One Check Isn’t Enough. The Video Proves It.
WRITTEN BY
You’ve probably seen it. A video circulating on LinkedIn of a deepfake so convincing that even people who know what they’re looking for have to look twice. That’s not Will Smith. That’s not the cast from Stranger Things. But if that face showed up in your identity verification flow today, would your system catch it?
The question isn’t rhetorical. For most verification stacks right now, the answer is probably no.
The reason isn’t that liveness detection is bad technology. It’s that the attack has changed shape. Today’s deepfake fraud doesn’t try to fool the camera. It bypasses the camera entirely. That’s a different problem, and it requires a different architecture to solve it.
AI already restructured who commits fraud and how, collapsing the skill floor so completely that most fraud today requires no technical expertise, no criminal network, and no physical presence at all.
How Fraudsters Defeat Liveness Detection: The Injection Attack
Liveness detection was built to solve a specific problem: confirm that a real, present human is behind the camera. Not a photo. Not a replay. Not a mask. For years, it did exactly that.
A biometric injection attack sidesteps the problem entirely. Instead of presenting a fake face to the camera, the attacker replaces the camera feed itself. The verification system never sees the real world. It sees a fabricated stream that has been engineered to pass every check the liveness challenge runs.
Regula Forensics documents four primary injection vectors in use today:
Virtual camera software that feeds a pre-built video stream directly into the verification session, bypassing the physical camera entirely
Mobile emulators that simulate a real device at the software layer, making a script look like a human-operated phone
JavaScript injection into browser-based verification sessions, intercepting and replacing the video feed mid-session
USB video hardware sticks that intercept the biometric data stream between the camera and the application
In every case, the liveness challenge runs and completes correctly. The system records a pass. No physical artifact was ever present.
Gartner puts a number on where the industry has landed: by 2026, 30% of enterprises will no longer consider standalone identity verification and authentication solutions reliable in isolation against AI-driven impersonation. That deadline is not approaching. It has arrived.
The best liveness providers are not just looking at whether the video looked real. Some providers collect upward of 200 fraud signals per session before a liveness result is returned. iProov's Genuine Presence Assurance embeds a one-time flash sequence into every session that cannot be pre-rendered. ROC's camera forensics layer traces digital fingerprints left by synthetic inputs in real time. They are not publishing the full list of what they check. That is deliberate. The boundary only holds if attackers cannot map it.
Even with all of that, the attack surface is outrunning detection. And the part that is hardest to solve is not any individual signal. It is what happens to those signals after they come back.
This Is Not a Gap in Execution. It Is a Gap in Architecture.
Most identity verification stacks treat liveness as a final answer. Pass liveness: verified. Fail liveness: blocked. That binary was appropriate for the threat model it was designed against, where the attack was a human with a photo or a mask presenting something fake to a real camera.
That threat model no longer describes the majority of what is coming through.
Shufti Pro’s research on liveness bypass states it plainly: bypass attacks operate at the software layer, meaning camera-based defenses can be circumvented even when the liveness challenge is completed correctly. Multi-factor authentication, behavioral data, and encrypted capture pipelines are not optional enhancements. They are structurally required.
Microblink frames the same problem from a different angle: traditional fraud prevention was designed to detect suspicious human behavior. A biometric injection attack introduces no suspicious human behavior to detect. The session runs cleanly. The behavioral signals look normal. There is no anomaly because the system has been fed a pre-optimized stream, not a human making decisions under pressure.
What Best-in-Class Liveness Detection Actually Delivers
ROC’s research on next-generation liveness technology, built specifically to counter deepfake and injection attacks, achieves greater than 95% precision under lab conditions.
The trajectory of the attack surface matters here:
Deepfake usage in biometric fraud attempts surged 58% year-over-year
Injection attacks rose 40% over the same period
Group-IB documented 8,065 biometric injection attack attempts against a single financial institution in just eight months of 2025
The UK government estimated 8 million deepfakes were shared globally in 2025, up from 500,000 in 2023
iProov documented a 1,151% surge in injection attacks targeting iOS devices in the second half of 2025, contributing to a 741% annual increase for the full year.
