Research report · March 2026
AI Cheating in Hiring Assessments: The 2026 Statistics Report
A comprehensive, annually updated dataset covering AI-assisted cheating rates, fraud trends, tool ecosystems, regional breakdowns, behavioral detection signals, and the financial cost to employers — compiled from primary research and leading industry sources.
Last updated March 2026 · Data through January 2026 · Next revision: Q3 2026
Executive summary
The five sentences that summarize 2026.
Assessment fraud has crossed from edge case to structural crisis. In the year ending December 2025, AI-assisted cheating rates more than doubled. By early 2026, Talview's AI Threat Index reported that 88% of online exams and assessments now face active AI cheating risk. The tools enabling this behavior are no longer experimental — they are a mature SaaS ecosystem with monthly subscribers, community forums, and open-source forks that anyone can compile and deploy with a custom process name, invisible to existing detection systems.
This report compiles verified data from the platforms, researchers, and surveys closest to the problem. Every statistic is attributed to its primary source. Where figures conflict across sources, we note the discrepancy and report the most conservative figure.
The core finding: one in three candidates on monitored assessments attempted some form of fraud in 2025. Among entry-level technical roles, the rate approaches one in two. Detection-only approaches are failing because the tools now operate below the visibility threshold of every current sensor. A renamed binary calling the OpenAI API looks identical to a legitimately-named one; both send the same HTTPS request to api.openai.com. Process names are irrelevant when the DNS query itself never resolves.
Key findings at a glance
Twelve numbers that define the 2026 assessment-integrity landscape.
Each figure is attributed to its original publisher. Where primary sources disagree we report the most conservative figure. Where estimates are derived rather than directly measured, we label them clearly.
§1/Fraud rates
Assessment fraud rates: the 2025–2026 picture
Three independent datasets published between February and March 2026 now tell a consistent story. Each captures a different slice of the assessment funnel — structured coding platforms, AI-conducted interviews, and the broader online exam market — but converge on the same conclusion: cheating has become the default assumption, not the exception.
Year-on-year trajectory
| Period | Fraud attempt rate | Source | Notes |
|---|---|---|---|
| 2024 (full year) | 16% (proctored) | CodeSignal | Baseline year |
| H1 2025 | ~15–20% | Fabric trajectory | Early-stage adoption |
| H2 2025 | 35% (Dec 2025) | Fabric / CodeSignal | 3x jump — invisible overlay tools went mainstream |
| Full year 2025 | 35% proctored, 40% entry-level | CodeSignal | Doubles from 2024 |
| Early 2026 (all assessments) | 88% face AI cheating risk | Talview | Includes passive risk — not all are active fraud attempts |
Fraud rates by role and seniority
| Segment | Fraud / cheating rate | Source |
|---|---|---|
| Technical / engineering roles | 48% | Fabric, 2025–2026 |
| Sales / non-technical roles | 12% | Fabric, 2025–2026 |
| Entry-level (0–5 years experience) | 40% on proctored; higher unproctored | CodeSignal, 2025 |
| Junior vs. senior | ~2x junior rate over senior | Fabric, 2025–2026 |
| Campus / new grad hiring | 40% — highest risk segment | CodeSignal, 2025 |
| Take-home / unproctored assessments | Estimated 60–80% (see §5) | Derived from 4x score-gap data |
§2/Candidate attitudes
The psychology of the problem
This figure is the most important single data point in the assessment integrity space. It reveals that the primary inhibitor to cheating is not ethics — it is perceived risk. When that risk drops to near-zero (as modern overlay tools claim), adoption becomes near-universal.
Only 14% of candidates openly admit to having already used generative AI in an assessment context — a gap that researchers call the "dark figure." Based on academic survey methodology, self-reported rates undercount actual behavior by 2.5x to 3x. Applied to the 14% admission rate, the estimated true current usage rate is 35–42% — consistent with CodeSignal's measured detection rate of 35%.
