TL;DR: AI is reshaping biometric authentication by improving accuracy and scale while also increasing exposure to deepfakes, synthetic fraud, and fairness and transparency concerns, according to Oz Forensics. For identity teams, the issue is no longer whether biometrics work, but whether governance, assurance, and lifecycle controls keep pace with AI-driven attack conditions.
NHIMG editorial — based on content published by Oz Forensics: AI and Biometrics: Key Insights from the Biometrics Institute Congress 2025
Questions worth separating out
Q: How should security teams govern AI-powered biometric authentication?
A: Security teams should govern AI-powered biometrics as an assurance and evidence system, not a convenience feature.
Q: Why do deepfakes create a problem for biometric identity controls?
A: Deepfakes create a problem because they can make synthetic identity signals look legitimate enough to defeat weak biometric checks.
Q: What do organisations get wrong about biometric security and fraud prevention?
A: They often treat biometric accuracy as proof of trust.
Practitioner guidance
- Define assurance thresholds for biometric decisions Separate low-risk convenience use cases from high-risk access decisions, and require stronger liveness and secondary checks where fraud impact is material.
- Instrument liveness and spoofing telemetry Track failed liveness checks, replay patterns, deepfake indicators, and unusual device behaviour so fraud review teams can spot attack drift early.
- Review biometric governance across the full lifecycle Document consent, retention, deletion, access to biometric records, and escalation paths for disputed decisions so the programme remains auditable.
What's in the full article
Oz Forensics' full article covers the operational detail this post intentionally leaves for the source:
- The article’s own framing of facial biometrics as the dominant modality for identification and authentication.
- The specific industry discussion points from the Biometrics Institute Congress in London.
- The vendor’s perspective on balancing anti-spoofing, user experience, and responsible AI adoption.
- The closing commentary on how organizations can build trust through biometric technology.
AI biometrics and liveness detection: are controls keeping up?
Explore further
AI biometrics turns identity assurance into a continuous trust problem. The article’s core point is that machine learning improves biometric performance while also widening the gap between apparent and actual identity confidence. That matters because biometric programmes often inherit a false sense of certainty from a successful match. Practitioners should treat biometric trust as conditional, not absolute.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to the State of Secrets in AppSec.
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.
A question worth separating out:
Q: How do I know whether my biometric programme is actually working?
A: Look for operational signals, not marketing claims. Monitor false acceptance and rejection rates, liveness failure trends, manual review outcomes, and fraud cases that bypass biometric checks. If the programme reduces fraud while keeping friction and exception handling under control, it is working as a governance control rather than a standalone technology feature.
👉 Read our full editorial: AI biometrics governance is now the trust control point