Nearly 9 out of 10 Companies Already Face AI-Powered Attempts to Pass Identity Checks
A new study by Regula, a global developer of identity verification solutions, reveals a growing gap between organizations’ exposure to AI-driven identity activity and their ability to recognize it as a security threat. While 87% of companies worldwide report signs of AI-assisted or automated activity within identity verification processes, only 26% classify such activity as a major risk.
Regula’s study shows the gap between the awareness of risks related to AI actors and the exposure to them
The findings of The New Shape of Identity Threats study suggest that organizations are increasingly encountering behavior that appears legitimate, yet is difficult to clearly attribute, interpret, or distinguish from genuine user activity using existing verification approaches.
Organizations are seeing activity they can’t confidently interpret
According to the study, 35% of organizations report signals consistent with automated or scripted behavior where attribution remains uncertain, while another 35% report suspected use of synthetic or AI-generated identity evidence.
AI-assisted interactions within the identity verification workflows become common for many businesses, the Regula study finds
Rather than appearing as clearly identifiable fraud, much of this activity exists in a gray zone between suspicious behavior and confirmed attacks. This makes it increasingly difficult for organizations to distinguish between legitimate users, automated systems, and artificially generated identity signals.
Visibility remains limited
Visibility into such activity also remains limited. While 39% of organizations report having clear visibility into AI-assisted interactions, nearly a third say AI-assisted tool use is already common but not fully understood.
At the same time, 13% either report no detected activity despite monitoring efforts, have limited monitoring capabilities, or do not actively measure such interactions at all.
AI agents remain underrecognized as a threat
Despite growing operational exposure to AI-driven identity activity, only 26% of organizations identify AI agents acting as users among their top identity-related concerns.
In comparison, organizations remain more focused on established threats such as identity spoofing (38%), document fraud (36%), and deepfakes (35%).
The findings suggest that while AI-assisted behavior is already appearing inside identity systems, many organizations still do not classify it as a distinct strategic risk.
Identity systems are facing more human-like behavior
The study points to a broader shift in identity verification, where automated systems are increasingly capable of moving through onboarding and authentication flows in ways that resemble legitimate user behavior.
Unlike traditional attacks designed to directly bypass controls, these interactions are often built to blend into identity processes, making suspicious behavior harder to distinguish using existing verification approaches.
Identity systems were designed to verify people, not increasingly sophisticated automated behavior that can resemble legitimate users. Organizations now face a new challenge: understanding what kind of entity is interacting with their systems and whether that interaction can be trusted.
— Henry Patishman, Executive Vice President of Identity Verification Solutions at Regula
About “The New Shape of Identity Threats” study
The research was conducted by Sapio Research in March 2026 and is based on a survey of 850 decision-makers in fraud prevention and financial crime across seven markets: the UK, US, Germany, Singapore, UAE, Brazil, and Mexico. Respondents represent industries including banking, financial services, crypto, telecommunications, government, and gaming.
The full report includes country- and industry-level findings on AI-driven identity activity, visibility gaps, and emerging risks in digital identity verification.