Exploiting the deceased and the dormant: Attackers follow leverage. Dormant, legacy and deceased identities create leverage because they already come with history, which serves as scaffolding for a synthetic persona to climb.I have seen how quickly a subdued record can become an entry point. An adversary pairs an older account or identity footprint with newly generated documents and a polished support interaction. They request a profile change, a contact update or a payment redirection. They push for a new credential, a new device or a new channel. Each looks like a minute detail in isolation. In sequence, it’s a takeover that feels earned because the activity resembles real life.Traditional trust signals struggle here. Device fingerprinting, behavioral analytics and static biometrics can help, but AI now targets those signals directly. Typing rhythm can be imitated. Mouse movement can be simulated. Voices can be cloned well enough to fool humans who are tired or rushed. Even experienced reviewers lose their advantage because the obvious seams appear less often.That is why this threat feels different inside estate-facing workflows. There is usually a compelling story attached to the request. There is often urgency. There is often emotion. Attackers understand that human pressure and procedural pressure create openings that technical controls alone do not close. Establishing a new standard of proof: There’s no plug-and-play fix for synthetic identity. Addressing it means moving past “Who is this?” to a more forensic question such as “How did this identity”, and its digital footprint”, come to exist?”That shift raises the standard of proof. It prioritizes provenance, issuer verification and cross-channel consistency over surface-level plausibility. It also changes how teams operate. We can’t keep identity signals scattered across separate tools, queues and owners. We need a shared risk view built from independent signals that either reinforce confidence or reveal contradictions.In practice, we examine where artifacts came from, how they were created and whether they were altered. We require stronger proof when risk changes and correlates across channels instead of trusting a single checkpoint.We also have to tighten internal access and auditability. If attackers can impersonate external claimants, they can also target internal workflows. Privileged actions need least privilege, just-in-time access and forensic-grade trails. Engineering accountability into internal workflows: Continuous verification has to be a deliberate design choice. A mature program ties the level of proof to the risk of what’s happening right now. A new device shouldn’t be treated like a routine login. A request to change payout instructions should face a higher threshold than a simple record view or address update.That same discipline must apply internally. High-impact roles and machine identities need named owners, documented credential succession plans and access trails that can be reconstructed without guesswork. When something goes wrong, you don’t want an argument about who might have done it. You want evidence.Regulators and boards are moving this way because the old model assumes identity stays stable once “verified.” AI breaks that assumption. Organizations that treat identity assurance as measurable, with clear risk appetite and regular adversarial testing, will be best positioned to defend their decisions with confidence. The 2026 readiness test: As we look toward 2026, I keep coming back to one question. Can you prove, at any moment, that the identities behind your highest-impact actions belong to real, accountable humans?If the answer is vague, then AI accelerates the wrong things. It accelerates decisions based on polluted data. It accelerates workflows that can be hijacked by believable fakes. It accelerates outcomes that look compliant until the moment you need to defend them.In our business, we are not just managing accounts and records. We are protecting legacies, resolving obligations and serving people who often have one chance to get it right. Synthetic identity turns that responsibility into a security problem, a governance problem and a human problem all at the same time. Let’s treat it like the new ground truth.This article is published as part of the Foundry Expert Contributor Network.Want to join?
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4146433/can-you-prove-the-person-on-the-other-side-is-real.html
