By NHI Mgmt Group Editorial TeamDomain: Governance & RiskSource: IncodePublished August 1, 2025

TL;DR: Facial deepfakes now span synthetic faces, face swaps, and face animation, and Incode says even trained labelers can no longer rely on visual inspection alone because realistic AI-generated media is being used to bypass identity verification and biometric authentication. The operational problem is not just detection accuracy, but the collapse of trust in human review as a security control.


At a glance

What this is: This is a technical explainer on three common facial deepfake techniques and the finding that modern deepfakes have outgrown human-only detection.

Why it matters: It matters because identity verification, KYC, and biometric authentication teams need to treat deepfakes as a governance and control-design problem, not a visual-review problem.

By the numbers:

👉 Read Incode's analysis of the three most common facial deepfake types


Context

Facial deepfakes are now a practical identity fraud problem because visual realism has improved faster than human detection. In identity verification and biometric authentication flows, that shifts the failure point from obvious spoofing to subtle media manipulation that can pass a selfie step or a liveness check if controls are too shallow. For a broader NHI baseline on governance and lifecycle risk, see the Ultimate Guide to NHIs.

The article frames the core issue correctly: once synthetic faces, face swaps, and face animation become cheap and scalable, identity assurance can no longer depend on human eyes or a single signal. That creates direct implications for KYC, fraud operations, and any programme that still treats the selfie as evidence rather than as one input to a risk decision.


Key questions

Q: How should security teams defend identity verification against deepfake attacks?

A: Use layered verification that combines passive liveness, device signals, behavioural telemetry, and policy-based risk scoring. Deepfakes are no longer reliable to catch by eye, so the control objective is to make spoofing fail across multiple independent checks rather than at a single selfie step.

Q: Why do facial deepfakes create risk for biometric authentication programmes?

A: Because they undermine the assumption that a face capture is strong evidence of a real person present in the session. When synthetic faces, face swaps, and face animation are cheap and realistic, biometric programmes need stronger assurance than image appearance alone.

Q: What do teams get wrong about spotting deepfakes in user onboarding?

A: They overestimate human detection and underweight signal correlation. Real users can be rejected when teams rely on artifact hunting, while high-quality deepfakes can still pass if the process depends on a single visual check or a narrow liveness test.

Q: How can organisations reduce fraud from synthetic faces and face swaps?

A: Shift from standalone verification decisions to session-level risk evaluation. Correlate capture quality, camera behaviour, document checks, and repeat patterns across attempts so synthetic identities and swapped faces are easier to separate from legitimate users.


Technical breakdown

Synthetic faces: why generated identities are hard to block

Synthetic faces are AI-generated identities that do not map to a real person. They are typically produced by GANs or diffusion models, which can generate convincing images and video without needing a source identity. For fraud, that matters because the attacker does not need to defeat an enrolled face profile. They only need to create a plausible new identity that passes image quality and liveness thresholds. As generation quality improves, artefacts become less reliable as a detection signal, so policy needs to assume that visual realism is no longer a meaningful trust boundary.

Practical implication: Treat image realism as untrusted input and require multi-signal verification beyond the selfie itself.

Face swaps and why source identity leakage still matters

Face swaps overlay one identity onto another person’s body or video. Earlier approaches relied on facial landmark alignment, while newer methods use generative models to reduce artefacts and preserve lighting and motion. The key security issue is that the attack can reuse real footage while substituting the face, which allows a fraudster to combine stolen media with a false identity narrative. Repetition across background, lighting, and body posture can still reveal the attack, but those cues are weaker when the swap is high quality and pre-recorded.

Practical implication: Look for cross-frame consistency, device signals, and document correlation rather than trusting a single video frame.

Face animation and the collapse of human review as a control

Face animation takes a still image and adds motion, lip sync, blinking, or speaking to make the subject look live. It is dangerous because it can turn a synthetic or stolen photo into something that resembles an interactive enrolment session. In practice, this blurs the line between genuine capture and replayed or generated content. Once the model can generate realistic motion on demand, human review becomes unreliable because labelers can no longer separate artifact detection from poor camera quality with confidence.

Practical implication: Use passive liveness, device telemetry, and behaviour analysis instead of relying on manual review for edge cases.



NHI Mgmt Group analysis

Visual inspection is no longer a viable trust control for biometric identity. The article’s own testing shows why human review fails: experts can spot many deepfakes, but they also reject a meaningful share of real users. That means the control is not merely noisy, it is structurally unfit as a primary verification layer. The practical conclusion is that identity programmes must stop treating human eyes as an adjudication mechanism for deepfake risk.

Facial deepfakes expose a biometric assurance gap, not just a fraud tooling gap. When synthetic faces, face swaps, and face animation all converge on realistic output, the weak point becomes the verification model itself. Controls built around a single selfie or a single liveness signal assume that image authenticity can be inferred from appearance. Practitioners should read this as a validation problem across the whole identity journey, from capture to decisioning.

