The influence of artificial intelligence (AI), particularly its branch termed Generative AI (GenAI), on cybersecurity represents a multifaceted and dynamic issue. AI technologies, GenAI included, have the capability to significantly improve cybersecurity. They achieve this by automating the detection of threats, sifting through large datasets, and enhancing the speed of response. However, these technologies also harbor the risk of being exploited for harmful intents. For instance, they can be used to craft fake digital identities that might impersonate actual individuals. This misuse poses a direct threat to security protocols, including electronic customer onboarding and identity verification procedures.

It is particularly intriguing to observe GenAI’s impact on authentication processes, to the extent that there are occasional scenarios where KYC processes may become obsolete. GenAI is particularly adept at producing content that is strikingly realistic and persuasive, including audio clips, videos, biometric images, texts, and even complete personalities, this raises concerns about its potential misuse for digital identity – bounded cyber-attacks, misinformation, and the creation of deceptive content, especially in electronic Know Your Customer (e-KYC) procedures.

According to Smile ID's 2024 Digital Identity Fraud in Africa Report, a quarterly analysis of biometric and document fraud data indicates a consistent increase in the overall rate of fraudulent attempts for document and biometric verification over the past six (6) quarters. This upward trend reached its all-time highest point at 17% in Q4 2023.

What are the main cyber insecurity areas associated with GenAI?

  • Synthetic Identity Fraud:GenAI possesses the capability to craft highly authentic synthetic identities by amalgamating artificial data with stolen personal information. This process can lead to the creation of deepfake media that are incredibly difficult to distinguish from genuine content. Such fabricated identities can be exploited to set up fraudulent accounts or to execute financial crimes, posing a formidable challenge for detection and prevention systems.
  • Voice Impersonation:Leveraging the power of GenAI to clone human voices with remarkable precision, malicious entities can produce audio deepfakes to mimic individuals. This technology could be used for fraudulent purposes in voice communications, including phone calls and voice-operated assistant devices, or to deceive biometric security measures that rely on voice recognition. This advanced form of voice impersonation could result in unauthorized access to sensitive information and personal data breaches.
  • Disinformation Campaigns:GenAI can generate credible-looking news articles, social media posts, or videos, which can be used in coordinated disinformation campaigns. These efforts can undermine trust in digital communication, influence public opinion, and disrupt democratic processes.
  • Intelligent Bots and Content Pollution:GenAI can enhance the capabilities of bots, enabling them to interact more naturally with humans. These bots could be deployed on social networks, forums, or customer service channels to manipulate discussions or opinions. They can generate large volumes of spam content, such as comments, reviews, or social media posts, which can pollute digital ecosystems and manipulate platform algorithms or public perception.
  • Phishing Attacks:AI-generated content might be used to create highly convincing phishing emails or messages, making it more challenging for individuals to recognize malicious attempts to gain sensitive information.
  • Adversarial Attacks:AI models, including those used for cybersecurity, can be vulnerable to adversarial attacks where malicious actors manipulate input data or AI models to deceive the AI system and potentially compromise its functionality.
  • Malware:GenAI could be used to create malware that is even more sophisticated than what we see today. Malware that is created with GenAI could be able to learn and adapt to new security measures, making it more difficult to detect and defend against.
  • Algorithmic Bias:The training data used to develop AI models, including Generative AI, may inadvertently include biases that could impact the fairness and effectiveness of cybersecurity measures.

While GenAI has the potential to create digital challenges, it is also a field where ongoing research and development are focused on finding solutions to address these challenges and ensure the responsible use of AI technologies. Therefore, GenAI is a double-edged sword when it comes to cybersecurity. Like creation of new security algorithms that can detect and prevent AI-focused attacks or like training AI models that are able to identify fake content and prevent it from being spread online; there are hundreds of ways for AI utilization to improve cybersecurity, especially in e-KYC and AML (anti-money laundering) steps including multi-factor authentication and customer onboarding processes.

Towards Al-driven and – powered KYC verification

AI-driven data security and identity solutions can contribute to a proactive security stance through the identification of high-risk transactions, safeguarding them with minimal user interference, and more efficiently connecting suspicious behaviors. In other words, despite all these GenAI-focused concerns mentioned above, AI will continue simultaneously to transform the landscape of customer identity authentication, bringing forth a paradigm shift in efficiency, accuracy, and security, by implementing in each stage of the KYC process like digital form filling, ID capturing via Optical Character Recognition (OCR), liveness detection and face matching, document validations, profile verifications, and even transaction screening.

