Generative AI deepfakes represent another skirmish in the ongoing clash between two forces that never stop innovating
I was there when AI and machine learning entered the battlefield. I started a cybersecurity company in the early 2000s that used machine learning to classify the internet long before that technology was commonplace.
When I moved to the identity space, the parallels were obvious. There are bad actors constantly looking for attack vectors to compromise a system and an opposing team trying to shore up the defenses and stay ahead of the threat.
Deepfakes are another attack vector and illustrate tremendous strides in AI in the past decade. We see the world based on visual presentation, and when people create faces or videos that can pass for us, it poses a threat to identity at its core.
But sophisticated AI can detect sophisticated AI. We can use AI in mathematical ways to spot details that are too flawless or that have artificially injected imperfections. It’s an ability that’s becoming more prevalent among AI platform capabilities, including selfies, image detection and pictures of pictures.
Bad actors, though, won’t stop innovating. So how do you defend against the latest state-of-the-art attacks and prepare for whatever comes next? There are three key strategies.
- Use a Layered Defense
Many identity verification providers are either in the data-only category or focus just on document or biometric verification, and they tend to be firm about which way is better.
But when you bring all those techniques together and apply different technologies for different use cases, you’re essentially killing the concept of verification categories. That’s how you beat the bad actors’ AI, which might be able to defeat a single technology.
We’re going to see that layered defense becoming more prevalent in identity.
Document verification, for instance, already applies layered tactics. A person takes a photo of the ID and takes a selfie to match the document’s picture. Liveness detection, which can measure aspect ratios and pixelation, then shows the image wasn’t taken from a screen.
As organizations layer on verification capabilities, they gain more assurance in a customer’s identity, and the information starts to line up and match across databases. That assurance doesn’t have to come with higher costs, longer verification times or a more complicated mix of vendors.
Just as fraudsters continue to innovate, so too do those who stop them. Cutting-edge technology driven by AI and machine learning can deliver every verification layer across one platform.
- Raise Defenses to the Network Level
A network capability takes layered defenses to a higher level. It’s a way to see patterns across a broad spectrum of data to identify a class of attack and stop it.
Bad actors, for instance, try to use the same synthetic identities in different environments and contexts. They might blend real and fake data or get a good photo and put it on different government-issued IDs to see what gets through.
The network has the ability to see that photo or data multiple times and build a defense.
The network effect also can apply to industries. Bad actors trying to access a particular industry will work their way down the list of organizations trying to get in. A network model allows the industry to cooperatively stop fraud.
Is there interest in an industry network model now? There is to some degree. Would that grow stronger if fraud becomes a bigger problem? It could.
- Evolve With Identity
As fraudsters get more sophisticated, organizations will face the choice of either applying more friction to users to identify themselves or evolving with identity technologies.
The future of identity is that we’ll likely become more reliant on a digital assistant or personal device that we present when challenged for verification. We certainly trust the security features on our phones to protect everything from bank accounts to travel data, so it’s not a big leap to identity.
People, for example, can own proven self-sovereign identities and present them in a secure exchange medium through their phones.
Of course, a new class of bad actors will follow. They’ll double-down on breaking into phones, or they’ll get more sophisticated about inserting themselves into the conversations between the self-sovereign identity and authentication authority.
But self-sovereign identity likely will remain a complicated, fragmented space for the foreseeable future because many different entities, public and private, want to be involved.
Reasons for Hope in a Perilous Digital World
Fraudsters are great innovators. They’re creative at uncovering holes in a digital system and quickly exploiting them.
They help each other. People can buy kits to carry out attacks. They have access to computing power and tools that were never before available.
That could keep anyone up at night. But there are two sides to this duel, and that should give us hope.
The computing power and AI fraudsters use can also stop them. For every innovation that gives them an edge, there’s another that dulls their blade.
About the Author
Hal Lonas is the Chief Technology Officer for Trulioo. Hal brings more than 25 years of technology leadership to his role guiding the Trulioo product and technology vision. He is a recognized innovator in cloud security and machine learning and a long-standing champion of automation technology. Prior to joining Trulioo, Hal was senior vice president and chief technology officer for the SMB and Consumer business unit at OpenText, where he oversaw the organization’s technology and product strategy. Hal also was chief technology officer at Webroot and Carbonite, where he led the creation of the first cloud-native security platform. He co-founded and was vice president of engineering for BrightCloud and has held key engineering management positions with Websense and ADP. Hal also co-authored several patents and holds a degree in aeronautics and astronautics from the Massachusetts Institute of Technology.
Hal can be reached online at https://www.linkedin.com/in/hal-lonas-4555b1/ and at the company website https://www.trulioo.com/