We’ve all seen the prompt. You’re trying to join the queue for the hottest concert tickets, and suddenly you’re being asked to select all the photos with a bicycle. It doesn’t take more than a couple of seconds but as every super fan knows, seconds can make the difference between seeing the show and being left out. Prompts like this, while simple, do add a layer of frustration to the overall customer experience.
How important are they?
Bad actors, AI and bots, oh my!
It’s not just super fans that are feeling the pressure. Organisations are being forced to confront a shift in the fabric of security. It’s no longer enough to rely on who someone claims to be. What matters now is if they’re human at all.
From an industry standpoint the concept of ‘proof of human; ‘ is the new baseline. Technology has advanced too rapidly for any system to assume anything else.
Up until now, digital identity systems have operated under the assumption that every account corresponds to a real person. That’s not to say that fraud wasn’t an issue before–it was–but there were limitations. One way to think about it would be to consider scalpers and the fans being on more of an even playing field for tickets. They’re both standing in the same line, with the same likelihood of snagging the front row. There was a barrier for both parties.
AI changed the game entirely. Suddenly, thousands of synthetic personas can be created and sent to wreak havoc in minutes. These synthetic personas are only becoming more sophisticated as technology continues to advance.
They have digital identities, profile photos, voices that sound natural. For many systems, it’s becoming increasingly difficult to differentiate without the right tools in place. For real fans, this means you could, hypothetically, be 2,000th in queue for the show but the 1st actual human. The playing field has shifted.
Proving you’re you, or proving you’re human
Before getting too into the weeds, it’s important to distinguish between identity verification and proof of human. Identity verification is about attribution, whereas proof of human confirms if there is a real, live person behind the interaction. These are two, separate, layers that can and should work together.
While it may seem like a small distinction, conflating the two can create both security gaps and privacy risks.
To rely solely on identity verification without first establishing if the ‘person’ is human, opens the system up to falling for sophisticated deepfakes. On the other hand, proving something to be human requires excessive data collection which in and of itself is a privacy risk.
The tech that’s behind the fraud
[Text Wrapping Break]Synthetic media is becoming more convincing. Gone are the days where you could scroll online without coming across deepfake content or AI-driven scams. At first, it might have been easy to spot a fraudulent email because of the address it came from, or the weird formatting. Now, a scam can be a phone call that sounds like a relative, or a video message that appears to be from your boss.
Deepfakes are being used as part of targeted attacks, from authorising transactions with synthetic voices to building long-term trust using AI-generated personas. Beyond the fraud itself, this evolution is eroding at consumer trust in systems and their ability to protect us.
This lack of trust should signal to platforms the importance of ‘proof of human’. It resets the playing field and anchors trust in something more fundamental rather than what can be perceived.
The simple solution, and why isn’t not enough
[Text Wrapping Break]Detecting deepfakes seems like the logical solution. If we can spot them, we can stop them, right? While the logic isn’t unfounded, it doesn’t address the entirety of the problem. [Text Wrapping Break][Text Wrapping Break]Detection alone keeps organisations on the back foot. You’re simply reacting to the threat. It also requires quick thinking, usually with limited context, which can open the door for mistakes to be made. The goal should be to ensure that no single signal is sufficient to authorise action. Shifting from detection to verification means that critical actions require independent confirmation of human presence and intent.
Moving your security from reactive to proactive and stopping risks before they happen not only helps the organisation be more secure, it also helps to alleviate stress on systems.
Where do we go from here?
We’ve established that traditional systems, where identity is verified once and then trusted indefinitely, is no longer enough. ‘Proof of human’ is crucial in order to level the playing field of bad actors and actual users. Trust needs to be rebuilt.
When ‘proof of human’ is used as a prerequisite for identity verification, it ensures that systems designed to establish trust are not undermined by artificial actors. This is where trust can start to exist.
AI and the innovation that comes along with it, isn’t showing signs of slowing down. With that, resilience is both a strategic and operational asset. Security frameworks must evolve, verification processes must become continuous, and trust must be actively maintained rather than assumed.
