There was a time when "seeing is believing" was still a reasonable assumption.
That assumption is collapsing rapidly.

Over the last year, the quality of AI-generated identities, voices and videos has improved at a pace that many organisations underestimated. What was once easy to spot as "fake" is now becoming increasingly difficult to distinguish from reality, even for trained professionals.

One recent example that circulated online involved an AI-generated French woman presenting what appeared to be a legitimate French identity card in a video generated by Grok. The rendering quality, facial movements, document reflections and overall realism were sufficient to fool many viewers at first glance.
At the same time, threat actors are increasingly using live deepfake technologies during video calls, interviews and social engineering attacks. Security researchers and law enforcement agencies have already documented cases where attackers used AI-generated voices and live facial overlays to impersonate executives or employees during remote meetings and calls.

This is no longer theoretical, the problem is now operational and organisations are beginning to react.
One of the most interesting developments is that the industry is slowly moving away from simply authenticating credentials and is starting to authenticate humans themselves.
That distinction matters.

Traditional authentication answers questions such as:

Do you know the password? (Something you know)

Do you have the token? (Something you have)

Do you look like your photo? (Something you are)

But AI-generated identities introduce a new problem:

Are you even a real human?

The Identity Paradox

Having to prove you are human sounds absurd until you realise how quickly AI-generated personas are entering video meetings, social platforms, dating platforms, recruitment processes and even customer support interactions.
Some vendors are already introducing technologies aimed at building a "proof of personhood" layer.

For example, recent versions of Microsoft Teams introduced voice and facial recognition enrolment features where users record their voice so the platform can build a biometric profile associated with the individual.

At the same time, projects such as Tools for Humanity and its World ID initiative are attempting something even more ambitious: creating global identity systems based on biometric verification, including iris scanning. Recent partnerships involving World ID and platforms such as Zoom and DocuSign explicitly position biometric identity verification as a defence against deepfakes and AI impersonation.

The company behind the project was co-founded by Sam Altman, who is also Chairman of Tools for Humanity.
The same AI revolution creating the identity crisis is also driving the market for human verification infrastructure.

That creates an uncomfortable paradox.

The industry increasingly agrees that traditional identity mechanisms are weakening: passwords are weak, voice recognition can be cloned, faces can be generated, video calls can be manipulated and documents can be forged convincingly.
So the proposed answer becomes: "Give us more of your biometrics."
Your iris, your face, your voice, your behavioural profile, your movement patterns.

In other words: Your unique human attributes.

But there is a problem with this model: Biometrics are not passwords.
If your password leaks, you change it. If your iris scan leaks, you cannot change your eyes. If your voice fingerprint leaks, you cannot realistically replace your voice.
Unlike passwords or tokens, biometric compromise is potentially permanent.

This fundamentally changes the risk equation.

The cybersecurity industry has spent years warning organisations about creating centralised "honeypots" of sensitive data. Yet there is now growing pressure to create extremely high-value repositories containing the most sensitive identifiers humans possess.
Even if a company implements strong privacy protections, another question remains, do we really want a future where proving humanity requires surrendering increasingly intimate biometric attributes to private corporations?
Especially corporations directly involved in accelerating AI capabilities?

A Better Direction?

Historically, identity verification was mostly transactional: Show your passport, enter your password, provide your OTP.
The AI era changes this entirely.

Soon, every platform may need mechanisms to determine whether the entity interacting is human, and whether the human is genuine, whether the video stream is authentic, whether the voice is synthetic, etc.

One possible direction is moving trust away from raw biometrics themselves and toward cryptographically trusted systems.
For example:

Rather than continuously scanning your face or iris, trusted hardware devices could securely attest that a video stream originates from a genuine certified device and has not been modified in transit.

Cameras, microphones and endpoints could include hardware-rooted cryptographic signatures proving authenticity at capture time.

Operating systems could provide signed identity attestations without exposing the underlying biometric material itself.

This would not eliminate deepfakes completely, nothing will. But it could reduce the need to continuously centralise highly sensitive biometric datasets across multiple vendors and platforms.

Because once biometric verification becomes mainstream, attackers will naturally target the biometric infrastructure itself. And if AI can already replicate faces and voices convincingly today, it is dangerous to assume current biometric systems will remain trustworthy indefinitely.

The Human Identity Arms Race

We are entering a period where humans will increasingly need to prove they are human: Recruitment, banking, video conferencing, remote work, customer onboarding, Social Media, etc.
The market response will likely be a massive expansion of digital identity verification technologies over the next decade.

Some of those technologies will be necessary, some will be useful, some may become deeply invasive and some may create entirely new categories of security and privacy risks that we do not fully understand yet.

The real challenge is therefore not simply stopping deepfakes.
It is ensuring that, in trying to defend human identity, we do not slowly build systems that permanently weaken it.


References

Microsoft Teams - Overview and configuration of voice and face enrollment: here

Microsoft Teams - Enable People Recognition on Teams Rooms: here

Tools for Humanity - company information: here

World - proof of human / World ID: here

Rest of World - World partnerships with Zoom, Tinder and DocuSign: here