Why candidates cheat: reported motivations
| Motivation | Evidence |
|---|---|
| Competitive pressure / FOMO | 3x cheating surge in H2 2025 coincided with viral social media showing AI-assisted job offers (Fabric) |
| Low perceived detection risk | 83% would cheat if undetected — risk calculus is the primary inhibitor (TestPartnership) |
| Tool accessibility and economics | $20–50/month subscription vs. $150k+ salary — the ROI is overwhelming (Fabric) |
| Normalization of AI in daily work | 80% of Gen Z use AI daily; the line between tool use and cheating feels arbitrary (CodeSignal) |
| Prisoner's dilemma effect | Genuine candidates feel forced to cheat because they assume competition already is (Fabric) |
| Perception that tests are arbitrary | Candidates feel LeetCode-style assessments don't reflect real job work (CNBC, 2025) |
§3/Behavioral signals
What AI-assisted cheating looks like in the data
The key insight from 2025–2026 data is that AI-assisted cheating does not produce the behavioral fingerprints of traditional cheating. There is no visible tab-switch, no obvious paste event, no physical note-taking. The signals are subtler and require multi-dimensional analysis to surface reliably.
CodeSignal: behavioral signals from flagged sessions (2025)
CodeSignal's detection system identified three primary behavioral signatures across all flagged assessment sessions in 2025.
| Behavioral signal | % of flagged sessions | What it indicates | Detection difficulty |
|---|---|---|---|
| Frequent off-screen referencing | 35% | Candidate attention not on the screen — secondary device, phone below webcam, or physical notes | Medium — visible via gaze tracking but requires calibration |
| Unusually linear typing patterns | 23% | Complex code produced with minimal pauses, zero debugging, or error-correction — the pattern of someone reading and transcribing, not problem-solving | High — requires keystroke dynamics baseline to distinguish from fast typists |
| Elevated similarity to known content | 15% | Code matches known AI-generated outputs, GitHub solutions, or flagged submissions from the same period | Medium — but rapidly degrading as AI generates novel code variants each query |
Fabric: behavioral signals from 19,368 live interviews (2025–2026)
Fabric's multi-signal analysis of nearly 20,000 AI-conducted interviews identified the following patterns as most predictive of cheating behavior.
- Gaze deviation patterns: Eyes consistently moving to a fixed off-center position (the overlay location) rather than toward the webcam or screen center — the "reading" eye pattern vs. the "thinking" eye pattern.
- Response timing anomalies: Answer latency 1–2 seconds after question close, regardless of question complexity. Human cognition produces variable latency; AI pipelines produce consistent latency. When a candidate answers a complex system design question in 1.8 seconds, the same time it takes to answer "what is your name," that is a detection signal.
- Rubric-perfect answers: AI models are trained on the exact textbooks and documentation hiring managers use to write scoring rubrics. AI-assisted answers are structured to score maximally — STAR format for behavioral questions, O(n log n) complexity analysis for algorithmic questions, CAP theorem citations for distributed systems.
- Artificial confidence smoothing: Removing the AI overlay from a cheating candidate during testing (via adaptive follow-up questions) immediately exposes stuttering, inability to elaborate, and inability to answer paraphrased versions of the same question.
- Language register inconsistency: Written or spoken vocabulary significantly exceeding the level demonstrated in unstructured conversation. The candidate who types perfect code but says "um, so I was like…" when asked to explain it verbally.
- No incremental problem decomposition: Human coders break problems down, test assumptions, hit dead ends, and backtrack. AI-generated solutions appear fully formed.
§4/Threat landscape
The AI cheating toolkit: a complete map
By 2026, AI cheating tools are a mature consumer software market. They have pricing tiers, customer support, feature roadmaps, community forums, and — critically — open-source forks that any developer can compile, customize, and deploy with a completely different process name and binary signature. This last point is the existential threat to detection-first approaches.
