By NHI Mgmt Group Editorial TeamDomain: Governance & RiskSource: IDlayrPublished October 14, 2025

TL;DR: AI has reduced the cost of phishing, voice cloning, deepfake documents, and relay attacks to near zero, making knowledge-based authentication increasingly unreliable for banks, payment providers, and enterprise identity programmes, according to IDlayr. The practical shift is toward possession-based controls that remove human judgment from the fraud path and anchor trust in a device or SIM the attacker cannot replicate.


At a glance

What this is: This is an analysis of how AI is collapsing traditional fraud and authentication models, with possession-based verification positioned as the resilient alternative.

Why it matters: It matters because IAM, fraud, and identity teams now have to design for attacks that scale faster than human verification can respond, especially where mobile, customer identity, and agent-assisted transactions intersect.

By the numbers:

👉 Read IDlayr's analysis of AI fraud, possession factors, and mobile identity


Context

AI fraud has shifted authentication risk from stolen secrets to synthetic trust. Passwords, PINs, SMS OTPs, voice checks, and document review all assume a human can reliably tell real from fake at the moment of challenge, but AI now produces convincing forgeries at scale and at low cost.

For identity teams, the core problem is not only fraud volume. It is that traditional controls were built around knowledge factors and human-mediated decisions, while mobile devices and agent-driven workflows are becoming the front door for accounts, payments, and recovery flows.

That combination makes possession-based authentication and device-bound trust chains relevant to both customer identity and broader IAM design. The article’s starting position is typical of current market pressure: many organisations are discovering that legacy assurance methods are no longer enough once AI can imitate the user path end to end.


Key questions

Q: How should security teams replace SMS OTP in AI-heavy fraud environments?

A: Teams should remove SMS OTP from high-risk journeys where phishing relay and voice cloning can intercept or coerce the code. Replace it with possession-based verification tied to a device or SIM, then reserve human-mediated fallback only for tightly governed exceptions. The goal is to make the trust check silent, bound to a physical factor, and unusable by a remote attacker.

Q: Why do AI attacks break knowledge-based authentication so quickly?

A: AI reduces the cost of generating convincing lures, cloned voices, fake documents, and real-time relay attacks to near zero. That collapses the reliability of secrets and human judgment at the same time. Once a factor can be stolen, inferred, or replayed without physical custody, it stops being strong proof of identity in a fraud workflow.

Q: What should identity teams do when mobile becomes the primary trust surface?

A: They should treat mobile as part of the identity control plane, not just a user endpoint. That means binding enrollment, authentication, recovery, and transaction approval to a verified device or network signal, with clear policy for step-up and revocation. The programme has to govern the device as the trust anchor, not only the account.

Q: Who is accountable when an AI agent completes a fraudulent transaction?

A: Accountability should sit with the programme that authorised the delegation chain, not with the agent alone. Teams need explicit rules for which transactions the human approved, which the device verified, and which the policy allowed the agent to execute. If those boundaries are unclear, the organisation cannot prove who authorised the action or why.


Technical breakdown

Why AI breaks knowledge-based authentication

Knowledge-based authentication depends on information a person can remember or retrieve, such as passwords, OTPs, answers to questions, or verbally confirmed identity details. Those factors fail when an attacker can generate believable lures, intercept one-time codes in real time, or use synthetic voice and document generation to satisfy the challenge. The weakness is structural. The factor is transferable, observable, and reproducible, which is exactly what AI makes cheap. Once the authentication secret can be phished, cloned, or replayed at scale, the control no longer measures genuine user presence or device custody.

Practical implication: treat knowledge factors as bypassable assurance, not as the final trust layer for high-risk transactions.

Possession factors and mobile network verification

Possession-based authentication ties identity to something physically held, usually a specific device or SIM, and verifies that possession through a device, network, or cryptographic binding rather than user input. That matters because AI can imitate what a user knows or sounds like, but it cannot manufacture physical custody of a live device in the same way. Silent verification also removes the interaction point attackers exploit. When the check happens server-side against the mobile network or device trust anchor, there is no code for a victim to read aloud, no link to click, and no secret to relay.

Practical implication: move high-risk authentication and recovery flows toward device-verified possession checks that do not depend on user action.

Agentic commerce and chained identity trust

Agentic commerce introduces a delegated execution problem. A user may approve an agent to act on their behalf, but the security question becomes how each action is tied back to a verified person, a specific device, and an authorised session. Without a secure chain of trust, malicious actors can hijack sessions, inject synthetic identities, or abuse the agent pathway to create transactions that appear legitimate. This is not just fraud automation. It is a trust propagation problem across user, device, and agent boundaries, which means identity assurance has to follow the delegation chain rather than stop at initial sign-in.

Practical implication: require identity proofing and transaction binding that survives delegation, not just login-time authentication.


Threat narrative

Attacker objective: The attacker wants to impersonate a real user well enough to complete fraud, account takeover, or synthetic identity enrollment without triggering human suspicion.

  1. Entry begins with AI-generated phishing, voice cloning, or fake documents that make a victim believe the request is legitimate.
  2. Escalation occurs when the attacker relays stolen credentials or OTPs in real time, or uses synthetic identity signals to pass a challenge step.
  3. Impact follows when the attacker takes over the account, authorises a fraudulent transaction, or registers a new trust path that outlives the initial compromise.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

AI fraud is exposing a knowledge-factor trust debt that identity programmes have been carrying for years. Passwords, PINs, SMS OTPs, and challenge questions were designed for a world where humans could still reliably distinguish legitimate prompts from synthetic ones. That assumption fails when attackers can generate convincing lures, voices, and documents at machine speed. The implication is that assurance models built on user recognition are now structurally fragile, not merely overloaded.

