1 hour ago
1
A new study has found that 98% of organizations are concerned about identity-related threats, such as identity spoofing, deepfakes, and artificial intelligence (AI) agents acting as users, while 87% report AI actors attempting to pass identity processes in the past 12 months.
- Identity security faces AI challenge
- U.K., Singapore lead deepfake concerns
- AI adoption outpaces oversight
The 2026 “The New Shape of Identity Threats” report, published by Regula, developer of identity verification solutions and forensic devices, found that the identity verification systems and processes of organizations worldwide, built to confirm that a real person is behind a transaction, are increasingly under pressure.
In a survey of 850 decision-makers from the banking, crypto, telecom, gaming, and government sectors, spread across Brazil, the United States, Mexico, the United Kingdom, the United Arab Emirates, Singapore, and Germany, Regula found a growing prioritization of deepfakes and automated AI agents in the global threat landscape, as they begin to emerge as primary concerns for enterprise security.
“Identity verification was designed for a world where every interaction involved a real person. That assumption no longer holds,” said Henry Patishman, Executive Vice President of Identity Verification Solutions at Regula. “Today, organizations are not only verifying identities—they are determining whether an interaction itself is genuine, and whether the actor behind it is human or machine.”
He added that the new report aims to help decision-makers “understand how identity threats are evolving, where visibility breaks down, and what it takes to maintain trust in systems increasingly exposed to AI-driven activity.”
UK and Singapore alarmed by deepfakes
Beyond the striking percentage of entities generally concerned about identity threats, another key finding of the report was the growing concern about deepfakes, particularly among respondents from Singapore and the United Kingdom.
Generative AI deepfakes, whereby audiovisual content is generated or manipulated using AI to misrepresent someone or something, are rapidly advancing and spreading, often being abused to assist criminals in sophisticated scams and frauds, or to create explicit images of celebrities, women, and children. In 2025 alone, the U.K. government estimated that 8 million deepfakes were shared, up from 500,000 in 2023.
According to the report, deepfakes show the widest variation across industries of any identity threat, a sign that adoption and awareness are uneven. In terms of which sectors are most at risk, the report found that banking and crypto remain above average, with both sectors having direct exposure to deepfake-enabled fraud, including account takeover and onboarding bypass.
The report also found that deepfake concerns are heightened in mature fraud ecosystems that have a high-volume digital onboarding, which helps explain why the U.K. and Singapore top the list of worried nations.
In March, the U.K. government’s Department for Science, Innovation and Technology (DSIT) published a research report exploring the country’s deepfake detection technology market, finding that it is still in its nascent stages but growing rapidly, due to ever-increasing demand.
This came in the wake of a string of negative headlines around generative AI, such as Elon Musk’s Grok, being used to create explicit deepfake images of women and children. In response, U.K. Prime Minister Keir Starmer gave an interview in January promising to “take action” on “disgraceful and disgusting” reports around child abuse imagery.
“This is wrong, it’s unlawful, we are not going to tolerate it,” said Starmer. “I have asked for all options to be on the table.”
In the new report, Regula doubled down on such concerns, saying: “Deepfakes are no longer an emerging threat. AI-generated faces and videos used to mimic real users in onboarding and authentication now rank among the top identity concerns globally, just behind identity spoofing.”
AI use and AI agents
Another notable takeaway from the report was the apparent disparity between the rising threat posed by AI and organizations’ ability to pinpoint where it operates and what it does.
According to the findings, 69% of organizations say AI-assisted tools are already common in their identity flows, and 87% recognize that AI is present, but only 39% have clear visibility into its use.
“That gap matters,” argued Regula. “Systems cannot control what they cannot clearly detect.”
Meanwhile, AI Agents acting as users present a new risk layer, with 87% reporting AI-assisted or automated actors attempting to pass identity processes in the past 12 months, and 26% of organizations already identifying machine-operated actors acting on behalf of users.
However, contrastingly, the report also found that, across all markets, AI agents rank as the least urgent identity threat, suggesting the organization is underplaying the actual risk posed.
“Concern is remarkably flat across sectors, with just an 8-point spread between highest and lowest,” read the report. “Government and Crypto report identical concern levels despite fundamentally different risk profiles. This suggests that AI agents do not yet fit into established threat models — making them harder to categorize, prioritize, and address.”
In practical terms, this may mean that while most organizations know AI is present in their identity flows, they lack the ability to track, attribute, or respond to it effectively. Therefore, when it comes to AI identity threats, visibility must keep pace with exposure, if risk is to fall.
In order for artificial intelligence (AI) to work right within the law and thrive in the face of growing challenges, it needs to integrate an enterprise blockchain system that ensures data input quality and ownership—allowing it to keep data safe while also guaranteeing the immutability of data. Check out CoinGeek’s coverage on this emerging tech to learn more why Enterprise blockchain will be the backbone of AI.
Watch: What can organizations do to get on the Web3 & digital identity bus?
English (US) · 