Category 1: real-time invisible screen overlays
The primary innovation of 2025 was the mainstream adoption of invisible overlay tools. These use low-level graphics hooks to render content that exists only on the candidate's local display. When a candidate shares their screen via Zoom, Teams, or Google Meet, the video encoding captures the desktop beneath the overlay — the interviewer sees only the code editor or assessment window.
| Tool | Price | Key claim | Known limitations | Stopped by network-layer enforcement? |
|---|---|---|---|---|
| Cluely | $20/month | Invisible overlay + audio pipeline | Data breach May 2025 exposing 83,000 users' transcripts | Yes — all LLM API calls blocked at kernel layer |
| Interview Coder | $100 lifetime | 100,000+ users; zero documented detections on proper use; invisible in Activity Monitor and dock | Cannot adapt to follow-up questions mid-solution | Yes — requires internet access to generate solutions |
| Parakeet AI | $20–40/month | Real-time audio → structured answers via GPT-4/Claude; 50+ languages | Credit system glitches can expose overlay to IDE | Yes — transcription + LLM calls both blocked |
| Ultracode AI | $899 lifetime | Handles verbal, system design, and coding; 'invisible even on full screen share' | Visible in Windows taskbar; no click-through overlay | Yes — LLM backend requires internet |
| LockedIn AI | $55–70/month | Cloud-based assistant | Every session transcript passes through vendor servers | Yes — cloud dependency is the point of failure |
| Final Round AI | $149/month | Audio earpiece + overlay | Taskbar icon visible to some proctoring software | Yes — transcription and answer generation require internet |
| Open-source forks (OpenCluely, Pluely, Natively) | Free | Custom process name — defeats all signature detection | Requires developer skills to compile; trivial for technical candidates | Yes — regardless of process name, LLM calls require internet |
Category 2: open-source versions — the undetectable frontier
The most significant development in the threat landscape is not any commercial tool — it is the proliferation of open-source clones that can be compiled with arbitrary process names and signatures. These tools are explicitly designed to be undetectable not just today, but persistently.
| Tool | Platform | Key capability | Why it defeats process-name detection |
|---|---|---|---|
| OpenCluely | GitHub (open source) | Invisible overlay for DSA/coding; multi-language; local AI via Gemini | Fully customizable — compile with any process name or binary signature |
| Pluely | GitHub (open source, Tauri/Rust) | 10MB; 50% less RAM than Cluely; invisible in Zoom/Teams/Meet; multi-LLM (GPT, Claude, Gemini, Grok) | Source code available — any developer can rename and recompile in under 1 hour |
| Natively | GitHub (open source) | Local RAG; BYOK; zero server storage; disguises process as Terminal/Activity Monitor/System Settings | Explicitly designed to disguise process name as system utilities — documented feature |
| MindWhisperAI | GitHub (open source) | GPT-5/Claude 4/Gemini 2.0; stealth mode; handles coding, system design, behavioral | MIT license — free for any use; no telemetry; fully forkable |
| DIY Python overlay | Any developer, ~2 hours | Tesseract OCR + Whisper STT + Gemini API = functional Cluely equivalent | No signature exists for a custom-built tool |
— TechCrunch, April 2025 / ARES architecture documentation
Category 3: tools by interview type — now spanning all rounds
Early AI cheating tools focused exclusively on LeetCode-style coding questions. By 2026, the ecosystem has expanded to cover every round of the modern hiring funnel, including rounds specifically designed to be AI-resistant.
| Interview round | AI assistance available | How it works |
|---|---|---|
| Technical coding (DSA/LeetCode) | All tools | OCR captures problem; LLM generates solution with time/space complexity analysis; overlay displays it |
| System design | Ultracode, Parakeet, ShadeCoder, all open-source tools | Audio pipeline transcribes prompt; LLM generates architecture with CAP theorem tradeoffs, scaling considerations, component diagrams |
| Behavioral / STAR | Cluely, Final Round AI, Parakeet, Linkjob AI | Audio captures question; LLM generates STAR-format response with specific metrics in ~1 second |
| PM case studies / product sense | Parakeet, Ultracode, open-source tools | Screen capture + audio; LLM generates frameworks (Jobs-to-be-Done, CIRCLES), metrics, prioritization rationale |
| Structured problem-solving (senior/consulting) | All audio-capable tools | Audio captures problem framing; LLM generates hypothesis tree, clarification questions, structured synthesis |
| Take-home projects / code assignments | ChatGPT, Claude, Copilot directly | No overlay needed — unlimited time, no monitoring |
§5/The unproctored gap
Estimating true fraud rates in unmonitored assessments
The statistics cited throughout this report primarily reflect proctored or AI-monitored environments. The majority of technical assessments globally are conducted without dedicated proctoring — take-home assignments, asynchronous coding challenges, and automated screening tests that rely on time limits and the honor system.
