By NHI Mgmt Group Editorial TeamPublished 2026-05-29Domain: Governance & RiskSource: Incode

TL;DR: Identity verification is being bypassed by AI-enhanced presentation attacks, real-time face reenactment, multimodal spoofing, device manipulation, and automation that adapt faster than point-in-time checks, according to Incode. Traditional IDV assumes isolated signals can be trusted independently; adaptive fraud breaks that assumption and forces layered risk evaluation.


At a glance

What this is: This analysis shows how generative AI is making identity verification easier to bypass through more convincing spoofing, live reenactment, and environment manipulation.

Why it matters: It matters because IAM, fraud, and security teams need to treat identity proofing as a layered control problem, not a single biometric or document check.

By the numbers:

👉 Read Incode's analysis of how generative AI is bypassing identity verification


Context

Generative AI has changed identity verification by making fabricated faces, voices, and documents more convincing at the exact point where systems expect human authenticity. The primary problem is not that one factor fails, but that isolated checks are easy to game when attackers can coordinate multiple signals at once.

For IAM and fraud teams, the lesson is familiar from non-human identity governance: if you trust a single control in isolation, attackers will work around it. Identity proofing now needs context from device integrity, behavioural signals, and session risk, because a high-confidence image or document no longer proves a trustworthy identity on its own.


Key questions

Q: How should security teams handle identity verification when attackers can use generative AI to spoof face, voice, and documents together?

A: Security teams should stop treating identity verification as a single biometric or document decision. The safer model correlates device integrity, behavioural signals, network context, and capture telemetry before approval. When one signal can be faked convincingly, trust must come from consistency across multiple controls, not from any individual check.

Q: Why do AI-generated fraud attempts expose weaknesses in traditional liveness checks?

A: Traditional liveness checks often assume that unpredictable motion or challenge-response prompts prove a live human is present. AI can now generate realistic motion, facial timing, and reaction patterns quickly enough to satisfy those prompts. That means unpredictability alone is no longer a reliable trust signal, especially when capture integrity is not verified.

Q: What do organisations get wrong about using biometrics as proof of identity?

A: They often confuse biometric resemblance with identity assurance. A convincing face or voice only proves that a sensor received plausible input. Without device trust, contextual risk scoring, and anti-tamper controls, biometrics can become an attractive entry point for adaptive fraud rather than a reliable proofing mechanism.

Q: Who should be accountable when identity verification fails and a fake user is onboarded?

A: Accountability should sit with the product, fraud, and IAM owners who define the proofing threshold and approve the trust model. If verification results are used to create accounts or grant access, then the failure is not just a fraud event. It is an identity governance failure that should be reviewed like any other access-control breakdown.


Technical breakdown

AI-enhanced presentation attacks defeat simple liveness checks

Presentation attacks use fake inputs to fool identity proofing. Generative AI upgrades that tactic by adding realistic camera noise, lighting variation, motion blur, depth cues, and micro-movements that make spoofed media look like live capture. This matters because many liveness systems still rely on static thresholds or simple challenge-response prompts. Once those prompts become predictable, attackers can generate content that satisfies the expected pattern without proving a real human is present.

Practical implication: teams need liveness controls that test capture integrity and behavioural consistency, not only visual plausibility.

Real-time face reenactment turns unpredictability into a weak control

Real-time face reenactment uses synthetic or stolen faces that move dynamically during selfie and liveness flows. Instead of replaying a fixed video, the attacker adapts facial expression, eye direction, head movement, and timing during the session. That undermines controls built around the assumption that unpredictability itself proves presence. If a model can react fast enough, unpredictability becomes a format the attacker can emulate rather than a sign of legitimacy.

Practical implication: identity teams should evaluate whether their challenge flows can distinguish live behavioural response from AI-generated reaction.

Multimodal spoofing and device manipulation break signal isolation

Modern fraud rarely succeeds on one fake signal alone. Attackers combine synthetic video, cloned voice, altered documents, emulated devices, virtual cameras, and injected streams so each artifact reinforces the others. This is powerful because many verification systems still score each signal separately. When the capture pipeline is compromised, even strong biometric models are operating on poisoned inputs, and post-capture review comes too late to stop the decision.

Practical implication: practitioners should correlate biometric, device, and network telemetry before making an approval decision.


Threat narrative

Attacker objective: The attacker wants to pass identity verification at scale and obtain trusted account creation, onboarding approval, or session access under a false identity.

  1. Entry begins when attackers present AI-generated video, cloned voice, or altered documents during identity verification. Escalation occurs when they manipulate the device or capture environment with emulators, virtual cameras, or injected streams to control what the system sees. Impact follows when isolated checks accept the composite persona and the fraudster gains an approved identity result or account access.
  • MITRE ATT&CK Enterprise Matrix — MITRE ATT&CK Enterprise — adversary tactics and techniques, threat detection, attack chain mapping, credential access, lateral movement, privilege escalation.
  • Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Single-factor identity proofing is now a broken assumption: AI-driven fraud succeeds because many verification stacks still assume one signal can establish trust on its own. Generative attacks can now produce a believable face, document, voice, and device posture at the same time, so the control boundary is no longer the biometric itself but the correlation logic around it. The implication is that identity proofing has become a signal fusion problem, not a point check.

