Executive interviews

Staying Ahead of AI-Driven Identity Threats: iProov Shows Liveness Detection Isn’t Enough Anymore

Why Identity Verification Must Go Beyond Detecting Movement in This Era of AI

We are in an inflection point in cybersecurity. Generative AI (Artificial Intelligence) has lowered the barrier to entry for highly sophisticated attacks, transforming what once required specialist skills into something achievable with low-cost, off-the-shelf tools.

Dominic Forrest, Chief Technology Officer at iProov, describes this scenario succintly, noting, “AI-driven deepfakes and synthetic identities are no longer theoretical risks. They are being actively weaponised to move money and take over accounts.”

This shift, according to Forrest, is particularly acute in Southeast Asia, where extraordinary digital growth is colliding with uneven regulatory maturity. Millions of users are onboarding mobile banking, e-government services, and online marketplaces every month. According to the e-Conomy SEA 2025 report, the region’s digital economy is on track to exceed USD $300 billion in GMV, with over 60% of payments now digital.

Yet frameworks for digital identity and AI security vary widely across jurisdictions. MITRE ATLAS™—a globally accessible, living knowledge base documenting adversary tactics against AI-enabled systems—has become essential. This is where iProov comes in to bridge the gap between keeping safe and staying ahead.

“iProov’s contribution provides production-level insights that can help governments and enterprises better understand how biometric systems are being attacked in the real world,” Forrest told Cybersecurity Asia. “At a time when the gap between attacker capability and defensive readiness is widening, this kind of practical, shared knowledge is essential to stay ahead of threats rather than reacting after harm has already occurred.”

Challenging Assumptions in Identity Verification

Recently, in fact, iProov conducted a case study that shows how liveness software alone is enough. In this case study, iProov used red teaming to demonstrate that sophisticated attackers can bypass many traditional identity verification and Know-Your-Customer (KYC) workflows currently used in financial institutions and cryptocurrency platforms.

iProov
Dominic Forrest, Chief Technology Officer at iProov

“The research demonstrates why active liveness solutions are particularly vulnerable because they still focus on surface-level signals,” Forrest pointed out, “They ask users to blink, smile, or analyse basic image artefacts. The problem is that modern AI-generated deepfakes can convincingly replicate these behaviours. In some cases, attackers don’t even present themselves to the camera at all. Instead, they inject a synthetic video stream directly into the device, making it appear as though a real user is present.

Threat intelligence reinforces this reality, according to Forrest. In the Grey Nickel campaign, a highly organised threat actor group was systematically targeting identity verification systems in Asia-Pacific since mid-2023. Their toolkit includes advanced face-swap technology, metadata manipulation, and injection techniques designed to defeat single-frame and basic liveness checks. For high-risk sectors like financial services and crypto, the implication is clear: identity verification must go beyond detecting movement. It must confirm genuine human presence and ensure that interactions cannot be replayed or synthetically generated.

Inside the iProov Red Team Exercise

To understand the mechanics of these vulnerabilities, iProov’s Red Team, led by Dr. Panos Papadopoulos, simulated a KYC breach scenario. The exercise mirrored the approach of a real attacker. The exercise followed these stages:

  1. First, the team gathered publicly available identity information and high-resolution facial images of a target. Using this data, they created a live deepfake with Faceswap, a generative AI tool capable of producing highly realistic facial video in real time.
  2. Next came the delivery mechanism. Open Broadcaster Software (OBS) streamed the deepfake video, while an Android application called Virtual Camera: Live Assist replaced the device’s default camera feed. Crucially, this setup worked on genuine, non-rooted Android devices.
  3. During the KYC process, the financial services application received what appeared to be a legitimate camera feed. In reality, it was a synthetic video stream. The liveness system was bypassed, allowing the Red Team to authenticate as a fictitious identity.

“What makes this so difficult to detect is that many liveness technologies still rely on cues that AI can now replicate convincingly, such as facial movement or visual artefacts,” Forrest said. “When attackers inject video directly into the data stream, those defences collapse.”