CodeSignal's data provides the clearest signal: unproctored assessments showed score increases more than 4x larger than proctored ones when comparing matched cohorts. This is not explained by selection effects — it is the direct signature of unrestricted AI use. Applying the Fabric trajectory (15% → 35% in 6 months in monitored environments) to the unproctored context produces an estimated true fraud rate of 60–80% for asynchronous, unmonitored technical assessments.
Unproctored fraud rate estimates by assessment type
| Assessment type | Estimated fraud rate | Basis |
|---|---|---|
| Live proctored coding assessment | 35–40% | CodeSignal measured rate (2025) |
| Live AI-conducted interview | 38.5% | Fabric measured rate (2025–2026) |
| Live human-conducted interview (unmonitored) | 48%+ for technical roles | Fabric measured rate, no behavioral detection |
| Asynchronous take-home coding challenge | 60–80% (estimated) | 4x score gap (CodeSignal) + Fabric trajectory |
| Automated screening quiz (MCQ, no time pressure) | 70–85% (estimated) | AI tools solve most MCQ assessments in seconds |
§6/Regional breakdown
Why the APAC number is a North American problem
The geographic data in this space is frequently misread. The 48% fraud attempt rate in Asia-Pacific is often treated as a regional concern — a matter for APAC hiring managers. That reading misses the mechanism entirely.
The overwhelming majority of AI cheating in APAC is targeted at North American employers. US tech companies offer the highest compensation packages in the world — $120,000–$200,000+ base salaries for entry- and mid-level engineering roles. These packages represent a 10x–30x earnings multiple compared to domestic tech salaries in India, the Philippines, Indonesia, and other major candidate-sending countries. Remote-first hiring has created a globally accessible pathway to these packages.
| Region | Fraud attempt rate | Primary target employer | Economic driver |
|---|---|---|---|
| Asia-Pacific | 48% | US / North American tech companies | 10x–30x salary differential vs. domestic tech roles |
| North America | 27% | US employers (domestic competition) | Competitive job market |
| Global average (proctored) | 35% | All major employers | Across all CodeSignal monitored assessments, 2025 |
§7/Detection tools
Detection tools and their fundamental limitations
The emergence of process-name detection tools (Honrly, Truely, Proctaroo) in 2025 was a direct response to Cluely's viral moment. These tools serve an important market need and do catch unsophisticated users. But they operate on an architecturally flawed premise.
Detection tool comparison
| Tool / approach | What it detects | What it misses | Fundamental limitation |
|---|---|---|---|
| Honrly | Known tool signatures via process list scanning (Cluely, Interview Coder, ChatGPT native app) | Any tool with a renamed/recompiled binary; second-device pipelines; earpiece delivery | Signature-based — defeated by any developer with GitHub access and 1 hour |
| Truely (Validia) | Cluely process signatures — triggers alarm on detection | Same as Honrly; signatures-only | Cluely CEO publicly called it 'pointless' (TechCrunch, 2025); open-source clones bypass trivially |
| Proctaroo | Running applications and hidden background processes | Custom-compiled open-source tools; second-device setups | Process name scanning — same fundamental limitation |
| Honorlock | Application blocking; phone detection via webcam AI | Second device outside camera view; earpiece | Most robust detection approach — blocks rather than detects; still misses second-device and audio pipelines |
| Talview (7-layer framework) | App blocking + behavioral analytics + audio analysis + identity verification + cross-session intelligence | Highly sophisticated second-device setups with behavioral mimicry | Closest to comprehensive — behavioral layer adds signal beyond process names |
| ARES (network-layer prevention) | Entire outbound network stack: WireGuard VPN; nftables 4-layer firewall; DNS filtering with AI domain classifier; SNI/JA3 packet inspection; OS-level overlay detection (6 independent vectors) | Candidates on fully offline exam content; second devices physically present; hardware cheating (smart glasses, earpieces) | Prevention rather than detection — closes the network path to AI tools rather than analyzing post-hoc evidence |
How network-layer enforcement differs architecturally
The ARES row above deserves elaboration because "WireGuard VPN + firewall" undersells the depth. ARES enforces integrity across four independent, orthogonal layers.
