The Real Asset Security Model Was Built on Friction. AI Just Eliminated It.
The assumption that protected every real asset portfolio for a century, that impersonation was expensive, is dead. The industries that own the physical world are the ones least prepared for what comes next.
In February 2024, a finance employee at Arup, the engineering firm behind the Sydney Opera House and Beijing's Bird's Nest Stadium, joined a video call with his CFO and several colleagues to approve a confidential transaction. Every face looked right. Every voice sounded right. Over the following days, he executed fifteen wire transfers totaling HK$200 million, roughly $25 million USD.
He was the only real person on the call.
No network was breached. No password was cracked. No vulnerability was exploited in any piece of software. The attack ran on the one system real estate, construction, hospitality, and logistics have leaned on for a century: human trust, verified by a face and a voice.
That system just broke.
The Assumption That Protected Every Real Asset Portfolio Is Gone
Every security posture ever deployed in the industries that own and operate physical assets, whether office, multifamily, hospitality, industrial, data centers, or energy infrastructure, rested on an implicit assumption: impersonating a known executive or vendor at scale was expensive. It required a voice actor, a staged video, a long con, or an insider. It did not scale. You could reasonably assume that when your controller got a call from the CFO to release funds, the voice on the line had not been synthesized that morning from his LinkedIn interviews.
That assumption is dead. Generative AI has driven the marginal cost of impersonation to zero.
What used to take a sophisticated criminal syndicate — voice cloning, face models, real-time video synthesis — now takes a laptop, a handful of commodity tools, and a few minutes of source audio or video. The same content-generation curves that produced ChatGPT have produced a fraud infrastructure, and it has arrived in the one set of industries least prepared to absorb it.
This is not a projection. It is already happening, at a rate that most operators have not registered.
Real assets are uniquely exposed because the operating model sits on three overlapping surfaces: a physical footprint, a digital control layer, and a human approval chain. A modern office tower has an IT network, an OT network running HVAC and elevators and access control and lighting, a property management system, a vendor ecosystem of roughly fifty service providers, and a daily cash movement flow running through a small number of people. The attack no longer starts at the firewall. It starts at the weakest human in that chain, and AI has made every human in that chain weaker at once.
The Convergence Has Already Happened. Most Owners Haven't Noticed.
In September 2023, a loose collective of native-English-speaking social engineers known as Scattered Spider — many of them teenagers — called the IT help desk of MGM Resorts, impersonated an employee whose LinkedIn profile they had scraped, and talked their way into credentials. Within hours they had moved laterally into the systems that run slot machines, hotel keys, and digital signage. MGM disclosed roughly $100 million in impact. Caesars, hit in parallel, reportedly paid around $15 million to make the attackers go away.
These were not cyber attacks in the traditional sense. They were phone calls. The attackers did not need to defeat MGM's billion-dollar surveillance apparatus, its security staff, its physical access controls, or its regulators. They needed to defeat one help-desk worker, once. The physical-world fortress was bypassed by a voice on a phone.
This is the convergence point. Physical security and cyber security are no longer distinct disciplines protecting distinct surfaces. They are two faces of the same attack surface, and the industries that own the physical world still run them as separate budgets, separate vendors, and separate reporting lines. That organizational seam is now the vulnerability.
What the Exposure Looks Like by Asset Class
Office. Building automation systems (HVAC, access control, elevators, lighting, surveillance) are increasingly IP-connected and increasingly administered by small service vendors whose own cyber posture is an open question. A compromised vendor credential is a building-wide vulnerability. A deepfake of the property manager calling the BAS vendor to "reset access" is now a viable attack path. The headline risk is not a ransomed lobby screen. It is an attacker with persistent access to the HVAC of a trophy asset, holding the life-safety implications over the owner's head.
Multifamily. The industry has spent a decade digitizing: online leasing, resident portals, integrated payments, smart locks, package rooms. Each integration is a vendor. Each vendor is an identity surface. The personally identifiable information of tens of thousands of residents sits across property management systems, background check providers, and payment processors. The wire fraud vector is also acute. Rent syndication payouts, construction draws, and vendor payables all move on email-and-phone approval chains that were never designed to withstand synthetic voices.
Hospitality and gaming. MGM and Caesars were the warning shot. Casinos in particular concentrate everything a deepfake-enabled attacker wants: high daily cash flow, complex vendor and entertainment payables, VIP hosts who authorize large transactions by phone, and an OT environment that physically controls the floor. Hotels without gaming are no less exposed. They simply make the news less often.