Nevertheless, AI-powered security solutions remain underutilized in the current landscape. According to the 2023 IBM Cost of a Data Breach Report,only 28% of organizations have extensively incorporated security AI and automation into their operations. This indicates a substantial untapped potential for many organizations to enhance their speed, accuracy, and overall efficiency.

The integration of AI into the KYC/AML process, when combined with reliable data from diverse sources, facilitates the efficient assessment and heightened transparency of behavioral risks. Complementing this, a verification chatbot is deployed for customer interactions and the acquisition of additional KYC documents. This AI-driven security automation not only enhances effectiveness but also proves to be a cost-efficient solution.

Present-day AI chatbots exhibit the capacity to significantly decrease false positives by up to 80%, via a remarkable 90% model accuracy [The Infosys Knowledge Institute]. With minimal margin for error, the incorporation of AI in KYC processes concurrently reduces the time required for case reviews by a third.

KOBIL Provides AI-Powered Active and Passive Liveness Detection

At this juncture, let’s deep dive into KOBIL’s AI implementation in its liveness detection as an example.

KOBIL offers cutting-edge AI-powered liveness detection for its e-KYC solution encompassing both active and passive strategies. Within its passive liveness detection framework, KOBIL utilizes a multimodal approach, harnessing both RGB (Red, Green, Blue) and depth map data for thorough analysis. The system employs a blend of meticulously handcrafted and deep learning-powered features to ensure bona-fide authentication and robust anti-spoofing measures. The incorporation of advanced technologies like self-supervised Visual Transformers (ViT) allows KOBIL's systems to effectively parse complex patterns within data, significantly improving the precision of passive detection.

Additionally, Central Difference Convolutional Neural Networks (CDCNs) are utilized to meticulously detail fine-grained visual information and textures, which are vital for comprehensive analysis.

In terms of active detection, KOBIL's technology includes an array of dynamic indicators such as eye blinking, facial expressions (for example, smiling), and head pose analysis. These real-time cues ensure the presence of a live person during authentication. This sophisticated amalgamation of technological solutions not only bolsters the system's defenses against fraudulent activities but also provides a strong and exhaustive authentication mechanism.

Dr. Fereidooni: “Ongoing Implementation of AI-driven Measures in face of GenAI-powered threats in e-KYC”

Transitioning to the insights of Hossein Fereidooni, AI Lead at KOBIL GmbH, the intense focus and escalating concern regarding AI-related security challenges, particularly in research, development, and penetration testing, are expected to maintain momentum. However, he raises a very important point about insecurity factors based on AI, shedding light on AI-enhanced security measures, especially in e-KYC verification.

Highlighting the potential risks posed by GenAI, Dr. Fereidooni articulates that while this technology may have the capacity to create counterfeit images and handwriting, the incorporation of advanced liveness check mechanisms into e-KYC systems serves as a powerful countermeasure. He cautions about the impending difficulties faced by social media and online platforms that do not utilize liveness check. The proliferation of fraudulent content that seemingly verifies a person's identity could lead to severe complications, jeopardizing an individual's safety and causing substantial issues for entities relying on KYC systems that lack robust liveness verification.

Dr. Fereidooni further asserts: "The most critical and ongoing measure we undertake at KOBIL is the diligent monitoring of AI-enhanced identity verification and authorization processes, coupled with the relentless pursuit of research and development aimed at safeguarding against malicious software and the risks of identity theft."

About KOBIL

KOBIL is a global technology company focusing on secure digital identity and all-in-one multi-sided platform technologies. Since 1986, as a trusted Identity partner, KOBIL has been playing a vital role in the development of new encryption standards for identity-first security and regulatory-compliant solutions. Offering cutting-edge solutions for application shielding, user authentication, transaction authorization, and more, KOBIL is a market pioneer in digital identity and mobile security management. With over 500 employees worldwide, KOBIL is trusted by 5000+ stakeholders from banks to SMEs and start-ups, including the world's largest and most trusted organizations like the German Government,Raiffeisen, Erste, ING, Airbus,DATEV, Migros and Siemens. KOBIL's recent innovation uniting all identity talents within a SuperApp platform highlight its commitment to compliance and innovation. KOBIL GmbH is the most visionary and market-leading provider of secure data technology solutions, with over 100+ million end users benefiting from its solutions. It operates in five headquarters—Germany, Switzerland, Turkey, the USA, and the UK—providing future-proofed projects and tech solutions across the world.