The Next Frontier of Identity Fraud: ADVANCE.AI Validated Against Injection Attacks and Deepfakes

Identity verification is entering a new threat era

For years, identity verification systems were built around a simple assumption: if you could prove you were physically present, you were likely real.

That assumption is breaking.

For a long time financial institutions and regulated businesses focused on defeating presentation attacks (PAD). That is the scenario where an attacker holds up a printed photo, a replayed video, a mask or a 3D bust to fool a camera.

At present, industry testing frameworks such as PAD-focused evaluations have helped establish a strong baseline for detecting these physical spoofing attempts and improving the reliability of digital onboarding processes.

However, a more sinister threat has grown to maturity. Today, the greatest risk to global digital security is not a masked attacker; it is a digital ghost. We are witnessing the era of Digital Injection Attacks.

The rise of injection-based attacks

Injection attacks occur when manipulated biometric data is introduced directly into an identity verification workflow without passing through the intended device capture process.

These attacks can take several forms, including:

• Virtual camera feeds that simulate real-time video input
• Device rooting and emulator-based manipulation
• API-level injection into verification workflows
• Application tampering and code modification
• Network interception and payload alteration
• AI-generated face swaps and deepfake video streams

Unlike presentation attacks, injection-based threats target the integrity of the entire verification pipeline. This makes them significantly harder to detect using traditional sensor-level or camera-based defences.

Recent research has found that deepfake detection systems can experience measurable performance degradation within months as synthetic media generation techniques continue to evolve, highlighting the need for continuous testing against emerging attack methods. (Source: 2025 academic research, arXiv)

This creates a rapidly shifting environment where static evaluation frameworks are no longer sufficient on their own.

A new standard for a new class of threats: CEN/TS 18099

To address this evolving risk landscape, international standards bodies have developed CEN/TS 18099, a technical specification designed specifically to evaluate resistance against digital injection attacks.

Unlike traditional presentation attack testing, CEN/TS 18099 focuses on whether a biometric system can detect manipulation that occurs within the software or data layer, rather than at the physical sensor level.

It reflects a broader recognition that identity systems must now defend against attacks that are dynamic, multi-layered, and increasingly AI-enabled.

One of four worldwide: ADVANCE.AI completes BixeLab’s IAD evaluation

ADVANCE.AI has successfully completed an independent Injection Attack Detection (IAD) evaluation conducted by BixeLab in alignment with the CEN/TS 18099 standard.

As of June 2026, ADVANCE.AI is one of only four vendors worldwide to complete this evaluation.

This rigorous testing was conducted by BixeLab, the world’s second NVLAP-accredited (National Voluntary Laboratory Accreditation Program) biometric testing laboratory, holding qualifications from FIDO and MOSIP.

The evaluation covered the ADVANCE.AI Liveness Detection SDK on both iOS and Android and assessed system resilience across a range of digital injection vectors, including:

• Virtual cameras: injecting synthetic streams, including USB and HDMI capture injection
• Rooted devices & emulators: hijacking system environments, including root status hiding
• Function hooking & runtime tampering: altering the application’s core logic in memory

Test payloads spanned 10 representative types, from raw selfies and ID photos to face morphs, face swaps, deepfake videos, face reenactment and 3D avatar reenactment videos.

Across 600 high-grade injection attempts in controlled testing, the SDK recorded zero successful bypasses. No sensor-level injection attack succeeded in any tested scenario.

PAD and IAD together close the loop

The evaluation adds to a broader programme of independent technology validation. ADVANCE.AI already holds iBeta Level 2 PAD conformance under ISO/IEC 30107-3 for resistance to physical presentation attacks, so the two results now form a dual safeguard: PAD secures the camera, while IAD secures the pipeline behind it.

This reflects an industry-wide shift toward continuous, independent evaluation of biometric systems: not only for accuracy under normal conditions, but also for resilience under adversarial attack scenarios.

What this means for identity-driven systems

As digital identity systems become more central to onboarding, authentication, and fraud prevention workflows, the expectations placed on verification technologies have evolved significantly.

Independent testing against structured standards helps organisations better understand system resilience under real-world attack conditions and provides additional assurance in procurement and governance processes.

For organisations operating in high-trust environments, validated injection attack detection capabilities contribute to:

• Stronger resilience against AI-generated identity fraud
• Improved visibility into emerging attack techniques
• Alignment with evolving international testing standards
• More informed evaluation and procurement decisions

Looking ahead

Identity fraud is no longer defined solely by attempts to imitate reality. It is increasingly defined by the ability to manipulate digital systems themselves.

As synthetic media generation becomes more advanced, and as attack methods continue to evolve, the need for continuous, independent evaluation of biometric systems will only increase.

By completing BixeLab’s Injection Attack Detection evaluation under CEN/TS 18099, ADVANCE.AI reinforces its commitment to building identity verification systems designed for this next phase of digital trust: where resilience must be proven not only at the surface, but across the entire verification pipeline.