Data centers. The facilities most aware of cyber risk are also the ones with the most valuable physical access to protect. The path from a deepfaked service ticket to a tech with badge access inside a cage is shorter than most operators want to admit. Hyperscaler tenants are already auditing this path. Colocation operators who can prove a converged physical-and-digital security model will price it into leases within the next 24 months. The ones who cannot will lose deals they do not realize they were in.
Industrial and warehousing. Warehouse management systems, robotic fleets, and yard management increasingly run on networks that touch corporate IT. A logistics operation can be shut down as completely by a ransomware event as by a physical sabotage event, and the deepfake-as-wedge pattern works just as well on a dispatch supervisor as on a CFO. The attack surface of a modern industrial portfolio is no longer a fence line. It is a directory of every human who can authorize movement.
The Loss Curve Is Already Priced In
$12.3B → $40B — Deloitte's projected US generative-AI-enabled fraud losses, 2023 to 2027 (32% CAGR)
$200M+ — Deepfake-enabled fraud losses reported in North America, Q1 2025 alone
680% — Year-over-year increase in voice deepfakes in 2024 (Pindrop)
~$500K — Average enterprise loss per deepfake incident in 2024
$200M+ — Deepfake-enabled fraud losses reported in North America, Q1 2025 alone
680% — Year-over-year increase in voice deepfakes in 2024 (Pindrop)
~$500K — Average enterprise loss per deepfake incident in 2024
The Deloitte Center for Financial Services projects that generative-AI-enabled fraud losses in the US will climb from $12.3 billion in 2023 to approximately $40 billion in 2027, a 32% compound annual growth rate. That is not a tail scenario. That is the baseline.
Deepfake-enabled fraud alone accounted for more than $200 million in reported North American losses in the first quarter of 2025. Voice deepfakes rose 680% year-over-year in 2024 per Pindrop. The average enterprise loss per deepfake incident was close to $500,000 in 2024, with some crossing $680,000. These are the numbers real asset operators are competing against when they argue that this quarter's cyber budget can slip another cycle.
What Owners and Operators Actually Need to Do
The instinct of most boards is to buy more software. That is not the answer. The answer is structural.
Rebuild the verification layer on the assumption that voice and video are unreliable. Any financial movement above a defined threshold, any credential reset, any vendor change, and any physical access change requires verification through a second, pre-agreed channel: a callback to a known number, a pre-shared code phrase, or a signed message through a managed platform. This is not exotic. It is what banks have done for decades. Real asset operators have not done it because they did not have to. Now they do.
Converge the security organization. Most real asset platforms still have a Director of IT Security and a VP of Physical Security who do not share a boss below the CEO. That model is obsolete. The function needs a single executive — call it a Chief Security Officer, a Chief Trust Officer, whatever the org tolerates — with authority across both domains and a single incident playbook. The boards that hire this role in 2026 will look prescient by 2028.
Segment OT from IT, ruthlessly. Building automation, access control, elevators, and industrial control systems should not share a network with email. In a non-trivial share of the Class A office stock in the United States, they still do. This is a multi-year retrofit, and it is the largest single risk reducer available to a large owner.
Tabletop the specific scenarios. Run an annual exercise where the attacker is a deepfaked CFO demanding a wire. Another where it is a deepfaked general contractor calling for a construction draw. Another where it is a deepfaked tenant escalating to the BAS vendor. The purpose is not to prove you have a process. It is to discover that you don't.
Audit the vendor perimeter as if it were your own. The number of real estate breaches that have originated in an HVAC contractor, a property management software vendor, or an identity verification provider is too large to be a coincidence. Every major vendor contract should carry cyber and deepfake-response language, with audit rights. Operators with more than 500 vendors need a dedicated vendor risk function. The overwhelming majority do not have one.
Re-read your insurance. Most crime policies do not cover losses initiated by a voluntary, if deceived, transfer. Most cyber policies do not cover social engineering without a specific rider. The Arup-style attack sits in a coverage gap at the majority of real asset operators. The right answer is not to panic. It is to bring the broker in and have the conversation before the incident, not after.
Who's Building the Defense
Two categories of venture-backed companies are worth naming, because the CSO memo you write after reading this piece will need a vendor shortlist. One group is rebuilding cyber defense for the physical asset base itself. The other is attacking the deepfake problem directly. A mature security posture will almost certainly include both.
