Deepfake biometrics and injection attacks: are your controls keeping up?

TL;DR: Deepfake-driven presentation and injection attacks are undermining biometric identity verification, with Gartner warning that GenAI-created fakes can impersonate customers or employees and can be paired with social engineering to manipulate staff, according to 1Kosmos. The governance gap is that liveness and proofing controls now have to defend against synthetic media and client-side injection, not just stolen credentials.

NHIMG editorial — based on content published by 1Kosmos: Updated analysis of presentation attacks, injection attacks, and deepfake protection

By the numbers:

• With 20% of all biometric fraud attempts now involving deepfakes, the attack mix is shifting toward synthetic impersonation.
• Only 5.7% of organisations have full visibility into their service accounts.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

Questions worth separating out

Q: How should security teams defend biometric verification against deepfake attacks?

A: Security teams should defend the entire biometric capture path, not just the matching algorithm.

Q: Why do deepfakes create a governance problem for IAM teams?

A: Deepfakes create a governance problem because they can defeat identity proofing, mislead support staff, and trigger access decisions based on synthetic evidence.

Q: What breaks when liveness detection is used as the only biometric control?

A: Liveness detection breaks down when it is treated as a standalone answer instead of one signal in a broader assurance chain.

Practitioner guidance

• Harden the biometric capture path Block virtual camera abuse, client-side script tampering, and other injection methods before the liveness engine processes a sample.
• Layer liveness signals instead of trusting one check Combine motion analysis, response prompts, 3D depth, and texture checks so a single failure does not decide identity assurance.
• Add fraud escalation to verification workflows Route suspicious verification attempts to manual review or step-up factors when deepfake indicators, replay behaviour, or capture anomalies appear.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

• How LiveID and LiveID+ are positioned to detect injection attacks in real time across mobile and client-side flows.
• The specific deepfake and presentation attack patterns the vendor says its controls are designed to block.
• How the Reality Defender integration is intended to fit into existing verification workflows without changing infrastructure.
• The compliance context around EU AI Act expectations and emerging ISO 25456 guidance.

👉 Read 1Kosmos' analysis of deepfake biometric attacks and liveness detection →

Deepfake biometrics and injection attacks: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →