AI fraud forces digital identity to stop being a formality and become permanent surveillance

🕒 Published on Zendoric: July 3, 2026 · 01:20
A Regula survey reveals that only 48% of companies trust their identity verification controls, while Microblink documents how generative fraud is becoming regionalized and more sophisticated. The sector's response: moving from a one-off check to continuous trust monitoring, with new biometric layers and even rewards for hacking identity-proofing systems.
By Biometric Update · July 2, 2026.
The figures in Regula's new survey, "The New Shapes of Identity Threats 2026," are uncomfortable: barely 48% of organizations say they fully trust their technical identity verification controls, more than half (52%) cannot confirm whether a biometric was captured live, and only 50% manage to trace their identity decisions end to end. The practical result: 92% report business impact —revenue, compliance, reputation— from incorrect verifications. In parallel, a study by Microblink documents that fraud is no longer uniform: North America concentrates sophisticated photo forgery attacks, while other regions see more physical presentation attacks, and it coins the term "sophistication paradox" to describe how each improvement in document security in turn triggers more precise generative-AI-assisted editing techniques to defeat it.
The market's response, captured in the same article, is revealing for its variety: Kenshiki Labs launches a "Pulse Bond Challenge," a $12,500 reward for any red-team that manages to breach its identity-proofing infrastructure —which requires linking phone hardware, live biometrics and NFC reading of a chipped document— without a real person present. Au10tix partners with Validit.ai to add a layer of "physio-behavioral AI" that analyzes signals through the device's camera. And Hydaway integrates real-time liveness detection into its RealityChek platform to distinguish a genuine person from a deepfake, a synthetic avatar or a recorded replay attack. Three different bets on the same problem: that a mere one-off identity check is no longer enough.
None of this is coincidental or isolated. It fits a trend we have been tracking: AI-powered fraud is not a future threat but an active arms race, in which the same generative technology that radically cheapens the manufacture of fake identities —according to Kenshiki Labs' CEO, it has brought the cost of fabricating a human identity "almost to zero"— is also what makes it possible to build next-generation defenses. The very conceptual framework proposed by Regula and Microblink sums it up well: identity is no longer verified once, it is maintained throughout the customer's entire lifecycle. It's a quiet but profound paradigm shift, from the "checkpoint" to "continuous monitoring."
Our reading is that this is part of the less glamorous, but more urgent, side of the transition toward an AI-mediated economy: trust-infrastructure debt. The identity verification systems used today by banks, insurers, governments and digital platforms were designed for a world without cheap synthetic generation at scale; that world no longer exists, and the mismatch is paid in fraud, friction and operational cost in the short term. It's exactly the kind of transition problem we anticipated as inevitable: there is no abundance without prior friction, and here the friction is tangible —nearly half of companies admit they don't fully trust their own controls.
But there is also a more encouraging signal beneath the noise. The emergence of an ecosystem of specialized providers —physio-behavioral biometrics, hardware-bound identity proofing, multi-signal liveness detection, even public bounties to test a system's robustness through real attack— indicates that the market is responding quickly and with increasingly sophisticated layers of defense, not with paralysis. If digital identity ends up being solved as a continuous trust infrastructure, verifiable and auditable in real time, it will be an invisible but indispensable piece of "plumbing" so that AI agents, automated payments and next-generation digital services can operate at scale without becoming a sieve for fraud. Whoever builds that trust layer —and not necessarily whoever has the flashiest detection model— will capture the lasting value. The predictable losers are the providers of static, single-check verification, increasingly obsolete against a fraud that no longer plays by the same rules.