| Layer | Mechanism | What it stops |
|---|---|---|
| A — Kernel firewall | nftables on the ARES server: QUIC blocked; P2P between candidates blocked; DNS restricted to ARES resolver; new TLS connections queued for packet inspection | QUIC-based AI clients; DNS hijacking; any traffic not going through the exam server |
| B — Client-side integrity | Windows Firewall / macOS pf rules checked and auto-remediated every 15 seconds; FIREWALL_TAMPER triggers immediate REVIEW | Attempts to disable local firewall rules after ARES agent installs them |
| C — DNS filtering + IP allowlist | Every DNS query through the ARES DNS server; unknown domains classified by Gemini AI in real time; only exam-whitelisted IPs can receive TCP connections | Direct-IP connections bypassing DNS; AI API calls via hardcoded IPs |
| D — SNI/JA3 deep packet inspection | Python sidecar reads TLS ClientHello; SNI checked against whitelist; JA3 fingerprint matched against 9 known RAT profiles (Cobalt Strike, AsyncRAT, Quasar, DCRat, etc.) | TLS connections to non-whitelisted domains; remote access tool C2 channels even if domain resolves |
§8/Financial cost
What each bad hire actually costs
The financial consequence of AI-assisted cheating is not a failed test — it is a bad hire. Each bad hire propagates cost across six vectors: direct recruitment, salary paid, onboarding, productivity loss, replacement recruitment, and legal/HR overhead. The total varies substantially by seniority level.
Cost by seniority: junior engineering roles
| Cost component | Estimate | Notes |
|---|---|---|
| Direct recruitment (ads, recruiter time, agency fees) | $5,000–$15,000 | Lower for junior roles; agency fees ~15–20% of salary |
| Salary + benefits during tenure | $20,000–$50,000 | 3–6 months before performance issue recognized |
| Onboarding and training | $5,000–$15,000 | Senior engineer time, tooling, ramp-up investment |
| Productivity loss (team coverage) | $10,000–$30,000 | 50–100% of salary equivalent for underperformance period |
| Replacement recruitment | $5,000–$15,000 | Full cycle must be repeated |
| HR / legal management | $2,000–$10,000 | PIP documentation, potential litigation |
| TOTAL — junior engineering role | $42,000–$125,000 | US DoL floor: 30% of $80k = $24,000 minimum |
Cost by seniority: senior and VP-level roles
The cost curve is non-linear for senior hires. A VP-level bad hire carries a multiplier of 2x–5x their annual salary according to executive search research, reflecting broader organizational impact.
| Cost component | Estimate | Notes |
|---|---|---|
| Direct recruitment (retained search) | $30,000–$80,000 | Retained search fees: 30–35% of base salary for $200k+ roles |
| Salary + benefits during tenure | $100,000–$300,000 | 6–12 months before board-level visibility |
| Strategic damage / missed opportunities | $100,000–$500,000+ | Projects stalled; A-players hire B/C-players downstream; team attrition |
| Team morale and retention | $50,000–$200,000+ | High performers leave; replacement cost for each A-player = 0.5–2x salary |
| Legal / severance | $20,000–$100,000 | Executive contracts frequently include severance provisions |
| TOTAL — VP/Director-level role | $200,000–$750,000+ | Millman Search: 2–5x annual salary |
Portfolio exposure: what this means at scale
| Company profile | Annual tech hires | Expected fraud (35%) | Passing undetected (61%) | Estimated annual bad-hire exposure |
|---|---|---|---|---|
| 50-person startup | 10 | 3.5 attempts | ~2 passing | $84k–$250k (2 junior bad hires) |
| Mid-market | 100 | 35 attempts | ~21 passing | $882k–$2.6M |
| Enterprise | 500 | 175 attempts | ~107 passing | $4.5M–$13M+ |
§9/Industry response
How the industry is responding
Major tech employers
- Google: CEO Sundar Pichai addressed AI cheating at an internal town hall. The company is considering reintroducing mandatory in-person interviews for certain roles. (CNBC, March 2025)
- Amazon: Candidates required to sign attestation acknowledging unauthorized tool policies before assessments. (CNBC, 2025)
- 59% of hiring managers now suspect candidates of using AI to misrepresent their abilities during live assessments. (Fabric, 2026)
- FBI warnings: Formal alerts issued about state-sponsored actors using deepfakes and AI-assisted job applications to infiltrate corporate networks and steal intellectual property.
