AI-Forged Sick Notes: What HR Needs to Fix Now
An employee in Mumbai allegedly used generative AI to fake a hand injury, submitted the image on WhatsApp, and got a paid day off approved. The photo looked medically convincing. No real accident. Just an edited image.
The incident exposes a real gap: HR workflows that depend on photos, doctor notes, or WhatsApp messages are now easy to manipulate. But the reaction online surfaced a deeper issue-why do routine paid leaves require proof at all?
What Actually Happened
According to the account shared online, the employee took a normal photo of his hand and used Gemini Nano (an on-device AI model) to add a realistic wound. He messaged HR claiming a bike fall and requested leave. The manager approved the request with a note of care.
No injury. Just a convincingly edited image that beat a trust-by-proof policy.
Why This Matters for HR
- Proof-based leave is weak. If your system leans on photos or quick medical notes, AI tools can spoof them.
- Risk expands beyond leave. The same methods could be used for insurance claims or compliance paperwork.
- On-device AI ups the stakes. Employees don't need advanced skills or cloud tools to create plausible evidence.
The Real Tension: Policy vs. Culture
Many professionals weighed in that the bigger problem is a lack of trust. If employees must "prove" they're unwell for a single day off, you've already lost ground. People will route around systems that treat them like suspects.
Trust-based policies reduce the incentive to fabricate. Over-policing raises it.
Immediate Actions HR Can Take
- Shift to self-certification for 1-3 day sick leave. No images. No WhatsApp photos. A simple form in your HRIS is enough.
- Clarify documentation rules for extended medical leave. Use a consistent threshold and a neutral process (not manager discretion alone).
- Move requests into official channels (HRIS/email) rather than messaging apps. Audit trails matter.
- Train managers to approve short leave by default and escalate only when red flags appear (patterns, conflicts, prior misuse).
- Protect privacy. Do not ask for injury photos. They're unreliable and create legal and ethical risk.
Verification, When You Truly Need It
- Use content credentials before forensics. Some AI images include detectable signals like SynthID. See Google's overview: SynthID.
- Ask for alternate proof paths (doctor visit confirmation, pharmacy receipt, or a simple follow-up call) instead of photos.
- Apply a lightweight triage: request context, check metadata if appropriate, and verify consistency. Escalate sparingly.
- Document everything-what you asked for, why, and what you approved-to protect both employee and company.
A Cleaner Flow for Emergency Leave Requests
- Employee submits a short self-certification form in the HRIS.
- Automatic approval for 1-3 days within policy limits.
- Manager notified with guidance for coverage and check-in.
- If request exceeds limits or shows risk signals, trigger a measured verification step (no images).
- Post-absence 5-minute check-in to confirm support needs and adjust workload.
Tech and Training That Actually Help
- Adopt content authenticity standards for internal media where relevant. Learn about content credentials via C2PA.
- Run short AI literacy sessions for HR and managers: what AI can fake, what content credentials are, and when to escalate.
- Keep detection realistic. Tools help, but false positives happen. Pair tech with policy, not paranoia.
Policy Guardrails That Reduce Misuse
- Minimal proof for short absences. Treat adults like adults.
- Clear thresholds for documentation (multi-day leave, repeated patterns, or statutory requirements).
- Consistent handling across teams to avoid perceived bias.
- Privacy-first posture-no medical images; avoid collecting sensitive data you don't need.
Upskill Your Team
If your HR team needs a quick, practical primer on AI, consider structured learning paths focused on workplace use, detection, and policy design. Here's a curated starting point: AI courses by job role.
Bottom Line
AI makes fake visuals cheap and convincing. You won't fix that with stricter photo checks. You will fix it with trust-first leave policies, targeted verification for edge cases, and a team trained to spot what matters-and ignore what doesn't.
Your membership also unlocks:
