Picture this: you’re a foreign minister, and suddenly you get a message from U.S. Secretary of State Marco Rubio. It sounds like him. It even writes like him. He asks to continue the conversation on Signal, sends a voice note in his exact tone, and follows up with an email that looks… well, official enough. Would you second-guess it? In June 2025, that’s exactly what happened. Someone or some group, used AI to impersonate Secretary Rubio and reached out to at least three foreign ministers, a U.S. governor, and even a member of Congress. This wasn’t just a prank. According to a State Department cable obtained by reporters, the impostor used voice cloning, Signal messages, and emails to trick high-value targets into thinking they were talking to one of the most powerful men in American foreign policy. By early July, the scheme had gone public, with outlets like The Washington Post and Reuters confirming the FBI and State Department were investigating.

Now, here’s why this matters: hackers no longer need to “hack” systems, they can hack trust. In this case, the attacker didn’t break into a government database or steal classified files. Instead, they weaponized Rubio’s identity. Imagine how easy it would be for a senior official to assume the message is real. Who questions a direct request from the U.S. Secretary of State? That’s the terrifying genius of this new wave of cybercrime. It doesn’t target firewalls, it targets human confidence.

Think about the timing too. The impersonation started mid-June 2025 and was uncovered before the end of the month, but what if it had gone undetected for weeks? How many backdoor deals, secret leaks, or diplomatic misunderstandings could have unfolded before someone realized it was all fake? And if this can be done to someone like Rubio, with all the security layers around him, what does that mean for everyday leaders, CEOs, or even journalists?

Here’s the kicker: making a “digital Rubio” didn’t take millions of dollars in spy gear. All the attacker needed were recordings, speeches, interviews, social media clips and the right generative AI tools. In other words, this is not just a superpower problem; the barrier to entry is frighteningly low. Anyone with enough motivation could do the same to impersonate your boss, your banker, or even your family member.

So what do we do about it? First, stop trusting only what you see and hear. If a request sounds unusual, even if it “sounds” like the right person, double-check through a verified channel. Second, organizations need to redesign how they confirm sensitive requests. A quick call-back to a known official line could be the difference between safety and disaster. Third, we need better tech and policy. Watermarking AI-generated content, stronger identity verification, and even new laws against malicious deepfakes are going to be part of the solution.

The big lesson here? Cybercrime has entered a new era. It’s not just about stolen passwords or hacked servers it’s about stealing you. The Rubio deepfake incident is a glimpse of what’s coming: a world where the scariest attack isn’t someone breaking into your system, but someone cloning your voice, your face, your style, and using it against you.

Because in 2025, the question isn’t just “Can they hack my data?” It’s “Can they hack me?”