Deepfake Attack.
An attack on biometric authentication or identity verification using AI-generated synthetic media — a fake video of the target, a synthetic voice, an AI-rendered face — to defeat liveness detection or impersonate the user.
The 2026 reality: deepfake-as-a-service has commoditized the attack. Cost per synthetic ID has dropped from thousands of dollars in 2023 to under $50 by 2026. Defense has become a continuous arms race — every uplift in detection quality is met by deepfake quality improvements. Hardware-level liveness (Apple, Google's depth-sensing implementations) remains the strongest defense; software-only liveness on commodity cameras is increasingly insufficient for high-assurance flows.
Common questions
How real is the deepfake threat to biometric auth in 2026?
Can liveness detection defeat deepfakes?
What is C2PA and does it help against deepfakes?
Related terms
In the guides
Biometric Authentication: A Practitioner's Guide to Fingerprint, Face, and Beyond
How modern biometric authentication actually works — device-local templates, signed assertions, liveness detection, and where the privacy story is real vs marketing.
Identity Verification and Proofing (IDV/KYC): A CIAM Guide for 2026
How to prove a real person matches a claimed identity at signup — document capture, liveness, authoritative-data checks. The 2026 stack, the deepfake escalation, and where CIAM ends.