Uncovering Haotian AI, a tool helping criminals mimic anyone

How Chinese deepfake tool Haotian AI helps criminals mimic anyone / Collage by Kursiv.media, photo editor: Adelina Mamedova

A sophisticated real-time video deepfake software, currently circulating within Chinese-language criminal underground networks, allows even non-technical fraudsters to impersonate targets during live video calls on platforms such as Zoom, Microsoft Teams, and WhatsApp. The tool, known as Haotian AI, represents a significant escalation in digital fraud, enabling criminals to «shapeshift» into anyone in real time to facilitate romance scams, tax fraud, and virtual kidnappings, 404 Media reported.

The acquisition process

The investigation into Haotian AI required weeks of persistent negotiation with scammers on Telegram. Joseph Cox of 404 Media notes that the initial outreach was conducted using Google Translate to bridge the language barrier with the representatives. For several weeks, the conversations stalled as the sellers vetted the buyer, repeatedly inquiring whether they possessed a sufficiently powerful computer to run the high-performance software.

To move forward, the sellers demanded proof of hardware specifications equivalent to a high-end gaming PC. According to Cox, the required setup included an i7 processor, 16GB of DDR5 RAM, and a powerful Nvidia 4080 SUPER graphics card, which provides the parallel processing power necessary for low-latency video manipulation. Once the hardware was verified through screenshots, the developers initiated a multi-step onboarding process involving a dedicated Telegram group with specialized technicians.

Installation and configuration

The installation of Haotian AI proved to be a highly technical procedure that the developers insisted on performing themselves. Rather than providing a standard installer, the technician used AnyDesk to remotely access the testing computer. During this process, the technician disabled several Windows security features, including the firewall, and created a new hard drive partition to host the software and its specific drivers.

The cost of entry is steep; the software license is priced at $1,998 per year, with an additional $498 fee for every custom «face model» created. Payments were required in Tether (USDT) via the TRON blockchain. Cox highlights that while the software likely utilizes open-source face-swapping libraries like «inswapper,» its primary value lies in this comprehensive technical support, which allows criminals who lack coding skills to deploy the technology effectively.

Software performance and testing

In live demonstrations and subsequent testing, Haotian AI exhibited a remarkable ability to maintain a digital illusion even during movement. Unlike earlier deepfake tools that often glitch when an object passes in front of the face, Haotian AI successfully processed a subject blowing kisses, rubbing their chin, or covering an eye without breaking the facial mask.

However, the software’s performance is heavily dependent on the environment and the physical build of the «actor». During testing, the deepfake appeared digitally stretched when the actor’s face shape differed significantly from the target’s. Cox notes that the illusion was most convincing when the lighting was optimal and the actor’s facial structure closely mirrored his own. While the tool can handle some obstructions, it struggles with spread fingers — a «three-finger test» often used by security experts can still cause the eyes or jawline to warp and distort.

Criminal infrastructure and detection

Haotian AI is deeply integrated into a sprawling ecosystem that services massive scam compounds in Southeast Asia. Cryptocurrency tracing has linked the software’s wallets to over $4 million in inflows since late 2023, with transactions connected to money laundering services and «guarantee» markets that facilitate billions in illegal trades.

The technology also poses a threat to security protocols, such as «Know Your Customer» (KYC) checks, as newer versions of the software claim to bypass selfie-based identity verification. Furthermore, existing detection models have struggled to identify Haotian-generated content; in some research tests, deepfake detection algorithms misclassified nearly 100% of the software’s samples as authentic. While companies like Zoom have announced plans to launch real-time deepfake alerts, the rapid evolution of tools like Haotian AI suggests a growing gap between criminal capabilities and current digital defenses.