Passive, multi-modal signals are now the minimum credible defence. The article points to device, camera, and behavioural analysis as part of the answer, and that direction aligns with how modern identity fraud must be handled. No single signal is sufficient when AI-generated media can imitate motion, expression, and lighting. Security teams need layered verification that can correlate context, not just classify pixels.

Deepfake defence belongs in identity governance, not only in fraud operations. The business issue is broader than blocked accounts or failed enrolments. Biometric authentication, KYC, and workforce verification all rely on assumptions about personhood that deepfakes now challenge at scale. The practitioner implication is to align fraud controls, identity assurance policy, and exception handling under one governance model.

Facial deepfakes show how quickly adversaries can industrialise identity abuse. Once generation tools become inexpensive and widely available, attackers can produce large volumes of synthetic identities or manipulated videos at very low marginal cost. That shifts the economics of identity fraud in the attacker’s favour unless verification architecture is built for adversarial media from the start. Teams should budget for adversarial identity testing as an ongoing control requirement, not a one-time project.

From our research:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • Another 97% of NHIs carry excessive privileges, which broadens attack surface and magnifies the impact of compromised identities.
  • That is why the 52 NHI Breaches Analysis is the right next step for teams mapping identity compromise patterns to governance gaps.

What this signals

Facial deepfakes are pushing identity assurance toward adversarial media handling. Teams that still treat selfie review as a human judgement problem will keep missing attacks and generating false rejections. The operational shift is toward policy-driven, signal-rich verification flows that can absorb manipulated media without depending on visual intuition.

The category also has a governance dimension that crosses human IAM and identity fraud. Once deepfakes become easy to generate at scale, identity proofing controls, exception handling, and manual review policy all need to be reviewed together rather than as separate fraud-team decisions. Security leaders should expect deeper integration between fraud analytics and identity governance programmes.


For practitioners

  • Add multi-modal liveness checks Use passive liveness, device intelligence, and behavioural telemetry together so a deepfake must defeat more than one control path before approval.
  • Remove human-only adjudication for high-risk captures Reserve manual review for exception handling and correlation, not as the primary method for spotting synthetic faces or face swaps in production flows.
  • Correlate identity proofing signals across the session Compare capture context, document evidence, camera characteristics, and session behaviour so a manipulated selfie cannot pass as a standalone trust event.
  • Test fraud paths with adversarial media Run red-team scenarios using synthetic faces, face swaps, and face animation to measure where your enrolment and step-up flows fail under realistic attack conditions.

Key takeaways

  • Modern facial deepfakes are realistic enough that human reviewers can no longer serve as the primary detection control.
  • The attack surface is broader than synthetic images alone because face swaps and face animation can also defeat weak verification flows.
  • Identity teams should move to layered, multi-signal verification and test their onboarding flows with adversarial media now.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST SP 800-63, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63BBiometric and authenticator assurance guidance is directly relevant to deepfake-resistant identity proofing.
NIST CSF 2.0PR.AC-7Identity proofing and access decisions depend on stronger assurance than visual inspection.
NIST SP 800-53 Rev 5IA-2Identity verification at sign-in maps to authenticator and identification controls.
GDPRArt.32Biometric identity verification processes must protect personal data against spoofing and misuse.

Assess whether biometric processing has appropriate security measures and fraud-resistant safeguards under data protection obligations.


Key terms

  • Facial deepfake: A facial deepfake is AI-generated or AI-manipulated face media designed to look like a real person during identity verification. In practice, it includes synthetic faces, face swaps, and face animation, all of which can be used to bypass selfie checks, liveness tests, or manual review.
  • Face swap: A face swap replaces the face in a real image or video with another identity while preserving the surrounding scene and action. The control challenge is that the body, lighting, and background can remain authentic-looking even when the identity layer has been substituted.
  • Face animation: Face animation adds motion, blinking, speech, or expression to a still image so it appears live and interactive. For identity teams, the risk is that a static or stolen image can be turned into convincing capture media that defeats weak liveness checks.
  • Passive liveness detection: Passive liveness detection tries to confirm that a user is physically present without requiring overt actions such as head turns or prompts. It is stronger when combined with device and behavioural signals, because deepfakes can increasingly imitate appearance but still leave contextual clues.

What's in the full article

Incode's full article covers the technical detail this post intentionally leaves at the pattern level:

  • Visual examples of synthetic faces, face swaps, and face animation that help fraud teams recognise each attack family.
  • Technical discussion of GAN and diffusion model behaviour in image and video generation.
  • Examples of how real-time and pre-recorded deepfakes can be injected into verification pipelines.
  • Notes on the limits of human labelers when distinguishing deepfakes from real captures.

👉 Incode's full post covers the attack mechanics, examples, and detection challenges in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org