A 5% miss rate applied to an attack surface growing at that rate is not a margin for error. It is a target.
The Deeper Problem: The Identity Is Coherent End-to-End
What makes video injection attacks particularly effective is not just the liveness bypass. It is that the attack arrives with everything else a verification system expects to see.
ID.me’s 2026 Identity Fraud Landscape report documents the current threat: fraudsters now pair high-fidelity AI-generated government IDs with deepfake video feeds that match the license photo. The result is a complete, coherent digital persona that passes every layer of the verification funnel simultaneously.
The document is convincing. The face matches. The liveness check passes. Every individual signal returns verified. No individual signal had the context to know it was wrong.
Each gate saw what it was built to see. No gate saw the whole picture.
This is the structural problem with single-gate verification. Each check evaluates its own signal in isolation. None of them are designed to catch a threat that has been optimized to satisfy all of them at once. The coherence of the fraudulent identity is the attack.
What the Architecture Actually Needs Above the Liveness Layer
The research consensus is consistent, and it is not “better liveness.” Better liveness is necessary. It is not sufficient.
Shufti Pro, Microblink, ROC, and Biometric Update’s April 2026 analysis all converge on the same structural answer: device integrity checks, encrypted capture pipelines, behavioral monitoring across the full session, and multi-signal corroboration are the layer that makes liveness meaningful. Not replacements for liveness. The architecture above it.
The practical questions that determine whether your stack has that layer:
Is device integrity checked before the biometric session starts, or does the pipeline trust whatever device presents itself?
Is virtual camera software and emulator activity detected at the OS layer, before the feed reaches the verification check?
Is the capture pipeline encrypted end-to-end, or is the biometric stream interceptable between the camera and the application?
Is behavioral data collected across the entire session, or only at the moment of the liveness challenge?
Are document signals, behavioral signals, and biometric signals being corroborated against each other, or evaluated in sequence with no shared intelligence?
There is a layer beneath all five of those questions that most stacks never address. Even when device integrity, behavioral data, and biometric signals are all being checked, they are typically returned by different providers in different formats, on different scales, with different response structures. A liveness result from one vendor does not speak the same language as a device integrity flag from another or a behavioral anomaly from a third. Without a normalization layer translating all of those outputs into a consistent, correlated signal, the checks are still operating in isolation. You are not getting corroboration. You are getting parallel silos that happen to run in sequence.
Injection attacks are specifically designed to fit through these sequence gaps.
One Gate Is Not a Strategy
The logic here is not unique to liveness. It applies to document verification, database checks, behavioral analysis, and every other point check in an identity stack. No single signal, regardless of how sophisticated, was built to carry the full verification decision.
The fraud ecosystem understood this before most verification stacks did. Attackers map the full funnel, identify which signals are checked in isolation, and construct an artifact that satisfies each one independently. The individual checks pass. The fraud gets through.
Adding more point checks to an existing stack does not solve this. It creates more independently satisfiable gates without adding the corroboration layer that makes those gates mean something together.
Every signal in the stack (biometric, behavioral, device, and document) needs to flow through a normalization layer that translates disparate provider outputs into a consistent, actionable format before a risk decision is made. That is what allows signals to be corroborated rather than just collected. An AI model cannot reliably score or act on signals that arrive in inconsistent formats from disconnected providers. Normalize the inputs, and the decisioning layer has something real to work with. That is the infrastructure layer Grid's signal normalization sits at, and it is what makes corroboration across providers possible rather than theoretical. That is the solution to preventing loss due to injection attacks.
The videos being shared across LinkedIn and other platforms are not a novelty. They are a live demonstration of infrastructure already running against real verification flows, at scale, with tooling cheap enough that the barrier to entry has effectively disappeared.
The question worth sitting with: if that face showed up in your flow today, what signal beyond liveness would catch it?
If the answer is not immediate, that is the audit worth doing.