Cybersecurity for the Physical Asset Base
Company Spotlight
Claroty (New York) — The category leader in cyber-physical systems protection. Claroty explicitly sells into commercial real estate, data centers, and retail facilities for building management systems and connected cyber-physical assets. Raised $150 million in early 2026 at roughly a $3 billion valuation and is widely reported as IPO-track.Company Spotlight
Dragos (Hanover, Maryland) — The purpose-built OT and ICS specialist, founded by former NSA industrial cyber operators. Dragos protects building automation systems alongside critical infrastructure in electric, oil and gas, and manufacturing. Last valued at $1.7 billion. Known for having its own in-house OT threat intelligence and incident response teams, which matters when an attack hits at 2am on a holiday.Company Spotlight
Phosphorus Cybersecurity (Nashville) — A rising xIoT security management platform focused on the edge of the smart-building ecosystem: the cameras, badge readers, thermostats, sensors, and building controllers that now number in the tens of thousands per large portfolio. Phosphorus automates password rotation, firmware updates, and configuration hardening across more than 1,100 device manufacturers, addressing the "default credentials on 40,000 devices" problem most operators do not know they have.Company Spotlight
Ordr (Santa Clara) — Real-time IoT and OT asset inventory and automated security policy enforcement. Ordr's value to a real estate operator is visibility: you cannot protect devices you have not inventoried, and in a portfolio with thousands of connected assets across dozens of buildings, the ground truth is usually worse than the IT director believes.Company Spotlight
Closinglock (Austin) — The real-estate-native play. Closinglock prevents wire fraud and deepfake-driven impersonation specifically in residential closings: identity verification, secure wire instructions, document management, and payment workflows for title companies, agents, and lenders. Raised a $34 million Series B in early 2025, explicitly citing deepfake proliferation as the reason to accelerate. A useful signal that the threat is already being priced at the transaction layer, not just the building layer.Countering the Deepfake Directly
Company Spotlight
Reality Defender (New York) — Multimodal deepfake detection across audio, video, image, and text, built for enterprise and government. Expanded Series A to $33 million in late 2024 with Booz Allen Ventures, IBM Ventures, Accenture, DCVC, and The Partnership Fund for New York City. Deploys inside communication channels like Zoom and conferencing platforms, which is where the Arup-style attack lives.Company Spotlight
Pindrop (Atlanta) — The voice-first incumbent. Pindrop sits inside contact centers and customer-service voice channels to flag synthetic audio in real time. Raised a $100 million debt facility in mid-2024 to expand into new verticals. A hotel group, casino, or large multifamily call center can deploy Pindrop in front of its existing voice stack. A Class A office owner should be asking whether its property-management call centers and tenant hotlines have this kind of protection at all.Company Spotlight
Truepic (San Diego) — Content authenticity at the point of capture, rather than deepfake detection after the fact. Truepic leads the C2PA content provenance standard, embedding cryptographic trust signals into photos and videos when they are created. For insurance adjusters inspecting storm damage, for construction draw documentation, or for identity verification in a remote closing, Truepic shifts the question from "is this real" to "was this captured with verifiable provenance."Company Spotlight
GetReal Security (formerly GetReal Labs) — Enterprise deepfake defense focused squarely on the attack vector that hit Arup: executive impersonation on video conferencing, voice spoofing of senior decision-makers, and manipulated media in business communication. Built specifically for the use case where a CFO deepfake requests a wire.Company Spotlight
Clarity (New York / Tel Aviv) — Real-time video and audio deepfake detection, positioned for enterprise communications and identity verification workflows. Raised $16 million in early 2024. Useful as a layered defense alongside Reality Defender and Pindrop in a defense-in-depth architecture.The Window
There is a version of this decade in which real asset owners treat the deepfake era the way the industry treated cybersecurity a decade ago: late, underfunded, and by the time the breach happens, too far behind to get ahead of. There is another version in which the best operators treat the convergence of physical and digital security as an operating advantage — where the leasing pitch to a Fortune 500 tenant includes the security posture, where the insurance premiums reflect the sophistication, where the LP update names the CSO.
The marginal cost of impersonation went to zero. The marginal cost of trust did not. The owners and operators who rebuild on that foundation first will compound an advantage that is very hard to replicate once the rest of the market catches up.
The call is coming from inside the building.