressure to open accounts or transfer money. The main defense is not only judging whether a video is a deepfake, but checking official accounts, mainstream reporting, and fact-check reports.
Publicly checkable sources currently support the warning, fact-checking, and investigation pattern; a specific claim that a court accepted AI forensic reports in a named conviction would require a concrete judgment document. This course therefore treats the item as a Taiwan AI-packaged investment-scam pattern, not as a claim about a specific court ruling.
The ad system's "trust endorsement effect" makes impersonation investment ads especially dangerous: appearing in YouTube/Facebook ads can make people unconsciously think "the platform has already reviewed this ad." Most effective defense: For any celebrity "investment endorsement," look for confirmation on the celebrity's official account or in mainstream media coverage. If it never appears through official channels, treat it as a high-risk scam signal.