TL;DR: Agentic AI breaks the identity verification assumptions behind human-centric fraud controls, while banks are already blocking 300 to 500 deepfake attempts per day and human reviewers perform roughly 8x worse than machine learning models in IDV, according to Incode. The operational gap is no longer theoretical: identity programmes built around people, documents, and review queues now face sessions with no stable human subject to verify.
At a glance
What this is: This is an analysis of deepfake fraud, identity verification tradeoffs, and why agentic AI invalidates human-centred identity assumptions.
Why it matters: It matters because IAM, fraud, and identity teams now need controls that can distinguish humans, synthetic identities, and AI agents without relying on document-centric assumptions that fail at runtime.
By the numbers:
- Banks are blocking 300-500 deepfake attempts per day.
👉 Read Incode's 10 insights on deepfake fraud and identity security
Context
Deepfake fraud is no longer a niche edge case. The practical problem for identity teams is that verification stacks built for humans assume there is a stable person, document, or phone number to bind trust to, but synthetic identities and agentic systems break that assumption at different stages of the journey.
The article's core message is about the widening gap between fraud pressure and institutional readiness across identity verification, customer recovery, and regulatory response. For IAM and fraud practitioners, the question is not whether verification should be stricter, but which control layers still work when the subject is no longer a conventional human identity.
Key questions
Q: How should security teams handle account recovery when synthetic identities are in play?
A: Treat recovery as a privileged re-entry path, not a support convenience. Use layered verification, require stronger evidence than ordinary login, and remove knowledge-based questions or SMS-only recovery where possible. The goal is to make recovery harder to abuse than initial enrolment, because attackers often wait for the weakest step rather than the front door.
Q: Why do deepfake attacks create problems for IAM and fraud teams at the same time?
A: Because the same identity journey is being used to prove legitimacy, grant access, and recover access later. Deepfakes and synthetic identities exploit that shared trust model, so a failure in one step affects both fraud loss and access assurance. Teams need one control strategy that covers both risk outcomes, not separate assumptions for each.
Q: What breaks when identity verification assumes there is always a human behind the session?
A: The model breaks when the subject is an AI agent or a synthetic identity that cannot be verified through conventional human attributes. In that case, document checks, facial matching, and personal knowledge stop being reliable anchors for trust. Governance has to shift toward ownership, scope, and session-level authorisation.
Q: Who is accountable when agentic workflows use identity checks that were built for people?
A: Accountability should sit with the organisation that deploys and authorises the agent, not with the model itself. Security, IAM, and product teams need explicit ownership for scope, logging, and termination conditions. That prevents agentic behaviour from becoming an unowned trust gap inside the identity programme.
Technical breakdown
Why layered deepfake detection is more resilient than single-point verification
Layered verification works because each control checks a different property of the session. Device integrity, session behaviour, document authenticity, biometric liveness, and network signals fail independently, so an attacker has to defeat more than one trust boundary to succeed. That is structurally stronger than relying on a single model or a single document check. For financial services and other high-friction environments, the architectural lesson is that resilience comes from independence between layers, not from pushing more confidence into one control.
Practical implication: design identity journeys so that failure in one layer does not collapse the entire trust decision.
How account recovery becomes the weak point in identity assurance
Most organisations harden onboarding but leave recovery flows easier to exploit, especially when SMS codes and knowledge-based questions remain in use. That creates a re-entry path for synthetic identities that have already been established inside the system. Recovery is often treated as a support process, but it functions as an authentication path with real privilege consequences. If the recovery step is weaker than initial enrolment, attackers will simply wait for that path instead of breaking the front door.
Practical implication: treat recovery as a high-risk authentication path and review it with the same scrutiny as enrolment.
Why agentic AI breaks human verification assumptions
Agentic AI does not present a face, government ID, or durable human presence, so the human-centric verification stack loses its subject. The more precise question becomes who owns the agent, what it is authorised to do, and whether the current session is still within scope. This is not a small adjustment to IDV policy. It is a shift in the identity model from person verification to session and delegation governance, which is where IAM and NHI controls start to overlap.
Practical implication: redefine verification logic for agentic workflows around ownership, scope, and session control rather than human attributes.
Threat narrative
Attacker objective: The attacker wants to monetise fraudulent access while preserving enough legitimacy to bypass verification and recovery controls.
- Entry occurs when attackers use deepfake-enabled impersonation or synthetic identities to pass initial identity checks and reach account or onboarding flows.
- Escalation follows when weak recovery paths, over-trusting review processes, or reused identity evidence let the attacker regain or extend access inside the system.
- Impact lands when fraud proceeds at scale, legitimate customers are blocked, and identity assurance costs rise because the control stack cannot distinguish human from synthetic or agentic activity.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- Meta AI Instagram Account Takeover — 20,225 Instagram accounts hijacked via compromised Meta AI support chatbot with overprivileged access.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Agentic identity is forcing identity verification to move from person-centric trust to scope-centric trust. Traditional IDV assumes the subject can be verified through a face, document, or personal attribute. That assumption fails when the actor is an agent that may operate without a stable human-facing identity at runtime. The implication is that identity teams must rethink what they are certifying: not just who the subject is, but what the session is allowed to do and who is accountable for it.