Multimodal coherence is the new attack surface: When a synthetic face is paired with a synthetic document and a cloned voice, the attacker is no longer bypassing one control. They are creating internal consistency across several weakly linked checks, which is often enough to defeat workflows that score signals independently. For IAM and fraud programmes, the governance question is whether approvals are being made on isolated evidence instead of cross-checkable context.

Capture integrity is now part of identity governance: Device emulation, virtual cameras, and injected streams move the fraud problem earlier in the flow, before the system even evaluates the identity evidence. That means the trust decision depends on whether the capture path itself is authentic. Teams that separate fraud prevention from identity governance miss the operational reality that the verification channel is now an identity control surface.

Adaptive fraud exposes the limits of static policy: Attackers can test, iterate, and refine in minutes, while many organisations still defend with fixed rules and threshold-based checks. That mismatch creates a governance lag that fraudsters can exploit at scale. Practitioners should treat this as an ongoing control-obsolescence problem, not a one-time tuning exercise.

Identity verification must be governed like an access decision: Once proofing is used to create accounts, approve onboarding, or unlock step-up access, the downstream impact is the same as any IAM control failure. In practice, that means the fraud team, IAM team, and risk owners need a shared control model instead of separate review loops.

From our research:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
  • That same lifecycle gap shows why 52 NHI Breaches Analysis is a useful next stop for teams mapping real-world credential failure patterns.

What this signals

Identity proofing is converging with NHI-style trust problems: the core issue is no longer whether a single artifact looks real, but whether the surrounding control plane can tell real interaction from manufactured input. Teams that already struggle with secrets and service account visibility will recognise the pattern: when trust is isolated to one control, adaptive attackers work around it.

The next phase for fraud and IAM programmes is shared telemetry, not separate review queues. Device, behavioural, and network evidence need to be evaluated together before trust is granted, otherwise generative attacks will continue to exploit the gap between capture and decision.

With 96% of organisations storing secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, per the Ultimate Guide to NHIs, the broader lesson is clear: attackers win where governance trusts the wrong layer.


For practitioners

  • Correlate identity signals before approval Require biometric, device integrity, and network context to align before an onboarding or step-up decision is made. Do not allow a single successful liveness result to override contradictory evidence from capture telemetry or device posture.
  • Test for capture-path tampering Add scenarios for virtual cameras, emulators, injected streams, and fingerprint spoofing to your fraud testing programme. Validate whether controls still work when the attacker controls the input environment rather than the face or document alone.
  • Rebuild liveness around behavioural consistency Use challenge flows that compare timing, movement, and interaction patterns across the session instead of relying on a single prompt. The goal is to detect whether the response is human, not merely whether it looks dynamic.
  • Separate identity proofing from trust assignment Treat a successful verification event as one input to a broader trust decision, not the final decision itself. Apply additional review when the verified identity will receive privileged access, financial authority, or account recovery rights.

Key takeaways

  • Generative AI is turning identity verification into a multi-signal adversarial problem rather than a single-step proofing exercise.
  • Real-time spoofing, multimodal impersonation, and capture-path tampering make isolated liveness checks insufficient for modern fraud prevention.
  • Practitioners should correlate device, behavioural, and network evidence before trust is assigned, especially where verification unlocks access or onboarding.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Identity proofing bypass maps to weak validation and trust assumptions in NHI flows.
NIST CSF 2.0PR.AC-1The article is about proving identity before access decisions are made.
NIST SP 800-53 Rev 5IA-2Identity verification failures affect authentication and account issuance controls.
NIST Zero Trust (SP 800-207)Zero trust depends on continuous trust evaluation, not one-time proofing.

Align onboarding and authentication steps so weak proofing cannot create trusted access.


Key terms

  • Presentation Attack: A presentation attack is an attempt to fool identity verification by showing fabricated or altered media to a camera or sensor. In modern AI-driven fraud, the attack may include synthetic motion, lighting, and timing cues designed to satisfy liveness checks while no real subject is present.
  • Liveness Check: A liveness check is a control intended to confirm that a biometric sample comes from a live person during the verification moment. Its value depends on whether the control can distinguish genuine interaction from AI-generated movement, replayed media, or capture-path manipulation.
  • Capture Integrity: Capture integrity is the trustworthiness of the device, camera, and input pipeline used during identity verification. If the capture path is controlled by an attacker through emulation or injected streams, even accurate biometric analysis can be built on poisoned inputs.
  • Multimodal Spoofing: Multimodal spoofing is the coordinated use of multiple fabricated identity signals, such as face, voice, and documents, to create a consistent false persona. It is more effective than single-signal fraud because each element reinforces the others and makes isolated checks easier to bypass.

What's in the full article

Incode's full article covers the operational detail this post intentionally leaves for the source:

  • Examples of AI-enhanced presentation attack techniques and how they alter capture quality
  • How real-time face reenactment behaves during selfie and liveness flows
  • Why device and environment manipulation changes the trust boundary for identity verification
  • The role of layered signal correlation in reducing false confidence at the decision point

👉 The full Incode article covers the five attack techniques and the layered detection model in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or IAM programme maturity, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-05-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org