The lesson is stark: asking users to perform actions is no longer sufficient. Systems must prove genuine human presence, and they must remain resilient as attacks evolve.

Raising the Bar with iProov and CEN 18099

Alarmingly, deepfake technology has reached a point where even trained humans struggle to distinguish real from synthetic. Executives are being impersonated to authorise fraudulent fund transfers. State-sponsored actors are using synthetic identities to secure remote IT roles. These schemes generate revenue that fuels further illicit activity.

Traditional standards, such as ISO/IEC 30107-3, have long provided frameworks for assessing presentation attacks like photos or masks. But they do not adequately address injection attacks, where synthetic media is fed directly into the digital pipeline. CEN 18099 fills that gap. It introduces rigorous testing protocols specifically designed to evaluate whether biometric systems can detect and resist injection-based attacks.

“By establishing a unified methodology for injection attack detection, CEN 18099 raises the bar for the entire industry. It moves biometric security from a best-effort approach to one grounded in measurable resilience against real-world AI threats,” Forrest emphasised.

So, for vendors, CEN 18099 provides a clear, auditable benchmark. For buyers, on the other hand, it offers transparency in assessing solutions. In short, it is a significant step forward in building AI-resilient identity verification.

Strengthening Frameworks in Asia

For regulators and financial institutions in Asia, the path forward, according to Forrest, requires abandoning reliance on active liveness checks. These techniques are vulnerable to generative AI, which can spoof movements and expressions with ease. They also fail to address injection attacks, where fraudsters bypass the camera entirely.

A better alternative in this case is passive liveness as exemplified by iProov’s Dynamic Liveness solution. Controlled illumination, via iProov’s patented Flashmark technology projects a unique, one-time, unpredictable sequence of colours onto the user’s face, and that effortless interaction cannot be replayed or synthetically generated. This, according to Forrest, proves three things simultaneously: that the person is the right individual, that they are a real human, and that they are authenticating right now.

Forrest added that security should also be proportionate as “not every transaction requires the same level of assurance.” But by applying a tiered model, financial institutions can assess the necessary level of security.

“Low-risk tasks stay seamless with on-device simple biometrics, while medium-risk requests use passive verification,” Forrest explained. “For high-stakes moments like account recovery or large transfers, dynamic liveness provides maximum fraud resilience. This adaptive approach hardens defences and builds customer trust without sacrificing a smooth user experience.

Staying Ahead of Threat Evolution

Now, moving forward, the growing complexity of AI attacks demands a shift from reactive to continuously adaptive security. That, Forrest says, is the role of the iProov Security Operations Center (iSOC), the industry’s first active threat management service dedicated entirely to biometrics. iSOC monitors biometric traffic worldwide, 24/7, identifying patterns and clusters of attack activity. If a new deepfake tool or injection technique appears in one region, protections are automatically updated across all customers globally. Because iProov is cloud-based, those defences are renewed instantly.

“This also removes the need for manual fraud reviews, which are slow costly and inaccurate. Our research shows that 99.9% of humans cannot consistently distinguish a high-quality deepfake from a real person. What organisations need is a system that delivers a confident, binary decision,” Forrest noted. “Flashmark-powered Dynamic Liveness creates a unique, unpredictable biometric interaction that confirms real-time authenticity. It allows organisations to stay ahead of evolving threats while delivering strong security for users.

The Need for Urgency

The convergence of generative AI and digital identity, as iProov has proven, has created a new frontier of risk. Southeast Asia’s rapid digital expansion underscores the urgency of resilient frameworks, but the lessons apply globally. As iProov’s case study demonstrates, attackers are already exploiting vulnerabilities in liveness technologies, injecting synthetic streams, and weaponising deepfakes at scale. Standards like CEN 18099, adaptive models like tiered verification, and proactive threat management through iSOC represent the next evolution in defence.

The message for CISOs and tech leaders is clear: identity verification must evolve beyond surface-level checks. It must prove genuine human presence, resist injection attacks, and adapt continuously to the pace of AI innovation. Anything less risks leaving the door open to adversaries who are already inside.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *