Has AI made biometrics obsolete? Zero-Knowledge may be the only solution
L’artificial intelligence has fundamentally changed the economics of fraud. What was once considered the gold standard of identity, biometrics, is now being systematically undermined by generative AI. Deepfakes and synthetic techniques now reproduce faces, voices and fingerprints with sufficient precision to fool traditional sensors, to the point that the National Cyber Security Center has elevated the threat of deepfakes to a top priority.
The danger is considerable. Unlike a password or a payment card, a retina or fingerprint cannot be reissued. When a biometric model is compromised, the breach is permanent. As AI advances, this stored data becomes high-value targets.
The limits of traditional models
Historically, bypassing a biometric system required specialized equipment and advanced expertise. Today, algorithms can generate “masterprints” that can match multiple users or reproduce facial features with alarming accuracy.
This situation is fueling a thriving market on the dark web, where “selfie with ID” packages and synthetic identities (mixing stolen real data and AI modifications) can be purchased in just a few clicks to bypass access controls. Ironically, the data we use to secure our digital transactions has become our biggest vulnerability.
The solution is not to eliminate biometrics, but to reverse their use. Traditionally, organizations stored biometric templates on central servers, making them a prime target for attackers. Even sharding often fails because the provider retains control of the infrastructure, maintaining a centralized trust model.
Zero-Knowledge (ZK) biometrics takes a radically different approach. By relying on advanced cryptography, it becomes possible to confirm a user’s identity without ever exposing or storing recoverable data.
In this model, a facial scan is converted into an encrypted, non-reversible format directly on the user’s device. On a subsequent connection, a new scan is compared to the stored version without the original image ever being revealed or reconstructed. This approach offers the scalability of a centralized system, with the absolute confidentiality of an on-device solution.
The shift to real-time identity
Fraud now penetrates the very heart of sessions, targeting credential resets, account recovery and critical transactions. This is why one-time authentication must give way to continuous re-verification. Thanks to ZK (Zero-Knowledge) biometrics, organizations continuously ensure that the user who initiated the session is still the same a few minutes later, while guaranteeing the absolute confidentiality of their personal data.
Preparing for the agentic era
The rise of AI now extends beyond human users. The development by companies of autonomous AI agents is giving rise to an unprecedented danger: agentic risk. Just as it is necessary to prove the identity of a physical person, it becomes crucial to govern these digital entities in real time.
This governance requires linking each non-human actor to a verified human identity, subject to strict and immediate controls. Employee or independent agent: the basic principle remains unchanged. High-assurance authentication must occur continuously and without leaving a data footprint.
At the same time, the growing value of biometric data, which sometimes exceeds that of traditional financial assets, makes the impact of a data breach impossible to ignore. Businesses need to have resilient defenses against AI-powered attacks. The issue? Secure access without disrupting the fluidity expected by users. Zero-Knowledge architectures and real-time identity are the keys to rehabilitating biometrics as a secure asset, and ensuring trust in the face of the proliferation of deepfakes.
