In the autumn of 2024, a procurement director at a mid-sized UK infrastructure firm nearly approved a supplier based partly on a portfolio of project photographs. A junior analyst flagged something odd: the shadows in several images fell in two different directions simultaneously. The portfolio was entirely AI-generated. The supplier did not exist. This is no longer an edge case — it is the shape of a risk that is arriving at organisations of every size, in every sector, with increasing frequency and sophistication.
The volume of synthetic media online has grown at a pace that has outrun both platform moderation and most people's instincts. Image and video generators have become genuinely accessible tools, producing output that, at first glance, is often indistinguishable from authentic photography or footage. But the key phrase is 'at first glance'. These systems — however impressive — are trained on patterns. They have no understanding of physics, no experience of how light actually behaves, no intuition for the way water moves or how a hand grips an object. And that gap leaves traces. Learning to read those traces is quickly becoming an essential competence for senior decision-makers, communications teams, legal and compliance functions, and anyone responsible for verifying information in a professional context.
Why AI Generators Produce Physical Impossibilities
To spot AI artefacts reliably, it helps to understand why they occur. Modern image generators — whether diffusion-based systems like Midjourney and DALL-E 3, or video tools like Sora and Runway — do not model the physical world. They learn statistical relationships between pixels and the text descriptions used to label training data. The result is a system that is exceptionally good at producing images that look plausible in aggregate, but which has no internal representation of causality: it does not 'know' that a shadow must originate from a single light source, or that liquid obeys gravity, or that reflections in a mirror must be geometrically consistent with the scene they reflect.
This is why the errors tend to cluster around physics and geometry rather than texture or colour. Texture and colour are highly represented in training data; the underlying rules of optics and fluid dynamics are not something a neural network absorbs by seeing enough JPEGs. The result is a distinctive category of failure — visually rich, superficially convincing, but quietly impossible when examined with any rigour.
The Specific Tells: A Practical Field Guide
Lighting and shadow inconsistency is the single most reliable indicator currently available to the naked eye. In a genuine photograph, all shadows in a scene share a common origin point — the dominant light source. In AI-generated images, it is common to find shadows falling at conflicting angles within the same frame, or objects that cast no shadow at all while standing next to objects that do. Look also at reflective surfaces: windows, glasses, polished floors, and bodies of water are notorious weak points. Reflections in AI imagery frequently fail to correspond geometrically to what should be reflected — a window might show a cityscape that contradicts the building's orientation, or sunglasses might reflect a scene the wearer cannot logically be facing.
Fluid dynamics and organic movement are equally revealing, particularly in video. Current AI video generators struggle profoundly with the behaviour of liquids. Water flowing from a tap, waves on a beach, a drink being poured — all of these involve complex, non-linear physics that models approximate poorly. The result is liquid that appears to move in loops, defies gravity at the edges of a scene, or maintains an unnaturally uniform texture. Hair and fabric present similar challenges: AI-generated hair often appears to merge, split, or float in ways that real hair — subject to weight, moisture, and friction — simply does not. In video specifically, watch for objects that subtly change shape or size between cuts, and for text visible in the scene: AI generators are notoriously unreliable with legible text, producing letters that rearrange, blur, or become nonsensical when examined frame by frame.
Hands and anatomical edges are a well-documented failure mode that remains relevant even as models improve. Fingers merge, split, or number more than five; knuckles appear on the wrong side; wrists connect to palms at impossible angles. The edges of human figures — where a person meets a background — often show subtle but telling inconsistencies: a kind of smooth, over-resolved quality that differs from the noise and compression artefacts present in genuine photography. Faces, while increasingly convincing in still images, tend to show symmetry that is almost too perfect, or micro-expressions that do not quite align with the emotional register of the scene. In video, facial movement under speech — lip sync, the movement of jaw and cheek muscles — frequently mismatches in ways perceptible at normal playback speed.
Organisational Risk: Where This Is Landing Right Now
For UK organisations, the risk landscape is best understood in three domains. The first is supplier and counterparty verification. As the procurement example above illustrates, synthetic media is now being deployed to construct fictitious company credibility — fake case studies, fabricated project imagery, AI-generated headshots of non-existent personnel. Due diligence processes that were designed for a world of real photographs are increasingly inadequate. Organisations need to build verification checkpoints that treat visual media as provisional until cross-referenced against other sources.
The second domain is communications and reputational risk. Deepfake video and audio of senior executives is an established threat vector, used in both financial fraud and reputational attack campaigns. The UK's Financial Conduct Authority and the National Cyber Security Centre have both issued guidance acknowledging synthetic media as a component of contemporary fraud methodology. Boards and executive teams need clear protocols for responding to suspected synthetic impersonation, including rapid verification pathways and pre-agreed communication responses. The third domain is information integrity within the organisation itself. As employees increasingly use AI tools for research, reporting, and analysis, the risk of synthetic imagery entering internal knowledge bases or being used uncritically in presentations and reports is real and growing. This is less a technology problem than a training and culture problem — and it is addressable.
Detection Tools: Useful, But Not Sufficient
A range of automated detection tools has emerged — platforms such as Hive Moderation, Illuminarty, and Google's SynthID (embedded in Gemini-generated content) offer probabilistic assessments of whether an image is AI-generated. These tools are genuinely useful as a first filter, particularly for high-volume screening. However, it would be a strategic error to treat them as definitive. Detection models are trained on known generators; novel or fine-tuned models may evade them. Detection accuracy degrades when images are resized, compressed, or run through post-processing filters — all trivially easy operations. And the adversarial dynamic is real: as detection improves, generation adapts.