Deepfake fraud exposes an identity assurance gap, not just a detection gap. The central failure is often not that one model missed one synthetic artefact, but that the overall journey still trusts signals that can be replayed, substituted, or socially engineered. Layered controls help only when they are truly independent and when recovery is not a weaker second door. Practitioners should treat fraud and IAM as one assurance problem, not two disconnected workstreams.
Recovery is the new privilege escalation path in customer identity. Organisations often invest heavily in onboarding and biometric checks while leaving account recovery too close to legacy support flows. That creates a durable escalation path for synthetic identities and compromised sessions. The practical conclusion is that lifecycle governance now matters as much in customer identity as it does in workforce IAM.
Ephemeral trust debt: Identity teams accumulate risk when they approve access decisions faster than they can prove the subject behind them remains valid. This is especially visible in agentic and deepfake scenarios, where the evidence trail can be convincing at one moment and meaningless at the next. The implication is that governance must track trust decay, not just initial trust establishment.
Regulatory lag is now a design constraint for fraud architecture. The article's point about frameworks lagging the threat is operationally important because waiting for regulation leaves the control model behind the attack model. In practice, this means security and compliance teams cannot outsource design decisions to future policy cycles. They need controls that work before the regulator catches up.
From our research:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, including 38% with no or low visibility and 47% with only partial visibility.
- That visibility gap is why practitioners should also review Ultimate Guide to NHIs , Regulatory and Audit Perspectives when identity assurance depends on delegated access.
What this signals
Agentic identity will push fraud teams and IAM teams toward a shared assurance model. The distinction between customer verification and access governance is already getting thinner as agentic workflows, recovery paths, and synthetic identities overlap. Practitioners should expect session scope, ownership, and recovery controls to become part of the same policy stack, especially where human and non-human identities touch the same journey.
Identity assurance debt will show up first in recovery, not onboarding. Organisations often keep investing in enrolment controls while recovery remains the easier path for abuse. That means the next material improvement in programme maturity is likely to come from redesigning recovery journeys, evidence reuse, and escalation rules rather than from adding another front-door check. For broader lifecycle context, the NHI Lifecycle Management Guide is the right reference point when access must be reassessed after initial trust is established.
For practitioners
- Map the recovery flow as an attack path Walk through password reset, MFA reset, help-desk verification, and recovery escalation as if you were the attacker. Remove any step that trusts knowledge-based answers, SMS alone, or reusable identity artefacts.
- Separate verification signals into independent layers Require device, session, document, biometric, and network evidence to fail independently rather than collapsing into a single score. This makes it harder for deepfake fraud to pass by defeating one control.
- Reclassify account recovery as privileged access Apply stronger review, logging, and challenge controls to recovery than to ordinary support requests. The recovery path should be treated as a high-risk authentication event, not a convenience feature.
- Define agent ownership and scope before deployment For agentic workflows, record who owns the agent, what it may do, and when the session must terminate. Use scope checks to prevent the system from treating an agent like a human user with a stable identity.
Key takeaways
- Deepfake fraud is now a live identity governance problem, not just a fraud detection problem, because the same journey governs both trust and access.
- Banking teams are already seeing hundreds of deepfake attempts per day, which means the control question is operational scope, not future readiness.
- Recovery flows and agentic sessions are the two places where conventional identity assumptions fail fastest, so they deserve the strongest governance attention.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-01 | Agentic identity and scope control are central to the article's identity shift. |
| OWASP Non-Human Identity Top 10 | NHI-03 | The article highlights verification and recovery weaknesses common to non-human identity flows. |
| NIST AI RMF | MANAGE | Agentic sessions require ongoing risk management and oversight when identity assumptions break. |
| NIST CSF 2.0 | PR.AA-1 | Identity proofing and authentication are directly implicated by deepfake and recovery abuse. |
| NIST Zero Trust (SP 800-207) | Zero trust is relevant because session trust must be continuously re-evaluated. |
Track agentic identity risk continuously and tie governance to runtime session behaviour.
Key terms
- Deepfake Fraud: Fraud that uses synthetic media or impersonation to convince an identity system that an attacker is a legitimate user. In practice, it combines social engineering with manipulated signals such as voice, image, or video to defeat checks that were designed for real people.
- Account Recovery: The process used to restore access when a user cannot authenticate normally. In identity security, recovery is often a higher-risk path than login because it can bypass strong controls if it relies on weaker evidence such as SMS, knowledge questions, or support escalation.
- Agentic Identity: An identity model for software that can act independently at runtime, select actions, and use tools within a bounded mission. Unlike a human identity, it may not have a face, document, or persistent personal attribute to verify, so governance shifts toward ownership, scope, and session control.
- Identity Assurance: The confidence an organisation has that the subject behind a session is genuine and authorised for the requested action. It is stronger than simple authentication because it combines proofing, verification, and ongoing trust checks across the identity journey.
What's in the full article
Incode's full article covers the operational detail this post intentionally leaves for the source:
- The Money 20/20 Europe session context and the operator perspectives behind each of the ten insights.
- The fraud-versus-conversion tradeoff discussion, including how teams should think about blocked users and drop-off.
- The practical breakdown of layered deepfake defence across device, biometric, document, and network signals.
- The article's view on how agentic AI changes verification assumptions for financial services and regulated identity flows.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing identity security capability, it is worth exploring.
Published by the NHIMG editorial team on 2026-06-10.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org