AI-based deepfakes to undermine face biometrics: Gartner

The rise of generative AI will threaten the integrity of face biometrics, research firm Gartner has predicted.

The research firm believes that by 2026, attacks using AI-generated deepfakes on face biometrics will result in 30% of enterprises no longer considering the identity authentication solution to be reliable in isolation.

As a result, Gartner is recommending that CISOs and risk management leaders choose identity vendors that can demonstrate that they have the capabilities and a plan that goes beyond current standards and are monitoring, classifying and quantifying the emerging class of deepfake attacks.

Gartner VP Analyst Akif Khan said presentation attacks, involving a threat actor using someone else’s physical characteristics to impersonate a legitimate user, are the most common attack vector. But injection attacks, involving bypassing the charged-coupled device of a camera to inject pre-recorded content, increased by 200% in 2023.

“In the past decade, several inflection points in the field of AI have occurred that allow for the creation of synthetic images. These artificially generated images of real people’s faces, known as deepfakes, can be used by malicious actors to undermine biometric authentication or render it inefficient,” Khan said. “As a result, organisations may begin to question the reliability of identity verification and authentication solutions, as they will not be able to tell whether the face of the person being verified is a live person or a deepfake.”

Preventing such attacks will rely on a combination of presentation attack detection, injection attack detection and image inspection, Khan said.

Organisations should start defining a minimum baseline of controls by working with vendors that have specifically invested in mitigating the latest deepfake-based threats using IAD coupled with image inspection,” he said.

Once a baseline is set, CISOs and risk management leaders will need to include additional risk and recognition signals such as device identification and behavioural analytics, Gartner warned.

Image credit: iStock.com/wildpixel