Where will Artificial Intelligence have the most impact in the Digital Identity space?

In the field of Digital Identity, Artificial Intelligence plays a role on both offence and defence. 

Almost a decade ago - before AI began to take over the world's attention - I attended a lecture at Cambridge University given by a philosopher who titled his talk “ARTIFICIAL INTELLIGENCE: A BLEAK OR BRIGHT FUTURE?”.

While I don’t remember the details of the lecture, I do remember the Q&A session afterwards. And what struck me most was that the majority of the questions from the audience were tinged with fear - about jobs being lost, AI running rogue, or the impact of such a powerful technology in the hands of nefarious actors.

The audience was clearly in the ‘bleak future’ camp, even with ample evidence for the possibility of a ‘bright future’.

In the years since, the AI landscape has changed dramatically. Dozens of powerful LLMs (large language models) have launched, giving birth to thousands of virtual assistant or productivity tools and apps. Generative AI models have made a huge splash, dazzling us with the quality of their image and video output, as well as with the velocity of their improvement. AI-powered products and solutions are being rolled out for thousands of use cases in every imaginable industry, and adopted by individuals, businesses, and governments.

So today, both the ‘bright future’ and the ‘bleak future’ camps have plenty of evidence to support their worldview.

For every potential negative output, there is a potential positive counterbalance.

And for every potential positive product, tool, or solution, there is likely a negative / dark web version that gives the same capabilities to a potential bad actor.

It seems that this will be the way, for as long as the AI train rolls on: with both sides agreeing that AI is potentially the biggest technology of our lifetime, but diverging on whether it will be the best or the worst thing that can potentially happen to humanity.

The reality, of course, will likely be that both end up being true.

Indeed, in that lecture many years ago, the philosopher acknowledged that as far as Artificial Intelligence was concerned, he believed the world would largely be divided into two camps: the optimists and the pessimists.

• From the optimists’ perspective: AI will lead to better quality of life, and more efficient markets. It will discover new scientific breakthroughs - cure cancer - and enable personalised teaching, learning and healthcare. It will write better computer code than humans, and lead to massive productivity gains, giving us more time to enjoy life…

  
  

• And from the pessimists’ perspective: Fraud and scams will be rampant due to ever more convincing deep fake voice and video content; the creative arts will be homogenised, and ethics and safety will be trampled. We’ll see a concentration of power and a lack of transparency (who controls those algorithm(s)?), leading to enormous job loss, surveillance, and too many unintended and unknowable consequences to name…

  
  

Regardless of which camp you fall into, the binary ‘optimist vs. pessimist’ approach turns out to be a very useful guide for looking at AI, both from human, and technical perspectives.

AI and Digital Identity

In the fast-moving world of digital identity too, we’ve been able to gather real world evidence in support of both optimist and pessimist viewpoints, and I’d like to provide a quick overview of where and how Artificial Intelligence is being applied to different aspects of the ecosystem and the impact it’s having - with a slight twist.

Instead of optimists and pessimists, we can look at how AI is being applied for both offensive and defensive purposes in the digital identity space.

• the defensive perspective - AI is used to defend against deep fakes, phishing and social engineering attacks that try to circumvent authentication and verification processes.

  
  

• The offensive perspective - AI is applied to enhance user experience, improve biometric algorithms, ensure compliance, and generally stay ahead of emerging threats.

Defensive AI and Digital Identity

From the defensive perspective, AI is being used in the sense that we are defending enterprise, governments and individuals from threats and bad actors. These threats are real, and rampant, and many are themselves AI-powered - in the form of deep fakes, synthetic identities (convincing fake identities created by combining real and fabricated personal information), and automated social engineering (e.g. phishing), as well as credential compromise, session hijacking, and account takeover.

Advanced AI models may eventually be able to generate fake biometric data to fool authentication systems.

The risks to organisations and individuals include both financial and reputational loss.

To combat these threats, AI is being used in some of the following ways:

1. Enhanced security and fraud detection through predictive analysis and threat intelligence: AI algorithms can analyse vast amounts of data, enabling more accurate and proactive threat detection in real-time. AI can help identify anomalous patterns, suspicious activities and potential fraud attempts in real-time - and in an automated fashion - significantly improving the security of digital identity systems. Machine learning models can continuously adapt to new fraud tactics as they emerge.

   
   

2. Predictive analysis and threat intelligence: AI's ability to process large datasets allows for predictive analysis, helping organisations stay ahead of cyber threats. Machine learning algorithms can continuously adapt to new threats, enhancing overall cybersecurity measures.

   
   

3. Behavioural Analysis and Continuous Identity Verification: AI can construct unique behavioural profiles by analysing a user's digital footprint and interactions. It can then detect deviations from normal behaviour patterns, enhancing threat detection capabilities against identity theft and cyberattacks. This enables perpetual know-your-customer (pKYC) systems that continuously monitor for changes in a user's risk profile or behaviour.

   
   

4. Deepfake and Synthetic Identity Detection: AI can help detect deepfakes (AI-generated forgeries) and synthetic identities (fabricated personas with convincing documentation) used for identity theft. Deepfake detection algorithms can identify subtle inconsistencies and artefacts in manipulated media.

   
   

5. Liveness Detection: AI-powered liveness checks help prevent spoofing attacks during identity verification processes.

Offensive AI and Digital Identity

From an offensive perspective, AI can be used to improve user experience, making identity authentication and verification more convenient and safe.

Some of the ways AI will be used from an offensive perspective include:

1. Identity Management, orchestration: AI can enable rapid development and integration of new capabilities and technologies to support Identity management orchestration.

   
   

2. Improved Biometric authentication: Biometric authentication methods, such as facial recognition and fingerprint scanning, are already AI-powered, and machine learning can continuously refine authentication accuracy by learning from each authentication attempt, reducing false positives and negatives. Machine learning algorithms can also detect anomalies in user behaviour to flag potential account takeovers.

   
   

3. Personal AI Agents and Improved Accessibility: Personal AI agents can analyse user behaviour and preferences to provide more personalised digital experiences. AI can enhance the inclusivity of digital identity systems by providing alternative authentication methods for users with different needs or abilities.

   
   

4. Efficient identity verification: AI streamlines the identity verification process, making it  more accurate - and faster. This is particularly useful in sectors like finance, healthcare, and government services, where secure and quick identity verification is crucial.

   
   

5. Scalability: AI-powered digital identity solutions can handle large volumes of authentication requests and data processing, making them suitable for widespread adoption across various industries.

By exploring the optimist AND pessimist perspectives of the different areas where digital identity and AI intersect, we can understand the best offence and defence approaches to adopt when implementing tools and services.

However, we must remember that this is not a static affair - there is an ongoing cycle of cat and mouse between offence and defence. AI technology advances, and both attackers and defenders continue to innovate … as regulators try to keep pace.

No matter the industry, application or phase of development, we must also remember that AI is only part of the problem / solution - and is only part of a multi-layered security approach combining AI with other technologies... AND includes investing in ongoing research to stay ahead of potential AI-based threats, and advocating for updated regulations that address the rapidly changing landscape of AI and digital identity.

And to end on an optimistic note, we may then be able to achieve an AI-powered digital identity space which is much more secure, efficient, and user-friendly than what we see today.