AI is weakening trust in biometric authentication:
AI creates realistic deepfakes, voice clones and fake identities using public photos, audio and video.
Attackers use these tools to bypass onboarding, account recovery, call centers and access controls.
Attackers often win by targeting support staff and manual approval steps, not the biometric check itself.
Biometrics cannot be reset once compromised.
Enterprises can respond by shifting to layered identity security that combines biometrics with device trust, behavioral signals and cryptographic credentials.
Biometrics can help verify identity more conveniently than passwords, but AI is making them easier to spoof, harder to trust and more dependent on context than ever.
A 2025 report from the Biometrics Institute warns that AI-generated deepfakes and synthetic identities are making it harder for organizations to distinguish legitimate users from increasingly sophisticated impersonation attempts. That shift is forcing enterprises to rethink how they use biometric authentication across the business, including onboarding and account recovery use cases. Systems once designed to confirm identity at a single point in time now face attackers who can generate realistic faces, cloned voices and synthetic personas at scale.
"AI has collapsed the cost of producing a convincing spoof, so we need to worry about individual hackers and hacker groups and not just nation-states," said Brian Fending, managing director at Ordovera Advisory, an AI-focused consulting firm.
As a result, organizations are moving away from treating biometrics as standalone proof of identity and toward layered models that combine device trust, behavioral signals and contextual risk scoring.
AI makes biometric spoofing easier and cheaper
AI is lowering the barrier to entry for creating fake identity signals. In the past, biometric spoofing required specialized tools or direct access to a person or their devices to capture biometric data. Attackers can now do it with widely available AI systems that generate realistic faces, voices and fingerprints.
These systems learn from photos, audio and video of a person -- often pulled from public sources such as social media, podcasts, earnings calls or recorded meetings. As a result, attackers no longer need deep expertise. They can generate and refine fake identities at scale until one succeeds.
Common attack types include the following:
Remote identity proofing. AI-generated faces and documents bypass onboarding checks that rely on selfies or ID scans.
Account recovery. Cloned voices or deepfake videos trick support systems into resetting accounts.
Financial services. Fake identities pass verification for banking, credit and transactions.
Call centers. Voice cloning impersonates customers over the phone.
Social engineering. Fake audio or video pressures employees into approving actions or sharing access.
Voice and face remain the biggest risks because people already expose them in public through everyday digital activity. That makes these signals easier to collect and reconstruct than other biometric traits, such as fingerprints.
Anyone who has been on a recorded earnings call, a podcast or any public video has volunteered enough training data to produce a usable model of themselves.
Brian FendingManaging director, Ordovera Advisory
"Anyone who has been on a recorded earnings call, a podcast or any public video has volunteered enough training data to produce a usable model of themselves," Fending said.
Fingerprints are less exposed, but not immune. AI can still reduce the barrier to spoofing using partial inputs, such as clear photos of a hand or photos of prints left on surfaces.
"Traditionally, spoofing a fingerprint scanner required physical artifacts such as lifted prints, fabricated silicone overlays, etc. … Generative models can now synthesize fingerprint images that fool sensor-level matching algorithms," said Gaurav Kulkarni, senior manager of Azure Security at Microsoft.
The social layer is weakest
Even strong biometric systems often fail outside the biometric check itself. Attackers don't always need to defeat the face scan or voice model directly. Instead, they target the workflows around it -- especially account recovery, help desk support and manual overrides.
These exception paths often sit outside strict technical controls. If an attacker can convince support staff they are the legitimate user, they can reset credentials or escalate access without ever touching the biometric system. That makes the human process -- not the algorithm -- the real security boundary.
Many identity failures happen not at the front door, but through account recovery, help desk workflows and manual overrides.
Brian BeheCTO, RIIG Technology
As a result, many organizations are tightening verification in support channels and strengthening recovery processes, since these are often the easiest entry points.
"Many identity failures happen not at the front door, but through account recovery, help desk workflows and manual overrides. If an attacker can bypass the biometric system by convincing a support desk, then the biometric control is not the real control," said Brian Behe, CTO of RIIG Technology, an AI-first risk intelligence and cybersecurity infrastructure developer.
Examples of biometric spoofing
A well-known case from 2024 in Hong Kong illustrates the scale of the threat. A finance employee at a multinational company transferred roughly $25 million after joining a video call that appeared to include senior colleagues, including the CFO. The attackers used AI-generated audio and video to impersonate trusted individuals and create a convincing business context for the request.
"That story matters because it shows the threat is not just about whether a biometric system can be technically fooled. The bigger issue is whether AI can manufacture enough trust to defeat a business process," Behe said.
Technical testing shows the same underlying weakness from a different angle. Instead of human trust, it measures how well systems withstand AI-generated attacks.
"NIST's biometric testing programs have documented meaningful failure rates against presentation attacks in systems that would have passed evaluation two years ago," Kulkarni said.
Kulkarni saw similar results in his own hands-on testing, where voice biometric systems were directly challenged using synthetic audio.
"During an authorized internal security assessment, I tested a voice biometric authentication system using synthesized voice profiles built from publicly available audio samples. The authentication was bypassed. The sad part is that it was a controlled test on a production-grade system, and it worked with tools that are now significantly more accessible than they were when I ran that test," Kulkarni said.
The problem isn't just spoofing -- it's permanence
Enterprises originally adopted biometrics because they seemed stronger and more convenient than passwords. Users do not need to remember them, and systems do not rely on shared secrets that people can guess or reuse. That made biometrics an attractive foundation for authentication.
A biometric identifier is not a secret in the same way a password is a secret.
Brian BeheCTO, RIIG Technology
However, that strength also creates a structural weakness. Unlike passwords, people cannot change their biometric identifiers once attackers compromise them.
"A biometric identifier is not a secret in the same way a password is a secret. A face, voice or fingerprint can be captured, copied, synthesized or replayed," Behe said.
That changes the risk model. A compromised biometric does not affect just one system or one login. It can persist across multiple systems and use cases wherever that same signal is used for verification.
"Enterprises are quietly committing to a permanent privacy and security posture they cannot walk back," Fending said.
The future is layered identity assurance
Enterprises are moving away from treating biometrics as proof of identity on their own. Instead, they are building layered systems that combine trusted devices, cryptographic credentials, behavioral signals and contextual risk analysis. The goal is no longer to verify a face or voice alone, but to build higher confidence that the right user is truly accessing a system.
This reflects a broader shift in thinking. Biometrics still matter, but they now act as one signal among many rather than the core of authentication.
"Biometric identifiers are not credentials, rather they are fixed facsimiles bound to a credential. Most organizations are deploying them as if they were credentials without thinking through that permanence," Fending said.
At the same time, organizations are reassessing passwordless authentication strategies. Moving away from passwords was the right step because attackers can easily compromise them. Yet, that does not automatically make biometrics the right primary replacement.
"Passwordless was the right direction as passwords are a genuinely weak control, and moving away from them made sense. What needs revisiting is the assumption that biometrics-as-primary-factor is inherently secure," Kulkarni said.
Instead, many organizations are shifting biometric checks closer to the device itself. In this model, a fingerprint or face simply unlocks a credential stored locally, while cryptographic keys tied to that device handle authentication. Even if a biometric is spoofed, the attacker still needs physical access to the device.
"What I expect is a shift toward passkey-based architectures that keep biometric verification local to the device so that the biometric never traverses a network or gets stored in a centralized template database that can be breached. Paired with credentials locked to a specific device means even if a biometric is spoofed, the attacker still needs that physical device to get in," Kulkarni said.
Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.
