Independent market research · June 2026

The State of
Candidate Fraud
Detection & Prevention

Candidate fraud is no longer a hiring-quality problem. It is a security problem, and the defense is months behind the threat.

1 in 4
candidate profiles could be fake by 2028 (Gartner)
60+
vendors now claim a fraud or hiring-integrity capability
9
stages of the hiring funnel, each with its own attack surface
0
vendor-neutral response playbooks exist today

The wake-up call

The hiring funnel is now an attack surface.

For years, candidate fraud meant an inflated résumé or a reference you couldn’t quite verify. Most teams treated it as a quality-control problem and absorbed the cost. That assumption no longer holds.

AI now generates convincing résumés, coaches candidates live through interviews, and assembles synthetic professional identities. Remote hiring stripped away the in-person signals teams once trusted. The result is a new threat class: identity manipulation, deepfake interviews, coordinated reference networks, and workforce-infiltration schemes aimed at systems, data, and IP.

The evidence is no longer anecdotal:

  1. KnowBe4 · 2024

    A North Korean operative cleared every hiring control.

    He cleared every interview, the background check, and reference verification. The control that caught him was endpoint security on day one, not the hiring process.

  2. Pindrop · 2025

    A deepfake ran live in a real interview.

    Pindrop, itself a fraud vendor, caught a real-time face overlay in its own candidate pipeline. The same identity came back eight days later through a different recruiter.

  3. Nisos

    A single thread led to a 40-device laptop farm.

    Security firm Nisos advanced one suspected operative and uncovered an organized network running multiple fabricated identities across U.S. companies at the same time.

Fraud in hiring is not new. The threat has operated for years. The defensive market is months old. That asymmetry is the condition this report explores.

The deeper findings

Six findings that complicate the vendor pitch

Organizing the obvious is the easy part. These are the six that complicate the conventional read of this market, the ones a vendor demo will not show you.

  1. 01

    Recruiting metrics can’t tell you if a fraud program is working

    A team seriously fighting fraud and a team simply getting worse produce the same dashboard: time-to-fill up, cost-per-hire up, conversion down. Until scorecards measure hiring integrity, the incentive structure quietly punishes the right behavior.

  2. 02

    The embedded paradox

    Fraud detection baked into your ATS works best for the organizations that least need it. Signals require a human to adjudicate them, and the small teams most likely to buy the embedded feature are the least equipped to act on a flag.

  3. 03

    Rival vendors quietly agree on the design

    Four competitors on entirely different architectures (Ashby, Socure, CodeSignal, and Findem) independently landed on the same three commitments: surface signals not verdicts, explain every signal, and never auto-reject. Convergence this clean is a structural finding.

  4. 04

    The best signal is the one teams stopped using

    Forget biometric liveness for a moment. The most reliable, least gameable signal in the market is the IP address and device fingerprint of a candidate’s references. When five references submit from one device, that is not a probability. That is one person, or a small ring, filling out their own reference checks.

  5. 05

    The fraud vendors are themselves being attacked

    Socure reports a quarter of its own applicants are fake. Pindrop caught a deepfake candidate in its own pipeline. When a vendor describes a fraud pattern from its own funnel, that is primary data, not a marketing claim.

  6. 06

    The category crystallized in about 18 months

    At least fifteen of sixty-plus vendors launched or rebuilt their hiring-fraud product between mid-2025 and early 2026. The strongest are doing serious work. The weakest are riding the category’s launch energy with little underneath. The report gives you the lens to tell them apart.

What the research keeps converging on

50%
Roughly the rate at which humans correctly spot AI-generated content and real-time deepfakes. A recruiter judging authenticity by sight is, statistically, flipping a coin.
4
Video interviews a North Korean operative passed at KnowBe4, a company whose entire business is teaching people to spot deception. The threat has outpaced unaided human observation.
0
Vendor-neutral, broadly adopted candidate-fraud response playbooks in existence. The market has produced detection without producing response.

What’s inside

Written for the people who get the call first

That means Talent Acquisition leaders, Security leaders, and HR executives responsible for protecting hiring integrity.

It maps the market and gives you a way to evaluate it. It does not rank vendors.

  1. S1

    The State of Candidate Fraud

    How a hiring-quality issue became an organizational risk.

  2. S2

    The Hiring Funnel Under Threat

    Where fraud appears across nine stages, and how teams respond.

  3. S3

    What Real Incidents Reveal

    Documented cases: KnowBe4, Pindrop, and reference manipulation.

  4. S4

    Governance & Accountability

    The ownership gap, and the four models closing it.

  5. S5

    The Market Landscape

    Three vendor buckets, coverage by stage, and the gaps between.

How we did the research

We don’t take the vendor’s word for it

60+

vendor solutions mapped across the hiring lifecycle

Direct

interviews with practitioners and product leads across the market

Documented

incidents drawn from public disclosures and security research

A note on vendor claims. Most accuracy figures in this market are self-reported, against methodologies vendors designed, on populations they chose. Throughout, the report flags where claims are independently validated, and where they are not.

Releasing soon

Be first to read it.

The full report drops soon. Add your email and we’ll send it the moment it’s live, before it’s anywhere else.

The decision that matters is not which vendor to buy. It is who, on the org chart, is responsible when the next one gets through.

Get early access

The State of Candidate Fraud Detection & Prevention · Kyle & Co. · June 2026

Live webinar

Who owns the seam? A live session on candidate-fraud response

Join the Kyle & Co. research team to walk through the findings, the funnel, and the ownership models, then leave with the questions to ask before your next incident.

Register