deepidv
All AI Prompts
FinTechCryptoiGamingEdTechPropTechGenerator

AI Prompt for Deepfake Incident Response Plans

This prompt turns a suspected deepfake event into a complete incident response package: an executive summary, technical timeline, 4/24/72-hour containment plan, internal and external communication templates, a regulatory notification draft, and a forensic preservation checklist. It is built for security, fraud, and compliance teams at fintechs, crypto platforms, iGaming operators, and other regulated companies responding to voice clones, video impersonation, or synthetic media in onboarding. Anything the model cannot verify is marked [PLACEHOLDER] instead of being invented.

AI Prompt for Deepfake Incident Response Plans

How to use this prompt

  1. 1

    Copy the full prompt into a deepidv dashboard agent, Claude, ChatGPT, or Gemini.

  2. 2

    Fill the bracketed fields: incident type, what was attacked, detection method, time of detection, confirmed or suspected loss, containment status, industry, and affected jurisdictions.

  3. 3

    Run it and review all six deliverables. Every fact the model could not confirm is flagged as [PLACEHOLDER] with a note on what you need to supply.

  4. 4

    Route the executive summary to leadership, the containment steps to security, and the regulatory notification draft to counsel before anything leaves the building.

  5. 5

    After the incident closes, pair the lessons learned with automated deepfake detection so the next attack is caught at the point of entry, not after the loss.

The prompt

You are a deepfake incident response specialist with experience in corporate security operations, regulatory compliance, and crisis communication. I need you to draft a complete incident response narrative for a suspected deepfake event.

Here is the situation:

Type of incident: [voice clone on a financial authorization call / video impersonation in a meeting / synthetic media in onboarding flow / deepfake content in social media impersonation / other]

What was attacked: [executive identity / customer onboarding / contact center agent / authorization workflow / other]

Detection method: [employee escalation / automated detection tool / external report / regulator inquiry / other]

Time of detection: [timestamp]

Confirmed or suspected loss: [financial amount / data exposed / accounts affected]

Current containment status: [contained / in progress / not yet contained]

Industry: [banking / fintech / crypto / igaming / proptech / hr tech / other]

Geography: [primary jurisdictions affected]

Produce the following deliverables:

1. Executive summary (200 words). Plain language summary suitable for a CEO or board chair. What happened, what is the exposure, what is being done.

2. Technical timeline (bulleted). Sequence of events from initial signal to current state.

3. Containment plan (numbered steps). What needs to happen in the next 4, 24, and 72 hours.

4. Communication template for affected employees and customers. Two versions: internal and external.

5. Regulatory notification draft for jurisdictions where notification is required. Identify the regulators based on the industry and geography I have given you.

6. Forensic preservation checklist. What evidence needs to be preserved and how.

Do not invent facts. Where I have not provided information, mark as [PLACEHOLDER] and identify what I need to fill in.

Pairs with on deepidv

Sources & further reading

FAQ

What should a deepfake incident response plan include?

A complete plan covers six pieces: a plain-language executive summary, a technical timeline of the event, containment actions for the first 4, 24, and 72 hours, communication templates for employees and customers, regulatory notification drafts for each affected jurisdiction, and a forensic evidence preservation checklist. This prompt generates all six from the incident facts you provide. Missing details are flagged rather than guessed.

Do I need to notify regulators after a deepfake attack?

It depends on your industry and jurisdiction, but a deepfake incident that causes financial loss or exposes customer data often triggers suspicious activity reporting, breach notification, or operational incident rules. The prompt identifies the likely regulators based on the industry and geography you enter and drafts the notification. Always have counsel review before filing.

Related prompts

GeneratorCompliance Prompt for Incident Response PlaybooksReview PromptAI Prompt for Auditing Deepfakes That Beat Human ReviewSystem PromptAI Prompt for Workforce Identity Verification Risk Audits

Run it with live verification data

These prompts work in any LLM. Inside the deepidv dashboard, Luna, Arbiter, and Arc run them against your real sessions, screening lists, and audit trails.

Book a Demo