Pindrop Got Deepfaked Twice. Your Inbound Funnel Is Next.

Pindrop sells deepfake detection software. Pindrop also got a deepfake candidate to apply for its own deepfake-detection engineering role. Twice, eight days apart, with the same fabricated credentials behind two different faces. If the company whose entire product is "we catch synthetic humans" can't reliably filter its own inbound funnel, the rest of us should stop pretending we will.

The math has shifted underneath every talent team that still treats applications as the top of the pipeline. One software developer posting at Pindrop pulled 827 applications. Roughly 100 of them traced back to fake identities. That is not a hiring funnel. That is a denial-of-service attack with a resume attached.

The inbound funnel broke in 2025

The numbers are not subtle. CodeSignal's February 2026 research found that flagged cheating attempts on proctored technical assessments rose from 16% in 2024 to 35% in 2025. Entry-level roles got hit hardest, jumping from 15% to 40%. APAC sat at 48% versus North America at 27%. These are not "candidates Googling syntax." These are coordinated attempts to defeat the screen, and they more than doubled in twelve months.

Then there is the identity layer. Amazon's CSO Stephen Schmidt disclosed in December 2025 that the company has blocked more than 1,800 suspected DPRK-linked applicants since April 2024, with attempts up roughly 27% quarter over quarter through 2025. Mandiant's Charles Carmakal told a May 2025 briefing that essentially every Fortune 500 sees dozens to hundreds of DPRK-linked applications, and that nearly every CIO he has spoken with has admitted to having unknowingly hired at least one.

12.5%

CrowdStrike responded to more than 300 incidents tied to the DPRK group it calls "Famous Chollima" in 2024 alone. Over 40% traced back to IT workers hired under false identities. Gartner's forecast says by 2028, 1 in 4 job applicants globally will be fake. The Resume Genius survey already finds that 17% of hiring managers report encountering deepfake video interviews.

If you run technical hiring, you are no longer screening engineers. You are running an adversarial detection system against funded, coordinated attackers, and the cost curve is moving against you.

Asymmetric warfare you cannot win on defense

Inbound verification is structurally a losing trade. Every additional defensive layer (live proctoring, ID verification, video liveness checks, background re-runs, biometric voice analysis) costs you per candidate. The attacker amortizes one synthetic identity (or one rented real one) across hundreds of applications. The CodeSignal data showing flagged attempts doubling in a year is the leading indicator that detection cost is rising faster than fraud cost.

The Pindrop "Ivan X" case is the cleanest illustration. The same fabricated credentials were resubmitted eight days later through a different recruiter, with a visually different person on the video call. Same resume, different deepfake. That is not opportunism. That is an org chart.

You are no longer screening engineers. You are running an adversarial detection system against funded attackers.

The newest twist makes things worse. The Register reported in December 2025 that DPRK operatives are increasingly hijacking dormant LinkedIn accounts of real engineers using leaked credentials. The profile is real. The endorsements are real. The connections are real. Only the human applying through it is fake. Which means the most polished-looking inbound applicant in your funnel may be the most compromised.

"LinkedIn looks legit" used to be a green flag. In 2026 it is at best a coin flip on senior remote IC roles, and at worst a false positive that gives a state-affiliated operator a head start on your offer letter.

Outbound flips the trust direction

The way out is not a better inbound filter. The way out is to start from candidates whose existence is independently corroborated, then approach them, then verify the conversation matches the public footprint.

Concretely, that means sourcing engineers who have:

• A multi-year GitHub commit history with coauthored PRs and named reviewers
• Conference talks with video, slides, and a track chair who can vouch
• Coauthorships on papers, RFCs, or open-source maintainership
• Employer tenure corroborated by current or former colleagues you can reach
• A consistent identity graph across at least three of: GitHub, personal site, talks, papers, package registries, Stack Overflow, and yes, LinkedIn

You cannot fake all of those at once. You can fake any one of them. The Famous Chollima playbook is good at LinkedIn, mediocre at GitHub history (commit timestamps and timezone patterns leak), and terrible at conference circuits and named coauthorships. Triangulation is the moat.

This is the part where the inbound-first stack collapses. Your ATS does not triangulate. It collects. The verification work has to happen somewhere, and doing it after a flood of 827 applications is more expensive than doing it before you ever wrote the JD, by sourcing from the set of people who already pass triangulation.

That is the entire premise of Refolk. You describe the engineer in plain English ("staff backend engineer in NYC with multi-year Postgres internals contributions and at least one PgCon talk") and get back a ranked shortlist of identifiable humans across GitHub, LinkedIn, and the open web, with the corroborating signals attached. The trust direction is reversed: you start from public footprint, then reach out, rather than starting from a stranger and trying to detect synthesis.

The senior-IC and remote-AI blind spot

There is a tempting read of the data that says "cheating is an entry-level problem, identity fraud is someone else's problem." It is wrong on both counts.

CodeSignal's 40% entry-level cheating rate matters because entry-level is where most companies still rely heavily on inbound. But the Amazon disclosure is the more dangerous signal for senior leaders: DPRK operations are deliberately shifting toward remote AI/ML and senior IC roles because they pay more, get less in-person oversight, and let one operator carry several identities at once. The two threats hit different funnel stages, but they share a single root cause, which is treating "applied to us" as evidence of "exists as claimed."

