Sign up to save your podcasts
Or
Share Won't Fix Episode 1: With tofu's Jason Zoltak
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Won't Fix Episode 1: With tofu's Jason Zoltak
In this first episode of Won't Fix, Rob Leathern talks to Jason Zoltak.
Jason is the founder and CEO of tofu, which is using AI and machine learning to fight fraud and deception in hiring and recruiting.
About Won't Fix: In software engineering, “won’t fix” describes a bug by acknowledging the issue but intentionally leaving it unsolved because addressing it is too costly, risky, or not worth the trade-offs.
Hear from the practitioners fighting phishing, deepfakes and bots, and learn about the broken systems and misaligned incentives that keep us all vulnerable.
Key Episode Takeaways:
- The Identity Fraud Pivot: tofu shifted from an AI resume screening tool to a fraud detection platform after discovering that remote hiring has enabled a massive surge in sophisticated identity misrepresentation.
- Near-Universal North Korean Infiltration: Virtually every company hiring for remote technical roles is now a target for North Korean IT workers, with some applicant pipelines reaching 80% fraud rates.
- The Fragmentation Vulnerability: The lack of a "digital passport" and the break in verification when moving a candidate from LinkedIn to an internal ATS creates a massive security gap for fraudsters to exploit.
- Shift in Security Ownership: Candidate fraud is transitioning from a Talent Acquisition burden to a CISO priority as companies realize recruiters lack the budget and expertise to fight organized cybercrime.
- Economic Scalability of Fraud: Fraudsters aren't looking for long-term tenure; they use deepfakes and proxies to "job stack," collecting multiple salaries simultaneously for a few months before being caught.
- The "Confirmation Bias" Trap: Once a candidate reaches the final interview stages, hiring managers and recruiters are psychologically prone to ignore red flags, making them vulnerable to sophisticated identity theft.
2:29 Jason's Background and tofu's Evolution
4:09 Discovering Candidate Fraud Through Direct Investigation
5:04 Market Response and Business Pivot Decision
6:35 Personal Motivation and AI Identity Challenges
8:17 Spectrum of Fraud vs. Embellishment in Hiring
10:25 Prevalence of North Korean IT Worker Infiltration
11:30 Evolution of Fraud Techniques and Identity Theft
13:18 Root Causes: Platform Disconnection and Identity Verification
15:26 Security vs. Talent Acquisition Budget and Responsibility Issues
17:36 LinkedIn Verification Challenges and Behavioral Incentives
19:20 Impact of Thin Digital Footprints on Legitimate Candidates
21:35 False Positive Management and Digital Footprint Requirements
24:16 Interview Process Fraud: Deepfakes and Proxy Detection
26:01 Sophisticated Deepfake Case Study and Technical Evidence
28:17 Economic Incentives and Scaling Strategies for Fraudsters
29:26 Corporate Espionage and Strategic Target Selection
32:15 Recruiter Incentive Conflicts and Trust Erosion
36:13 Critical Case Study: Final Round Interview Fraud Detection
37:28 Government Regulation vs. Private Sector Solutions
39:39 Upcoming Product Launches: ATS Reconnaissance and Continuous Monitoring
View all episodes
By Rob LeathernIn this first episode of Won't Fix, Rob Leathern talks to Jason Zoltak.
Jason is the founder and CEO of tofu, which is using AI and machine learning to fight fraud and deception in hiring and recruiting.
About Won't Fix: In software engineering, “won’t fix” describes a bug by acknowledging the issue but intentionally leaving it unsolved because addressing it is too costly, risky, or not worth the trade-offs.
Hear from the practitioners fighting phishing, deepfakes and bots, and learn about the broken systems and misaligned incentives that keep us all vulnerable.
Key Episode Takeaways:
- The Identity Fraud Pivot: tofu shifted from an AI resume screening tool to a fraud detection platform after discovering that remote hiring has enabled a massive surge in sophisticated identity misrepresentation.
- Near-Universal North Korean Infiltration: Virtually every company hiring for remote technical roles is now a target for North Korean IT workers, with some applicant pipelines reaching 80% fraud rates.
- The Fragmentation Vulnerability: The lack of a "digital passport" and the break in verification when moving a candidate from LinkedIn to an internal ATS creates a massive security gap for fraudsters to exploit.
- Shift in Security Ownership: Candidate fraud is transitioning from a Talent Acquisition burden to a CISO priority as companies realize recruiters lack the budget and expertise to fight organized cybercrime.
- Economic Scalability of Fraud: Fraudsters aren't looking for long-term tenure; they use deepfakes and proxies to "job stack," collecting multiple salaries simultaneously for a few months before being caught.
- The "Confirmation Bias" Trap: Once a candidate reaches the final interview stages, hiring managers and recruiters are psychologically prone to ignore red flags, making them vulnerable to sophisticated identity theft.
2:29 Jason's Background and tofu's Evolution
4:09 Discovering Candidate Fraud Through Direct Investigation
5:04 Market Response and Business Pivot Decision
6:35 Personal Motivation and AI Identity Challenges
8:17 Spectrum of Fraud vs. Embellishment in Hiring
10:25 Prevalence of North Korean IT Worker Infiltration
11:30 Evolution of Fraud Techniques and Identity Theft
13:18 Root Causes: Platform Disconnection and Identity Verification
15:26 Security vs. Talent Acquisition Budget and Responsibility Issues
17:36 LinkedIn Verification Challenges and Behavioral Incentives
19:20 Impact of Thin Digital Footprints on Legitimate Candidates
21:35 False Positive Management and Digital Footprint Requirements
24:16 Interview Process Fraud: Deepfakes and Proxy Detection
26:01 Sophisticated Deepfake Case Study and Technical Evidence
28:17 Economic Incentives and Scaling Strategies for Fraudsters
29:26 Corporate Espionage and Strategic Target Selection
32:15 Recruiter Incentive Conflicts and Trust Erosion
36:13 Critical Case Study: Final Round Interview Fraud Detection
37:28 Government Regulation vs. Private Sector Solutions
39:39 Upcoming Product Launches: ATS Reconnaissance and Continuous Monitoring