Possession is becoming the only practical anti-fraud control class when AI can replicate knowledge and biometrics. The article points to a device or SIM held by the user as the remaining factor that cannot be copied through content generation alone. From an identity governance perspective, that shifts emphasis from what a user can prove in conversation to what the user physically controls at the network layer. Practitioners should treat this as a category change in authentication design.

Mobile is no longer just an endpoint, it is the identity anchor for consumer and workforce trust flows. As authentication, payment, recovery, and agent-assisted commerce all converge on the phone, the device becomes the trust boundary that links account, session, and transaction. That aligns mobile assurance with broader identity lifecycle governance because enrollment, step-up, recovery, and delegated actions now depend on the same physical trust point. Teams should design governance around device-bound trust chains, not isolated login events.

Agentic fraud will force IAM and fraud teams to share a control model. Once an AI agent can initiate or carry out transactions, the security question is no longer limited to whether the human authenticated at login. It becomes whether the delegated action remains bound to the right person, device, and policy context throughout execution. The governance gap is between identity verification and transaction authority, and closing it requires joint ownership across IAM, fraud, and mobile security programmes.

Named concept: the identity-to-device trust chain. The article describes a model where verified identity, physical device custody, and agent execution must remain cryptographically connected to preserve trust. That concept matters because it replaces point-in-time authentication with continuous binding across the user journey. Practitioners should use it to frame where their current assurance model stops short of real transaction integrity.

From our research:

  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
  • 52 NHI Breaches Analysis shows how quickly exposed credentials can turn into lateral movement and impact when revocation lags behind discovery.

What this signals

Identity-to-device trust chains: fraud programmes will increasingly need to prove that the right person, the right device, and the right action stay bound together after login. That is a different problem from classical MFA, and it will push IAM, fraud, and mobile teams into a shared operating model.

The organisations that are already struggling with secrets exposure will feel this shift first. Our research shows 79% of organisations have experienced secrets leaks, with 77% resulting in tangible damage, which is a useful proxy for how fast trust erodes once a control can be copied or replayed.

The practical next step is to align mobile assurance with lifecycle governance, especially around recovery, revocation, and delegated access. Once agent-assisted commerce becomes normal, the control question is no longer whether authentication happened, but whether trust survived the full transaction path.


For practitioners

  • Replace SMS OTP in high-risk flows Prioritise customer login, recovery, and step-up journeys where AI-enabled relay attacks can exploit human interaction. Use possession-based verification that checks device or SIM custody without asking the user to copy a code or read a prompt.
  • Bind recovery to a physical trust anchor Review account recovery paths for reuse of the same weak factors that attackers can fake, especially voice, knowledge questions, and SMS fallback. Require a verified mobile possession signal before issuing a new trust credential or resetting access.
  • Map agent actions to the originating identity Where AI agents can make purchases, trigger approvals, or move money, define how each transaction is tied back to a verified user and device. Separate agent permission from user assurance so delegated execution cannot drift outside policy.
  • Reclassify biometric checks as advisory signals Treat face, voice, and document checks as useful signals but not as standalone proof of identity in AI-heavy threat environments. Use them to support risk scoring, not to carry the entire authentication decision.

Key takeaways

  • AI has made knowledge-based authentication too easy to imitate, which weakens passwords, OTPs, and voice checks at the point where fraud teams need them most.
  • Possession-based verification shifts the trust decision onto something the attacker cannot copy remotely, especially a device or SIM with network-level proof.
  • Identity, fraud, and mobile security programmes now need a shared trust model for login, recovery, and delegated agent actions.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01The article centers on NHI-style possession and credential trust in fraud flows.
NIST CSF 2.0PR.AC-7Continuous identity verification maps to stronger access control for AI-driven fraud conditions.
NIST SP 800-53 Rev 5IA-2Authentication assurance is the core control challenge in AI-enabled fraud.
NIST Zero Trust (SP 800-207)The article's device-bound trust model supports continuous verification across sessions.

Review possession-based controls where authentication still depends on secrets or user-mediated entry.


Key terms

  • Possession Factor: A possession factor is something the user physically holds and can prove in the moment of authentication, such as a device or SIM. In AI-heavy fraud environments, possession matters because it cannot be copied, phished, or verbally extracted in the way passwords, OTPs, and knowledge questions can.
  • Silent Network Authentication: Silent Network Authentication is a carrier-verified check that confirms a device or SIM is in the user's possession without requiring a code, prompt, or manual action. It reduces exposure to phishing relay attacks because the proof happens in the background between trusted systems rather than through user input.
  • Agentic Commerce: Agentic commerce is a transaction model where AI agents can purchase, book, or act on behalf of a user. The identity challenge is to keep each delegated action tied to the correct person and device, so the agent does not become a loose trust boundary that attackers can hijack.
  • Identity-To-Device Trust Chain: An identity-to-device trust chain is the cryptographic and governance link between a verified user, their physical device, and any downstream action or agent session. It matters because authentication alone is not enough if the trust link breaks before the transaction is complete.

What's in the full article

IDlayr's full article covers the operational detail this post intentionally leaves for the source:

  • The mobile possession-factor mechanics used to verify SIM ownership without user input.
  • The article's explanation of how Silent Network Authentication fits into fraud and account recovery flows.
  • The vendor's FAQ on passkeys, possession factors, and why synced passkeys differ from device-bound credentials.
  • The agentic commerce discussion that ties user identity, mobile trust, and transaction assurance together.

👉 IDlayr's full article covers the shift from knowledge factors to silent mobile possession verification.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org