iProov's 2026 report warns of a rise in AI-powered identity fraud attempts.

iProov’s 2026 report warns of a rise in AI-powered identity fraud attempts.

2026-04-10

iProov has released its annual Threat Intelligence Report, highlighting a notable surge in AI-enabled identity fraud across various enterprise and financial systems.

The 2026 Threat Intelligence Report by iProov shows an increased use of generative AI in identity attacks. There was a dramatic rise of 741% year-on-year for injection attacks targeting iOS devices, especially in the second half of 2025 compared to the same period in 2024. The report consolidates data from iProov’s Security Operations Centre (iSOC), which integrates real-time threat detection, dark web monitoring, red-team penetration testing, and biometric security research.

Injection attacks on iOS devices saw a significant escalation during the latter half of 2025. The first six months witnessed a modest 14% increase, but in the second half, this surged by 1.151%, marking a full-year rise of 741%. This trend suggests that previously experimental or state-sponsored attack techniques are now being used as industrialized, scalable operations.

Deepfakes expanding into corporate workflows

The report notes a broadening of deepfake usage beyond identity verification systems. Recent advancements in image-to-video technology have made it easier to generate synthetic identities with minimal resources. According to the Ponemon Institute, 41% of organizations reported experiencing deepfake attacks on executives. Additionally, a Gartner study from September 2025 found that 37% of cybersecurity leaders faced deepfake incidents during video calls.

Southeast Asia served as an early testing ground for these new fraud methods, recording a 720% increase in attacks during the third quarter of 2025. The region experienced a rise in virtual camera attacks and stolen KYC identity packages, which were subsequently adopted by other regions, notably Latin America.

Call for dynamic security systems

The report asserts that traditional static approaches to identity verification are no longer sufficient given the rapid evolution of threats. It advocates for continuous threat monitoring integrated with updated standards such as NIST SP 800-63-4, CEN/TS 18099, and FIDO Face Verification Certification. The shift requires a broader focus on not just technology capabilities but also the overall visibility, agility, and operational speed of security systems.

The report cites broader industry incidents, including those at Marks & Spencer and Jaguar Land Rover, to underscore how vulnerabilities in identity and access security can lead to significant disruptions from a single successful attack or social engineering attempt.