In an age where anyone’s face, voice, or words can be faked in seconds, it’s easier to mimic a person online than it is to prove you are one.
Deepfakes are nearly indistinguishable from real video, AI-generated messages can spoof coworkers and public figures, and identity thieves are bypassing legacy protections faster than organizations can deploy new patches. The costs associated with this level of fraud are rising fast. In 2023 alone, $1.2 billion was lost to imposter scams in the US.
With the AI revolution threatening what we know about security today, we’re in the midst of a digital trust crisis — and identity is at the center of it. Security systems are built on the assumption that we can reliably know who’s behind the screen. In truth, that’s never been certain. The good news is, the technology to change that is here — so, let’s dive in.
What we thought trust meant — and why it’s no longer good enough
For years, digital trust looked like SSL certificates, hashed passwords, multi-factor authentication (MFA), and well-behaved cookies. But when it comes to proving who you are, we need more than MFA or security questions. We need proof.
With identity-related breaches accounting for 80% of all security incidents in 2023, security leaders, tasked with protecting an organization's assets and its people, need confidence. Confidence in the identity, authorization, and intent of users and systems across the complex ecosystems they oversee.
At the same time, user trust is falling. Friction, false positives, and data breaches have conditioned people to be skeptical — even as systems ask them to authenticate, verify, and trust with increasing frequency.
How did we get here? Infrastructure has failed to evolve at the pace of threats, or identity systems are outdated (or worse, non-existent). When identity is brittle, everything else crumbles.
Most traditional identity and access management (IAM) stacks weren’t built for an internet of deepfakes, zero-day exploits, and AI-powered attackers. Here are some of the culprits:
Weak passwords and MFA fatigue: major targets for phishing, reuse, and social engineering
Centralized databases: Juicy targets for attackers and single points of failure
Siloed identity systems: Every platform has a different version of “you,” creating risk and friction
Synthetic identity fraud — entirely fake people constructed from partial real data — is now one of the fastest-growing forms of financial crime, with the potential to cost billions globally in the coming years. If identity-related security doesn’t evolve, security teams have an uphill battle ahead:
Signal overload: Thousands of authentication signals, tokens, and session anomalies to triage
Compliance chaos: Navigating evolving frameworks like NIST 800-63, GDPR, and eIDAS 2.0
User dissatisfaction: Logins, resets, and friction that drive abandonment and reduce trust
Legacy systems treat identity like a simple login screen. But today, identity must be living, verifiable proof — not just a stored record.
Verifiability as the new trust layer
The solution isn’t stronger passwords or more factors. It’s an evolution of how we think about security to include human-relevant properties and a new perspective referred to as proof-based identity.
Old Model: Trust the user
New Model: Trust the math
Verifiable digital credentials (VDCs) allow users, employees, and systems to present cryptographically signed, privacy-preserving proof of identity, authorization, affiliation, or knowledge.
Legacy Identity | Verifiable Identity |
Static, central claims | Portable, cryptographically verifiable digital credentials |
Trust the issuer | Trust the cryptographic proof |
Federated SSO | User-held digital wallets |
Central honeypots | Distributed, consent-based trust |
These models remove the need for constant re-verification, enabling access control that’s portable, programmable, and provable without unnecessarily exposing sensitive data.
Why this matters more than ever
We’re entering a pivotal moment for maturing security technologies and best practices to hoist stronger human identity into the digital sphere so that services can cryptographically verify your human identity. If we don’t act, we’re at risk of falling further behind:
AI threatens identity at scale: LLMs can impersonate people with astonishing realism
Fraud is rising fast: Identity-based scams are becoming harder to detect and more expensive to fix
Regulators are stepping in: From eIDAS 2.0 in the EU to evolving standards in the US, organizations will soon be required to verify more — and store less.
Meanwhile, users are demanding privacy, transparency, and control over their digital selves. The shift to verifiable, user-controlled identity isn’t a nice-to-have — it’s inevitable.
It’s time to reinforce the trust layer
The good news: We know where to start. Digital trust isn’t a UX problem. It’s a structural one. And with AI entering the mainstream, we need to take more measures to protect ourselves online.
We need to stop retrofitting old models and start building identity systems that are secure by design, portable by default, and verifiable at every touchpoint.
Verifiable digital credentials represent more than a new feature set. They’re the foundation for a new kind of trust online, one that scales, protects, and adapts.
Sign up for updates to stay in the loop and learn more about verifiable digital credentials.
