Because they undermine the evidence used to establish that a real person is present. Once that evidence is compromised, attackers can open accounts, reset credentials, or pass higher-trust checks without needing to defeat every control in the journey. The risk is cumulative, not isolated.
Why This Matters for Security Teams
Deepfakes and liveness bypasses matter because they attack the weakest proof point in many onboarding, recovery, and step-up flows: the assumption that a live human is present and acting honestly. When that proof is forged, downstream controls often still “work” as designed, but they are now protecting the wrong subject. That is why fraud teams, IAM teams, and security operations all feel the impact at once.
This is not just an authentication problem. It is a trust-chain problem that can turn facial verification, voice verification, and selfie-based recovery into an entry point for account takeover, synthetic identity fraud, and authorization abuse. Current guidance from the NIST Cybersecurity Framework 2.0 and NHIMG’s Ultimate Guide to NHIs — Why NHI Security Matters Now both reinforce the same operational reality: identity assurance has to hold up under active attack, not only during normal user flows. In practice, many security teams encounter deepfake-enabled fraud only after a recovery path or verification workflow has already been abused at scale, rather than through intentional design testing.
How It Works in Practice
Fraud risk rises sharply because modern attacks do not need to defeat every control. They only need to break the evidence used to make a trust decision. A convincing deepfake can satisfy a remote verifier, while a liveness bypass can defeat checks intended to distinguish a real person from a replay, injection, or synthetic presentation. Once that trust decision is accepted, the attacker often inherits the same privileges as the legitimate user.
That is why these attacks commonly show up in account opening, password reset, payment approval, and high-risk recovery flows. The organisation may still enforce passwords, OTPs, device checks, and review queues, but the initial identity proof is already corrupted. NHIMG’s Top 10 NHI Issues and OWASP NHI Top 10 are useful here because they show how trust anchors fail when identity assertions are reused, over-privileged, or insufficiently validated.
- Use layered verification, not a single biometric or video signal.
- Treat liveness as a risk signal, not as a standalone guarantee.
- Bind recovery and step-up checks to device, session, and behavioural context.
- Limit what can happen after successful verification, especially for money movement or credential changes.
Best practice is evolving toward stronger, context-aware fraud detection, but there is no universal standard for this yet. Organisations should combine policy, analytics, and manual review for high-impact actions. These controls tend to break down when customer operations depend on low-friction remote onboarding because attackers can iterate until a synthetic identity passes with enough confidence.
Common Variations and Edge Cases
Tighter verification often increases user friction and operational cost, requiring organisations to balance fraud reduction against abandonment, review load, and accessibility.
The hardest cases are not obvious spoofing attempts. They are blended attacks that combine real data, stolen credentials, and synthetic media so the request looks legitimate across multiple checks. That creates ambiguity for fraud analysts and can make false positives expensive. Current guidance suggests using step-up controls only where the business impact justifies it, and reserving the strongest evidence requirements for recovery, payout, and high-value account changes.
Another edge case is mobile and call-centre assisted verification, where environmental constraints make deepfake detection harder and the human reviewer becomes the control point. A reviewer can be socially engineered, rushed, or given only partial context. In those environments, policy decisions should not rely on a single operator judgment. Instead, they should pair fraud tooling with case history, device intelligence, and pre-established escalation thresholds. NHIMG’s Ultimate Guide to NHIs — Key Challenges and Risks is a useful reference for understanding how trust failures compound once an attacker gains a reusable identity foothold.
For teams planning controls, the practical question is not whether liveness is useful. It is whether the organisation can detect when that signal has been forged, bypassed, or replayed before the next high-trust action is authorised.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-1 | Identity assurance and proofing are central to resisting deepfake fraud. |
| OWASP Agentic AI Top 10 | A1 | Synthetic media and bypasses exploit weak trust decisions in digital workflows. |
| NIST AI RMF | AI RMF addresses trustworthy AI use, including misuse of generative media. |
Govern AI-enabled verification with risk controls, monitoring, and human oversight for high-impact decisions.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