Assessment platforms
| Platform | Response |
|---|---|
| Codility | Launched similarity detection comparing submissions against historical and AI-generated solutions. Also integrated AI Copilot tools to assess legitimate AI collaboration skills. (Codility blog, Jan 2026) |
| HackerRank | Reports 93% accuracy using multi-signal behavioral analysis combining ML with keystroke dynamics. (HackerRank, 2025) |
| CodeSignal | Proprietary Suspicion Score — 10 years of refinement across millions of assessments — covering plagiarism, proxy test-taking, unauthorized AI use, and identity fraud. |
| Talview | 7-layer trust infrastructure: identity verification, secure browser controls, behavioral biometrics, session monitoring, content analysis, cross-session intelligence, human oversight. AI Threat Index 2026 published. |
Prevention-layer infrastructure: a new category
Separate from detection tools, a distinct architectural category is emerging: assessment environments that enforce network isolation rather than trying to detect AI use after it occurs. Rather than asking whether a candidate used AI — a question with inherently imperfect answers — these systems enforce that the candidate's machine cannot reach external AI APIs during the session.
Aiseptor ARES routes all candidate traffic through a per-session WireGuard VPN tunnel enforced at the OS level via a native agent installed before the assessment. Egress is controlled by nftables firewall rules server-side. DNS is filtered to a per-exam whitelist with AI-powered real-time domain classification. TLS connections are inspected via SNI deep packet inspection and JA3 fingerprinting. The candidate's machine cannot reach ChatGPT, Claude, Gemini, or any AI API — not because these are detected, but because all outbound traffic is filtered at the kernel layer.
Regulatory developments
- California (October 2025): Fair Employment & Housing regulations banned AI-based facial expression assessments in hiring.
- EU AI Act: Classifies certain AI applications in employment as high-risk, requiring disclosure and specific controls.
- Gartner projection: By 2028, one in four candidate profiles will be entirely fabricated.
- Experian 2026 Fraud Forecast: Lists deepfake job candidates as one of the top five fraud threats for 2026; 60% of companies reported increased fraud losses from 2024 to 2025.
§10/Forward projections
What 2026 and beyond look like
| Projection | Basis | Timeframe |
|---|---|---|
| Cheating becomes the statistical norm in technical hiring (>50% attempt rate) | Fabric trajectory: 15% → 35% in 6 months; doubling period shortening | Late 2026 |
| Open-source tool proliferation makes signature-based detection obsolete | 20+ GitHub repos as of March 2026; trivial to customize process name | Already underway |
| 1 in 4 candidate profiles entirely fabricated | Gartner projection; deepfake video + synthetic voice convergence | 2028 |
| Behavioral multi-signal detection adopted but recognized as insufficient | Process-name detection bypassed by open-source forks; behavioral signals have documented bypasses | 2026 |
| Network-layer prevention emerges as the architecture that closes the loop | No detection approach survives a determined bypass | 2026–2027 |
| Identity verification becomes standard step in hiring funnel | FBI warnings + Experian 2026 Fraud Forecast + deepfake prevalence | 2026 |
| Hardware cheating tools (smart glasses, earpieces) go mainstream | Cluely CEO publicly stated intent to build hardware bypass products | 2026–2027 |
| Regulatory mandates for AI disclosure in hiring expand to 10+ US states | California precedent + all 50 states considered AI legislation | 2026–2027 |
§11/The bypass map
Why every detection approach has a bypass — and what does not
This section synthesizes the threat landscape documented in Sections 3 through 7 into a single honest conclusion: every approach designed to detect AI misuse after the fact has a documented, working bypass available to any motivated candidate in 2026. This is not a matter of current tools being poorly implemented. It is a structural property of the detection-after-the-fact paradigm.