For a founding AI engineer or staff infra hire, an outbound-only motion is not paranoid. It is the cheaper path. The set of humans who plausibly fit a senior-AI-engineer JD with verifiable public output is small enough to enumerate. Refolk's index shows hundreds of thousands of identifiable senior, staff, and principal engineers in the U.S. alone with verifiable employer tenure, concentrated in SF, NY, and Austin. That is a finite, sourceable population. Filtering 827 strangers per role is not.

The legal layer just landed

On May 6, 2026, the New York State Bar Association published "Addressing the Threat of Fake Job Candidates," authored by Priscilla Lundin. The piece reframes deepfake hiring as a duty-of-care issue, not a "we got scammed" defense. Experian's 2026 Future of Fraud Forecast slots deepfake hiring as the number two fraud threat for the year.

The enforcement record is now thick enough to cite. Christina Marie Chapman, who ran an Arizona laptop farm enabling DPRK workers across more than 300 U.S. companies (with $17M+ in revenue passing through), was sentenced in July 2025 to 102 months. Oleksandr Didenko, whose identity-rental service fed roughly 40 U.S. employers, was sentenced in February 2026 to five years.

What that means in practice: HR and talent leaders now have a documented duty to verify, and "we ran the standard background check" is no longer a complete answer. Outbound sourcing produces a defensible audit trail. You contacted a specific verifiable human at Company X, with a public footprint dated before the role opened, through a channel they previously used in public. That trail is much harder to assemble after the fact from an inbound applicant whose entire existence began the day they applied.

What to actually change Monday morning

Three concrete moves. None of them require throwing out your ATS.

1. Invert the ratio of sourced to applied for any remote senior IC role

If your remote staff and principal funnels are still 80%+ inbound, you are operating on 2022 assumptions. Flip it. Aim for 70%+ outbound on remote senior roles, with inbound treated as a lead source that has to clear the same triangulation bar before a recruiter spends time on it. The Lili Infante quote ("every time we list a job posting, we get 100 North Korean spies applying to it") is from a crypto-forensics CEO, but the structural point applies to anyone hiring remote senior IC.

2. Make triangulation a screening artifact, not a vibe

Before any senior-IC phone screen, your recruiter should attach: GitHub handle with a 90-day commit chart, at least one talk or publication link, and one named former coworker who is reachable. If two of three are missing, the candidate goes back to sourcing, not forward to interview. This is exactly the work Refolk front-loads: the shortlist arrives with the corroborating links already attached, so the screening artifact exists before you spend recruiter time.

3. Treat polished LinkedIn profiles on remote senior roles as neutral, not positive

Given the dormant-account hijacking pattern, a clean LinkedIn is now baseline, not signal. The signal is the cross-source consistency: do the GitHub timezones match the claimed location, does the conference talk match the employer tenure, do the coauthors confirm the project. Refolk's job is to do that cross-source check at search time so you are not doing it at interview time.

1,800+

The Dawid Moczadło video, where he caught a deepfake candidate live by asking him to wave a hand in front of his face, went viral because it was funny. It should have gone viral because it was the cheapest possible detection, and it still required getting to the video stage of a process that should never have started. The outbound version of that story is short: the candidate has a 2019 commit history, gave a talk at GopherCon 2023 with video on YouTube, and a former teammate at Cloudflare confirmed they sat near each other. There is nothing left to deepfake.

FAQ

Is outbound really safer than inbound, or am I just moving the problem?

Outbound is safer because the trust direction is reversed. Inbound asks "is this stranger who they say they are." Outbound starts from a public footprint that predates the role and reaches out to that footprint through channels the person has used before. Synthetic identities can pass any single check (a polished LinkedIn, a stolen ID, a deepfake video) but they fail at multi-source triangulation across GitHub history, conference talks, named coauthors, and reachable former colleagues. You are not eliminating risk. You are forcing attackers to fake five things at once instead of one.

What about the cost? Outbound sourcing is more expensive per candidate.

Per candidate, yes. Per hire, no longer. When 12.5% of applications to a single role are fake, your inbound cost-per-qualified-candidate is being silently inflated by the verification overhead, the wasted recruiter screens, the legal exposure, and the rare but catastrophic case of an actual bad hire shipping code from a laptop farm. The CodeSignal doubling and the Amazon QoQ trend mean inbound cost is rising fast. Outbound cost, especially with tools that automate the triangulation, is roughly flat.

Does this only apply to remote roles, or does it matter for in-person hiring too?

It matters most for remote senior IC and remote AI/ML roles, which is where Famous Chollima and similar groups are concentrating. In-person hiring has natural friction (you eventually meet the person) that defeats most identity fraud, though not assessment cheating, which CodeSignal shows is up across the board. If you are hiring in-person in the Bay, outbound is still better for quality reasons. If you are hiring remote senior, outbound is now a security control.

Where does Refolk fit in this stack?

Refolk replaces the "find the verifiable humans" step. You describe the engineer in plain English and get back a ranked shortlist with the corroborating signals (GitHub, talks, employer tenure, open-web footprint) already attached, across LinkedIn and the rest of the web. Your recruiters and hiring managers spend their time on outreach and conversations with people whose existence is already triangulated, instead of running an adversarial detection contest against deepfake candidates in your ATS.