Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Deepfake biometrics and injection attacks: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Deepfake-driven presentation and injection attacks are undermining biometric identity verification, with Gartner warning that GenAI-created fakes can impersonate customers or employees and can be paired with social engineering to manipulate staff, according to 1Kosmos. The governance gap is that liveness and proofing controls now have to defend against synthetic media and client-side injection, not just stolen credentials.

NHIMG editorial — based on content published by 1Kosmos: Updated analysis of presentation attacks, injection attacks, and deepfake protection

By the numbers:

Questions worth separating out

Q: How should security teams defend biometric verification against deepfake attacks?

A: Security teams should defend the entire biometric capture path, not just the matching algorithm.

Q: Why do deepfakes create a governance problem for IAM teams?

A: Deepfakes create a governance problem because they can defeat identity proofing, mislead support staff, and trigger access decisions based on synthetic evidence.

Q: What breaks when liveness detection is used as the only biometric control?

A: Liveness detection breaks down when it is treated as a standalone answer instead of one signal in a broader assurance chain.

Practitioner guidance

  • Harden the biometric capture path Block virtual camera abuse, client-side script tampering, and other injection methods before the liveness engine processes a sample.
  • Layer liveness signals instead of trusting one check Combine motion analysis, response prompts, 3D depth, and texture checks so a single failure does not decide identity assurance.
  • Add fraud escalation to verification workflows Route suspicious verification attempts to manual review or step-up factors when deepfake indicators, replay behaviour, or capture anomalies appear.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

  • How LiveID and LiveID+ are positioned to detect injection attacks in real time across mobile and client-side flows.
  • The specific deepfake and presentation attack patterns the vendor says its controls are designed to block.
  • How the Reality Defender integration is intended to fit into existing verification workflows without changing infrastructure.
  • The compliance context around EU AI Act expectations and emerging ISO 25456 guidance.

👉 Read 1Kosmos' analysis of deepfake biometric attacks and liveness detection →

Deepfake biometrics and injection attacks: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Biometric fraud is now a channel-integrity problem, not just an identity proofing problem. Deepfakes do not merely imitate a face. They target the trust boundary between capture, transport, and verification, which means biometric assurance fails if the input path can be subverted. That shifts the security question from whether a sample looks real to whether the organisation can trust how the sample arrived. Practitioners should treat proofing flows as contested runtime systems.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, showing how often identity controls fail before the attack becomes visible.

A question worth separating out:

Q: How do teams decide when to move from self-service verification to manual review?

A: Teams should move to manual review when the verification context shows signs of injection, replay, or synthetic media, or when the workflow cannot confirm client integrity. The goal is to stop granting assurance automatically when the capture path is suspicious. That decision should be pre-defined in fraud and IAM policy.

👉 Read our full editorial: Deepfake biometric fraud is exposing identity verification gaps



   
ReplyQuote
Share: