Unmasking Cybercrime Strengthening Digital Identity Verification against Deepfakes 2026

04 Threat forecasting The effectiveness of threats to digital KYC is evolving at speed. The evolution of face swap threats to digital KYC is shaped by rapid generative AI (genAI) development, fragmented regulation and the adaptability of criminal ecosystems.15 While the currently evaluated tools show limited ability to bypass advanced KYC systems, rapid improvements in model realism and accessibility indicate that this barrier may soon diminish.16 Over the next 12–15 months, five trajectories are assessed as most likely: 1. Democratization of AI tools lowering entry barriers and increasing attack complexity2. Persistence of finance and cryptocurrency as prime targets, with expansion into other KYC-dependent sectors 3. Rising fidelity of face-swap technology enhancing realism and undermining verification 4. Persistence of presentation attacks in the near term, with injection attacks escalating as active liveness adoption grows 5. Fragmented regulation constraining defences in the short term, but regulatory convergence likely improving resilience in the medium termSummary The short-term trajectory of face swap threats is highly likely directed towards greater scale, fuelled by the democratization of genAI. Open-source repositories and underground forums already distribute deepfake toolkits tailored for KYC bypass, and industry assessments (e.g. iProov, Trend Micro , Group-IB) confirm the growth of such offerings. Meanwhile, academic platforms like Civitai report millions of model downloads. These developments reduce the time and expertise required to create synthetic identities (sometimes achievable within hours using consumer hardware). As accessibility increases, the complexity of attacks is also expected to grow. Multiple injection and presentation techniques can be combined in layered approaches, expanding the attack surface for defenders.Forecast 1 Democratization of AI tools and expansion of attack complexity Financial services and cryptocurrency exchanges remain the most attractive targets due to their high monetary value, reliance on remote biometric onboarding and uneven regulatory standards. Attacks in these sectors support fraud, money laundering and unauthorized account creation.Other industries adopting KYC, including gambling, telecommunications and trading, are increasingly targeted. The introduction of new regulations, such as the UK’s online safety rules enacted in July 2025, has already correlated with increased searches for bypass tools, underscoring attackers’ responsiveness to regulatory change.Forecast 2 Finance and cryptocurrency as prime targets, expansion to other sectors Unmasking Cybercrime 14