AI-powered identity attacks reached a critical inflection point in 2025, with injection attacks targeting iOS devices skyrocketing 741% year-over-year, while deepfake impersonation expanded into everyday corporate workflows. According to iProov's 2026 Threat Intelligence Report, these attacks have shifted from experimental tactics used by state-sponsored actors to industrialized, repeatable playbooks deployed at scale across financial systems and enterprises .

What's Driving the Explosive Growth in AI Identity Attacks?

The acceleration happened in two distinct waves. During the first half of 2025, injection attacks targeting iOS devices increased by 14%, but activity exploded in the second half, jumping 1,151% compared to the same period in 2024 . This dramatic shift reflects a troubling trend: techniques once limited to sophisticated, well-resourced threat actors are now being weaponized as standardized attack templates that any cybercriminal can deploy.

The industrialization of these attacks coincides with major advances in generative AI technology. Image-to-video generation tools have dramatically lowered the barrier to entry for creating synthetic identities. Attackers now need minimal source material, such as a single photograph, to generate convincing deepfake videos that can fool both humans and automated verification systems .

Southeast Asia has emerged as a testing ground for new fraud techniques, recording a 720% spike in attacks during the third quarter of 2025 . The region has seen a rise in virtual camera attacks and stolen Know Your Customer (KYC) identity packages, with techniques subsequently adopted and scaled to other regions, particularly Latin America. This pattern suggests that successful attack methods are being rapidly distributed and adapted across global criminal networks.

How Are Deepfakes Infiltrating Corporate Environments?

The threat landscape has expanded far beyond identity verification systems. Deepfake technology is now being weaponized in video-based corporate interactions, creating a new vulnerability in everyday business communications. Research from the Ponemon Institute found that 41% of organizations have experienced deepfake attacks targeting executives . A September 2025 Gartner study revealed an even more alarming statistic: 37% of cybersecurity leaders had encountered deepfake incidents during video calls .

These statistics suggest that deepfake attacks are no longer theoretical threats confined to security research labs. They are active, widespread, and increasingly difficult to distinguish from legitimate communications. An executive receiving a video call from what appears to be a trusted colleague or business partner may have no way to verify the person's authenticity in real time.

Steps to Strengthen Your Organization's Identity Security

• Implement Continuous Threat Monitoring: Move beyond static, legacy identity verification systems that rely on one-time checks. Organizations need systems capable of continuous monitoring of the threat environment, aligned with updated standards including NIST SP 800-63-4, CEN/TS 18099, and FIDO Face Verification Certification .
• Adopt Biometric Liveness Detection: Liveness detection technology can distinguish between real, in-person interactions and deepfake videos by analyzing micro-expressions, eye movement, and other behavioral markers that synthetic media cannot yet replicate convincingly.
• Establish Video Call Verification Protocols: Organizations should implement secondary verification methods for sensitive video calls, such as out-of-band confirmation through a separate communication channel or pre-arranged security questions that verify the caller's identity.
• Train Employees on Social Engineering Tactics: Since deepfakes are increasingly used in targeted attacks against executives and high-value employees, security awareness training should specifically address the risk of synthetic media impersonation and how to verify identities through alternative methods.

The shift in security strategy, as framed by iProov's report, extends organizational focus from technology capabilities alone to the visibility, agility, and operational speed of the systems that maintain them . In other words, having the right tools is necessary but insufficient. Organizations must also be able to detect threats quickly and respond faster than attackers can evolve their tactics.

Real-world incidents illustrate the stakes. Breaches affecting major retailers like Marks and Spencer and automotive companies like Jaguar Land Rover have demonstrated how gaps in identity and access security can allow a single successful impersonation or social engineering attack to disrupt operations at scale .

Why Traditional Security Approaches Are Failing?

The core problem is speed. AI-powered attacks operate at machine velocity, while human-driven security responses operate at human velocity. Cybercriminals can now generate synthetic identities, craft personalized deepfakes, and launch coordinated attacks across multiple targets in hours, not weeks. Traditional security teams, constrained by manual processes and legacy tools, cannot keep pace.

The convergence of AI capabilities with weakened cybersecurity infrastructure creates a particularly dangerous moment. Government data breaches and the consolidation of sensitive personal information into centralized databases amplify the risk. Once cybercriminals obtain biometric data, fingerprints, or facial scans, they possess information that does not change over a person's lifetime, making it far more valuable for long-term fraud schemes .

The challenge is compounded by the fact that AI tools like FraudGPT, which are designed to automate fraud at scale, are becoming increasingly accessible to criminal networks. When combined with stolen government databases containing information on millions of people, the potential for mass identity theft and financial fraud becomes exponential .

iProov's 2026 Threat Intelligence Report makes clear that the era of static, legacy approaches to identity verification has ended. Organizations that fail to adopt continuous threat monitoring, aligned with modern standards and capable of detecting synthetic media in real time, will find themselves increasingly vulnerable to attacks that their security teams cannot see coming and cannot stop in time.