The more durable investment is in developing human perceptual literacy — specifically, the trained capacity to notice physical impossibilities of the kind described above. This is not a specialist skill reserved for forensic analysts. With structured exposure and practice, most professionals can develop a reliable baseline competence within a few hours of deliberate training. The organisations that will navigate this environment most effectively are those that treat synthetic media literacy not as an IT concern, but as a core information governance capability — embedded in onboarding, refreshed regularly, and applied as a matter of habit rather than exception.
The honest position for any UK organisation entering 2025 is that synthetic media is already present in your information environment — in supplier communications, in news sources your teams monitor, in content shared in internal channels, and potentially in documents submitted to your organisation as evidence of capability or identity. The question is not whether to engage with this problem, but how systematically you choose to do so.
A sensible starting point is a brief internal audit: where in your organisation do visual assets get accepted without verification, and what would a lightweight verification checkpoint look like in each of those contexts? Pair that with a short, practical training session on the physical tells outlined above — not a lengthy e-learning module, but a focused, example-driven exercise that gives people a reliable framework and the confidence to raise a flag when something looks wrong. The shadows, the water, the hands, the text: these are not arcane forensic details. They are learnable, visible, and increasingly important. The organisations that build this capacity now will be materially better placed than those that wait for the problem to become undeniable.
Are AI detection tools like Hive or SynthID reliable enough to use as the sole verification method?
No. Automated detection tools offer a useful first filter but are not definitive. Their accuracy degrades when images are compressed, resized, or post-processed, and they may not recognise output from novel or fine-tuned generators. They are best used as one layer within a broader verification approach that includes human review.
How quickly are AI video generators improving — will these physical tells still be relevant in 12 months?
Models are improving rapidly, and some tells — particularly around facial rendering — are becoming less reliable. However, fluid dynamics, complex lighting geometry, and text rendering remain persistent weaknesses because they require genuine physical understanding rather than pattern matching. The specific tells will evolve, but the principle of looking for physics violations will remain valid for the foreseeable future.
What is the legal position in the UK if an organisation is defrauded using AI-generated materials?
Using AI-generated content to deceive a counterparty into a financial or contractual decision can constitute fraud under the Fraud Act 2006, regardless of the technology used to create it. Organisations that are victims should report to Action Fraud and, where financial services are involved, the FCA. Preserving all original digital evidence — including metadata — is important from the outset.
Can AI-generated images be spotted in compressed formats like JPEGs shared via email or messaging apps?
Compression makes detection harder for both automated tools and human reviewers, as it can obscure fine-grained artefacts. However, the physical impossibility tells — contradictory shadows, impossible reflections, malformed hands — typically survive compression because they are structural features of the image rather than pixel-level noise. Focusing on these is more reliable than looking for compression artefacts.
Is audio deepfake detection a separate discipline from image and video detection?
Yes, audio deepfakes — synthetic voice clones used in phone-based fraud or to impersonate executives — require different detection approaches. Key tells include unnatural prosody, background noise that cuts out too cleanly, and slight de-synchronisation with lip movement in video calls. Organisations concerned about executive impersonation via voice should also consider pre-agreed verbal verification codes for high-value authorisation requests.
How should we handle a situation where we suspect a supplier has submitted AI-generated imagery as evidence of past work?
Request alternative evidence that cannot be easily fabricated — for example, third-party references with verifiable contact details, Companies House filings, or site visit opportunities. Do not confront based solely on visual suspicion without corroborating evidence. If the concern relates to a live procurement, pause the process and involve your legal team before proceeding.
What does a practical synthetic media literacy training session actually look like for a non-technical team?
Effective sessions are typically 60 to 90 minutes, example-driven, and focused on developing a repeatable checklist rather than comprehensive technical knowledge. Participants are shown real and synthetic images side by side and guided through applying the physical tells systematically. The goal is not perfection but confident, habitual scepticism — knowing what to look for and when to flag something for further review.
Are there specific sectors in the UK where synthetic media fraud is most prevalent right now?
Financial services, property, and professional services are currently the highest-exposure sectors, based on reported fraud patterns and NCSC guidance. These are areas where visual credibility — project portfolios, personnel profiles, property imagery — carries significant weight in commercial decisions. However, synthetic media fraud is sector-agnostic in principle and is being documented across public sector procurement and charity contexts as well.
Does watermarking or metadata embedding reliably identify AI-generated content at source?
Cryptographic watermarking, such as Google's SynthID, is a promising approach but is currently limited to content generated by platforms that have adopted it. Metadata can be stripped trivially with widely available tools. Until watermarking becomes an industry-wide standard enforced at platform level, it cannot be relied upon as a comprehensive solution — it is a supplement to, not a replacement for, perceptual and procedural verification.
How should boards and executive teams prepare for the risk of deepfake video impersonation?
Boards should ensure they have a documented response protocol that includes a rapid verification pathway — for example, a secondary contact method or a pre-agreed challenge question — before acting on any unexpected video or audio instruction involving financial authorisation or sensitive disclosure. Communications teams should also have a pre-approved statement template ready for use if synthetic impersonation of a senior figure becomes public.
More from iCentric Insights
View all
Get in touch today
Book a call at a time to suit you, or fill out our enquiry form or get in touch using the contact details below