Data is ammo in biometric authentication’s arms race with AI fraud: EIC 2025 panel

On the internet, nobody knows if your dog can skateboard. KuppingerCole Lead Analyst Paul Fisher introduced viral videos of skater pooches as an example of the untrustworthiness of online data at the beginning of an EIC 2025 panel discussion on how biometric authentication can be adapted to the era of deepfakes. The somewhat surprising outcome of the discussion may be that Fisher should watch more skateboarding videos.

The panel was part of KuppingerCole’s European Identity and Cloud Conference (EIC ) 2025, on last week in Berlin.

With biometric injection attacks and fakes sophisticated enough to perform liveness “challenges,” how can organizations establish or maintain trust in their users?

EmpowerID Founder and CEO Patrick Parker emphasizes the importance of continuous identity verification and authentication. This could be carried out by an AI agent that acts as a personal assistant.

“No-one will know you better than that agent. So that agent could be a continuous identity verification actor, which is constantly measuring your behaviour, because it knows you better than anyone else.”

It could detect issues in real-time and trigger challenges. It could use open standards to intervene in a session.

Face still has a place, mostly as a convenience factor, Parker suggests.

iProov Chief Innovation Officer Joe Palmer disagrees with this position, arguing that in the AI arms race, the entity with the most data moves ahead. His company has half a billion records of good authentications, which is more examples than attackers will be able to find of successful fakes, “they have to generate this themselves. So, this informational asymmetry is key in maintaining the security.”

AI will increase speed and scale, however.

“That’s great, because guess what: we get all of the data they send us” to examine for anomalies and signs of fraud. He suggests that “if you’re ahead, you can stay ahead,” but this also implies a problem for new market entrants.

A behavioral biometrics layer, as referred to by Parker, plays an important complementary role, Keyless Product Director Tobin Broadfoot says, though like face, it can no longer be solely relied on. It could be one of a hundred signals though.

Keystroke biometrics are still pretty close to state of the art in privileged access management (PAM), Fisher notes, where passwords are still commonplace. Change is already underway, however. Martin Kuppinger forecast the end of the password for around 2040 at the beginning of the conference.

The biometrics and other tools are maturing to the point where they can be plugged into various systems, Palmer says, noting the November integration of additional factors from third-party digital identity providers with Entra through OpenID Connect.

How the continued maturation plays out remains to be seen, and the discussion returned several times to issues created by AI agents. The panelists predicted that in five years, the human IT workforce will be much smaller, that humans and human-centricity will still be important for the identity industry, and that the majority of people will own a decentralized digital identity.

Article Topics

AI fraud  |  biometric authentication  |  biometrics  |  deepfakes  |  digital identity  |  digital trust  |  EIC 2025  |  EmpowerID  |  identity access management (IAM)  |  iProov  |  Keyless  |  KuppingerCole