Youverse-run challenge shows biometrics vulnerable to certain low-tech attacks

While deepfake fraud attacks have become a prominent source of worry for organizations securing access to accounts or resources with biometrics, simple and low-cost attacks can also exploit vulnerabilities in many systems, the results of an industry challenge make clear.

The Adversarial Attack Challenge for Secure Face Recognition was held as part of the International Joint Conference on Biometrics (IJCB 2025), and organized by Youverse and the Institute of Systems and Robotics at the University of Coimbra (ISR-UC).

Structured attacks carried out with rudimentary technology, like grid occlusion or bit manipulation, were consistently able to defeat biometric systems. Those same systems had already proven their chops against more traditional attacks based on gradient perturbations.

IJCB 2025 takes place September 8 to 11 in Osaka, Japan.

At the close of the competition, Youverse also released a full benchmark, dataset and open-source adversarial toolkit. The release is intended to provide the community with resources design stronger defenses and stress-test biometric recognition models under unseen conditions.

“We’re proud to contribute open tools, benchmarks, and lessons to the community,” says Youverse CPO Miguel Lourenço. “Detection and resilience were put to the test, and the results will help push the boundaries of secure and fair AI in biometrics.”

Earlier in the year, Youverse presented a diffusion-based method for age transformation using multi-modal prompts at FG 2025 (2025 IEEE 19th International Conference on Automatic Face and Gesture Recognition). IDiff-Face-Aged is a patent-pending process which the company says improved age classification accuracy by more than 3 percent, but also improved the generalization capabilities of the models.

Article Topics

biometrics  |  deepfake detection  |  deepfakes  |  facial recognition  |  IJCB  |  open source  |  Youverse