A callback is no longer safe when the decision depends on recognising a voice, face, or familiar behaviour that AI can imitate. If the request could cause payment movement, access changes, or support authorisation, move to a cryptographic verification step instead of relying on human memory or familiarity.
Why This Matters for Security Teams
A callback stops being a safe identity check the moment it relies on a recognisable voice, face, or familiar conversational style. Those cues are now easy to spoof, especially when an attacker can use synthetic media to sound like an executive, a vendor, or a known colleague. For any request that can move money, change access, or approve support actions, identity must shift from human recognition to a verifiable control.
This is not a niche fraud problem. NHI Management Group’s Ultimate Guide to NHIs notes that 79% of organisations have experienced secrets leaks, and 77% of those incidents caused tangible damage. The same lesson applies here: if the verification step is based on trust in a familiar interaction, it can be bypassed by an impostor faster than a help desk can detect the fraud. Current guidance from the NIST Cybersecurity Framework 2.0 still points teams toward stronger identity assurance and risk-based verification, not memory-based confirmation.
In practice, many security teams encounter callback abuse only after a payment, reset, or support escalation has already been authorised.
How It Works in Practice
The safer model is to treat callbacks as notification channels, not proof of identity. When the request has business impact, the verifier should switch to a control that is bound to something the requester possesses or can cryptographically prove, such as a signed challenge, a one-time code delivered through an already trusted channel, or a workflow that requires approval from a known account in a controlled system. For NHI and agentic workflows, the same principle applies: identity should be anchored in workload identity and policy, not in a voice conversation.
That is why organisations increasingly combine step-up verification with short-lived credentials, ticketed approvals, and policy-as-code. For autonomous systems, the right answer is often a runtime decision based on context, not a pre-approved exception based on familiarity. NHI Mgmt Group’s 52 NHI Breaches Analysis shows how quickly identity failures compound when access is granted too casually, and the same pattern appears in support fraud. For a deeper control baseline, the Top 10 NHI Issues research reinforces that weak verification and overexposed credentials are recurring failure points.
- Use callbacks only to coordinate, then complete identity checks through a separate trusted mechanism.
- Require cryptographic or account-based proof for high-risk actions such as payments, resets, and privilege changes.
- Prefer short-lived, task-specific credentials over long-lived shared secrets.
- Log the verification path so reviewers can distinguish a legitimate callback from a social-engineering event.
These controls tend to break down when the organisation still relies on shared inboxes, unmanaged support scripts, or approval chains that accept verbal familiarity as sufficient proof.
Common Variations and Edge Cases
Tighter verification often increases friction, requiring organisations to balance speed against fraud resistance. That tradeoff is real, especially in help desks, incident response, and executive support, where users expect fast action. Current guidance suggests the safest approach is to reserve callbacks for low-risk coordination and to use stronger verification whenever the action changes state or grants access.
There is no universal standard for every scenario yet. A callback may still be acceptable for confirming that a person is available, but not for confirming that the person is who they claim to be. If the request comes through a third-party vendor, a delegated support desk, or an AI agent acting on behalf of a user, the risk rises further because the human voice in the loop no longer guarantees the origin of the request. In those cases, organisations should rely on authenticated systems, documented approval chains, and step-up checks tied to known identities rather than conversational trust.
Where synthetic media is common, best practice is evolving toward out-of-band verification and cryptographic confirmation. That shift matters because callback fraud is most effective in environments where staff are trained to be helpful first and skeptical second.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A01 | Agent impersonation and deceptive prompts can bypass human callback trust. |
| CSA MAESTRO | ID-01 | MAESTRO emphasizes strong identity and runtime trust for autonomous workflows. |
| NIST AI RMF | AI RMF applies to identity risk from synthetic media and autonomous decision paths. |
Require cryptographic or policy-based verification before any agent or operator can trigger sensitive actions.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 22, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
