Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery.
The real question is no longer just whether a user’s identity can be verified, but whether the signals used to establish trust can still withstand AI-enabled manipulation.
When identity signals are no longer enough
Most digital identity controls were designed around a simple assumption: if a person can present the right evidence, they are probably who they claim to be. A password, a one-time code, a government ID, a selfie, or even a biometric match was often enough to establish confidence. But AI is weakening the reliability of those signals, especially when they are captured remotely and evaluated in isolation.
Attackers can now generate convincing voice samples from a few seconds of audio, animate a face in real time, draft messages in a victim’s tone, and combine stolen personal data with synthetic media to trick help desk staff or bypass recovery checks. As a result, remote biometric matching, on its own, is becoming a weaker standalone trust signal.
This is why security teams need to think in terms of identity resilience, not just identity proofing. And where verifiable credentials can play an important role.
From appearance to proof-based trust
A verifiable credential is not just another identity artifact. It is a cryptographically signed claim issued by a trusted authority, such as a government agency, employer, or financial institution. Instead of relying on a human reviewer or a remote system to decide whether a face, voice, or document looks real, the holder proves possession of the credential through cryptographic verification, often using device-bound keys or secure hardware protections. In practical terms, that makes trust less dependent on appearance and more dependent on proof.
But security leaders should be careful not to overestimate what this solves. Verifiable credentials are powerful, but they do not eliminate risk on their own. A stolen device, a compromised private key, malware on an endpoint, or a user tricked into authorizing a malicious action can still undermine the control. That is why the real opportunity is not verifiable credentials alone. It is the combination of cryptographic identity, trusted devices, local user verification, and policy enforcement.
Biometrics still matter in this model, but their role changes. Instead of serving primarily as a remote identity signal, they should be used as a local mechanism to prove user presence and enable the secure use of a credential on a device the organization can trust. That is a much stronger security control than asking a service desk analyst or onboarding workflow to decide whether a face on a screen is real.
Moving to identity resilience
Implementing this model requires three architectural shifts.
First, reduce dependence on centralized biometric repositories. Storing biometric templates in central systems creates high-value targets and increases breach impact. Keeping biometric material protected on user-controlled devices, ideally in secure enclaves or equivalent hardware-backed storage, reduces the blast radius of a compromise.
Second, require local cryptographic proof for high-risk actions. In a stronger model, the biometric alone does not “prove identity” to a remote system. It unlocks local access to a credential, which is then used to generate a signed response to a challenge. That means a convincing deepfake on a video call is not enough. The attacker would also need the user’s device, access to the protected credential, and the ability to satisfy local controls.
Third, minimize unnecessary identity disclosure. Selective disclosure and zero-knowledge techniques allow users to prove specific facts without revealing full identity records. For example, they can confirm that a user is over 18 without revealing a birth date. This is more than a privacy enhancement. It limits data exposure, reduces the value of stolen records, and narrows the surface area AI systems can exploit or harvest.
Making trust harder to fake
Consider a realistic service desk scenario. An attacker uses cloned voice and synthetic video to impersonate an employee requesting a password reset, MFA reset, or privileged access recovery. In a traditional workflow, the analyst may rely on visual confidence, knowledge-based answers, or weak identity checks.
In a more resilient model, the organization sends a challenge to the user’s wallet or trusted device. The legitimate user must complete a local biometric check and produce a signed cryptographic response. The attacker may look and sound convincing, but is far less likely to complete the transaction without the device-bound credential and local proof of user presence.
That is the deeper lesson for CISOs. AI impersonation is not just a fraud problem or a deepfake problem. It is a trust architecture problem. Organizations that continue to rely on remotely evaluated human signals will face rising risk in account recovery, service desk operations, onboarding, and high-risk approvals.
The goal is not to make impersonation impossible. It is to make trust less dependent on what an attacker can imitate, and more dependent on what they cannot easily steal, forge, or replay at scale.
Rohan Pinto is CTO of 1Kosmos. He previously architected security infrastructure for the Government of Ontario and the Health Information Access Layer for the Province of British Columbia and is involved in establishing the United States Department of Defense’s Security Access Layer using Common Access Cards (CAC). Pinto is also an active member of the Decentralized Identity Foundation and the FIDO (Fast Identity Online) Alliance.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.