The bypass map: what each detection method misses
| Detection method | How it is bypassed | Verdict |
|---|---|---|
| Process-name signature scanning (Honrly, Truely, Proctaroo) | Compile any open-source fork (OpenCluely, Pluely, Natively) with a custom binary name. Under one hour with basic developer skills. | Defeated — architecturally irrelevant against technical candidates |
| Browser lockdown / secure browser | Overlay tools are native OS applications, not browser extensions. Browser restrictions have no authority over OS-level processes. | Not applicable — wrong abstraction layer |
| Keystroke dynamics analysis | Read AI output from overlay, type manually. arXiv 2601.17280 (2026) confirmed manual transcription produces keystroke patterns statistically indistinguishable from genuine composition. | Defeated — motor signals confirm a human typed; not that a human composed |
| LLM output fingerprinting / perplexity scoring | Run AI output through a humanizer pipeline. LeetcodeWizard ships a humanizer by default targeting perplexity normalization. | Partially defeated — arms race currently favors evasion |
| Response timing analysis | Introduce deliberate pauses manually. Works against automated pattern-matching. | Defeated at scale — works against automated systems only |
| Gaze / eye tracking | Position overlay directly below webcam. Reading gaze appears to be eye contact with camera. | Defeated by tool positioning |
| Adaptive follow-up questioning | (a) Candidate studies their AI-generated answer before follow-up. (b) Audio pipeline continues assisting during verbal follow-up. (c) Senior candidates have general domain knowledge. | Partially effective — best current human-judgment method, incomplete coverage |
ARES: remove the network path, not detect its use
| Threat vector | ARES response | Why no bypass exists |
|---|---|---|
| Candidate queries any AI API (ChatGPT, Claude, Gemini, Copilot) | DNS filtering on the ARES server returns NXDOMAIN for AI service domains. Gemini AI classifier categorizes unknown domains in real time. | DNS is filtered server-side. Client-side DNS changes blocked by nftables. DNS-over-HTTPS disabled at the registry level. |
| Overlay tool with renamed binary (defeats signature detection) | Overlay calls its LLM backend over HTTPS. WireGuard routes that traffic through the ARES server. SNI DPI reads the TLS ClientHello — target domain visible before encryption. | Process name is irrelevant. ARES inspects network traffic, not process lists. |
| Candidate routes traffic through a second VPN or proxy | All network adapters except the ARES WireGuard tunnel are disabled at join time by the agent. | NetworkEnforcer disables all NICs except the VPN adapter. |
| Candidate uses direct IP connection to bypass DNS | Layer C (IP conntrack allowlist) is built from DNS-resolved addresses of whitelisted domains. Direct TCP connections to IPs not in this set trigger IP_BLOCK_EVASION. | IP allowlist built server-side from DNS resolution results. |
| Audio pipeline — AI answers via earpiece from enrolled machine | Transcription service and LLM backend both require internet. | Both calls blocked before completing. |
| Separate physical device (phone on cellular) | ARES does not control unenrolled hardware. A second physical device with its own cellular connection can access AI tools. | The honest gap. OverlayScanner and DisplayGuard provide partial coverage; behavioral signals (gaze, timing) add signal. |
§12/Methodology
Data sources and methodology
This report compiles data from primary sources only. All statistics are attributed to their original publisher. Where we note a figure, the source is named.
