A synthetic video of Warren Buffett was used to open the Q&A session at Berkshire Hathaway's first annual meeting without him as CEO, and the incident is less a curiosity about AI technology than a warning about the authentication gap at the center of corporate investor communications.
Of all the venues where a deepfake might surface, Berkshire Hathaway's annual shareholder meeting sits near the top of the list of places where identity and authority carry the most weight. This is a gathering that draws tens of thousands of investors who have organized their financial lives around the judgment of one man for decades, and whose successor Greg Abel is now being evaluated against that legacy in real time. The appearance of a synthetic version of Buffett asking a question at the session was not a malicious attack in the conventional sense. It was, by most accounts, framed as a demonstration or stunt rather than a genuine attempt at deception. But the fact that it happened at all, that it was technically feasible, socially plausible, and difficult to immediately identify as synthetic in a live format, is the part that matters for anyone responsible for investor communications, board governance, or executive identity management at a public company.
The Berkshire meeting is as high-trust a corporate ritual as exists in American finance. Attendees and remote participants extend significant credibility to everything that happens within that format. If a deepfake Buffett can be introduced into that environment, even briefly and even without malicious intent, the question of what would happen in a context where the intent was explicitly deceptive becomes impossible to dismiss. A fabricated video of a CEO making market-moving statements, a synthetic voice clone submitted as an audio question at an earnings call, a generated clip of a board chair addressing a contested vote: none of these scenarios require technology that does not exist today, and all of them have potentially serious consequences for the companies and investors involved.
Most investor relations and corporate governance infrastructure was built in an era when the primary concerns around submitted questions were relevance and civility, not identity verification. Earnings calls managed by IR teams typically screen questions for content and tone. Annual meetings have procedures for validating shareholder status before a microphone is handed over. None of these processes were designed to detect whether the person submitting a question is who they claim to be, or whether a video or audio submission is authentic. The Berkshire incident is a public demonstration that those processes have a gap that generative AI has now made exploitable at a cost and skill level available to almost anyone.
Closing that gap requires thinking about authentication at each point in the event format where identity can be spoofed. For live in-person events, the risk is primarily in remote submissions and pre-recorded video questions, where the physical presence check that catches an obvious impersonation does not apply. For hybrid or fully virtual formats, the attack surface is considerably larger. Earnings calls that accept questions through web portals or third-party platforms, investor day presentations that include video testimonials or submitted questions from retail shareholders, and any format that displays or plays back content that was not produced in a controlled, verifiable environment are all candidates for this category of manipulation.
The solutions are not complicated in concept, though they require deliberate implementation. Cryptographic verification of submitted content, requiring questions to be submitted through authenticated channels tied to verified shareholder identity, and implementing watermarking or provenance tagging for any video or audio used in investor contexts are all technically available options. C2PA, the Coalition for Content Provenance and Authenticity, has developed an open standard for attaching verifiable provenance metadata to media files that a growing number of camera manufacturers, editing platforms, and content management systems have begun supporting. The adoption curve in corporate communications has been slow, but the business case for accelerating it just became more legible.
The startup opportunity the incident creates
Identity security in high-stakes corporate communications is a real and growing market that has been developing somewhat below the visibility line of mainstream enterprise software investment. Companies like Reality Defender, Pindrop, and ID R&D have been building detection and verification tooling for synthetic media and voice cloning, primarily aimed at financial services fraud prevention and media authentication. The Berkshire incident broadens the addressable market for these tools into a corporate governance context that has not historically thought of itself as a synthetic media risk environment.
The investor relations software category, which includes platforms like Q4, Notified, and Irwin, will need to build authentication capabilities into their event management infrastructure or face pressure from IR teams and boards who now have a concrete, high-profile incident to point to when making the case for upgraded verification. That creates a product development opportunity for incumbents and an entry point for startups building identity-verification tooling specifically for the investor communications workflow. The procurement conversation is easier when the risk is not hypothetical.
For founders and executives thinking about their own exposure, the practical starting point is an honest inventory of where synthetic impersonation could create damage: earnings calls, investor days, board presentations, media appearances, and any format where a plausible fake could be mistaken for the real thing long enough to move a decision or a market. Building authentication protocols for those contexts is not a technology problem at this point. It is a governance and operational discipline problem, and the companies that treat it as such now will be better positioned than those waiting for a more damaging incident to prompt the conversation.
Also read: Big Tech Is Spending $725 Billion on AI This Year While Cutting the People Who Built It • ElevenLabs is moving from voice generation into voice labor and the call center industry has not fully priced that in • AI dictation apps are proliferating fast but the startups building them are running out of time before the platforms absorb the category