| Source | Data type | Date |
|---|---|---|
| CodeSignal | Platform data — millions of proctored assessments | Feb 25, 2026 |
| Fabric | Interview analysis — 19,368 AI-conducted interviews | Jan 2026 |
| Talview | AI Threat Index Report 2026 | March 2026 |
| TestPartnership | Candidate survey | 2025 |
| HackerRank | Platform data + industry survey compilation | Nov 2025 |
| ResumeTemplates | Candidate self-report survey | 2025 |
| SHRM | Bad hire cost research | Ongoing |
| US Dept. of Labor | Bad hire cost benchmark (30% of first-year salary) | Ongoing |
| Millman Search | Executive bad hire cost (2–5x annual salary for VP) | July 2025 |
| Toggl Hire 2025 Report | HR professional survey — bad hire costs | 2025 |
| Tesseon | Total bad hire cost estimate ($240,000+) | May 2025 |
| CNBC | Google / Amazon AI cheating reporting | March 2025 |
| TechCrunch | Honrly / Truely / Cluely detection arms race reporting | April 2025 |
| FBI warnings | State-sponsored actor hiring fraud alerts | 2025 |
| Experian 2026 Fraud Forecast | Deepfake job candidates as top fraud threat | Jan 2026 |
| Gartner | 1-in-4 fabricated profiles projection by 2028 | 2025 |
| GitHub (OpenCluely, Pluely, Natively, et al.) | Open-source tool documentation and capabilities | 2025–2026 |
| AllAboutAI | False positive rates by demographic | 2026 |
| arXiv 2601.17280 | Keystroke dynamics cannot confirm content provenance | Jan 2026 |
| LeetcodeWizard | Humanizer tool documentation (vendor marketing) | 2025–2026 |
Confidence levels
| Confidence | Applies to | Source class |
|---|---|---|
| High | Proctored fraud rates (35%, 40%, 48%, 38.5%, 88%) | Platform-measured, millions of sessions or 19,368 interviews |
| High | Bad hire cost ranges | SHRM, US DoL, Millman Search — consistent across 3+ primary sources |
| Medium | Candidate attitude data (83%) | Single large survey; validated by CodeSignal's measured-vs-admitted gap |
| Derived estimate | Unproctored fraud rate (60–80%) | CodeSignal 4x score gap + Fabric trajectory extrapolation |
| Projection | Forward-looking items in §10 | Sourced from Gartner, Experian, Fabric trajectory — noted as projections |
How to cite
How to cite this report
Use either format below. Both include the canonical URL, which is used for schema.org Dataset and Article metadata.
BibTeX
@techreport{aiseptor2026cheating,
author = {Aggarwal, Akshay and Bhanushali, Divya},
title = {AI Cheating in Hiring Assessments:
The 2026 Statistics Report},
institution = {Aiseptor},
year = {2026},
month = {March},
url = {https://aiseptor.com/research/
ai-cheating-statistics-2026}
}APA 7th
Endorsement
About the authors
Founder & CEO, Aiseptor
Akshay Aggarwal
10 years in offensive cybersecurity and bug bounty research; $300,000+ in awarded bounties from major platforms. Authored the ARES network-layer enforcement architecture. Leads primary research on kernel-level assessment security. Cornell University.
AI Safety & Red Team Researcher
Divya Bhanushali
Specialist in AI red-teaming and adversarial evaluation. Reverse-engineered the invisible-overlay architectures used by leading cheating tools and documented their network-dependency chain. Leads Aiseptor's threat-intelligence dataset.
Related research
Continue reading
Quarterly
Threat Index — Q2 2026
Quarterly tracking of invisible overlays, remote-access tools, proxy services, and the defenses that attempt to stop them.
Read →Research hub
All research
Primary-source research on AI-assisted cheating, assessment fraud, and network-layer prevention architectures.
Read →Reference
Glossary
Definitions of the tools, techniques, and architectural terms used throughout our research reports.
Read →From detection to prevention
See Aiseptor block these tools live.
Every tool named in this report — Cluely, Interview Coder, Parakeet AI, Ultracode AI, LockedIn AI, Final Round AI, every open-source fork — requires an internet connection to an LLM API. Aiseptor closes that path at the OS and kernel level. Book a 30-minute demo and watch us block them in real time on a candidate device.