Beyond Identity targets AI deception with RealityCheck (Image Credit: getty-images-3pX0EqC2jrc-unsplash)Beyond Identity has launched RealityCheck, an identity assurance plugin for Zoom. The company claims it will protect organisations from deepfakes and impersonation attacks. The solution will certify the participants and improve trust.

Jasson Casey, CEO of Beyond Identity (Image Credit: LinkedIn)
Jasson Casey, CEO of Beyond Identity

Jasson Casey, CEO of Beyond Identity, said, “With the rise of AI and deepfake-based attacks, organizations need their identity platforms to protect against such attacks. Beyond Identity’s RealityCheck is the first tool developed to purposely address this new type of attacks.

“Our application focuses on the prevention of AI impersonation attacks and deepfakes in video conferencing applications, as they recently led to some devastating results to the reputation and financial stakes of the attacked organizations.”

What does RealityCheck do?

RealityCheck is a Zoom plugin that validates Zoom participants using a set of known and trusted deterministic signals. It uses Authenticator Assurance Level 3 (AAL3) combined with device security verification. When a user logs in, phish-resistant authentication verifies the user. Importantly, it continues to verify the user for the duration of the call.

At the same time, the device is checked to ensure it meets the organisation’s security standards. What is not clear is whether there is a remediation step to apply missed updates to minimise the risk of users being blocked from important calls. Like the user verification, the device checking is continuous throughout the call.

On the screen, a badge of authentication is displayed, and a side panel contains additional data. Together, they provide information for other call participants to decide whether they trust or don’t trust others in the call. Beyond Identity believes that this allows call participants to make informed decisions on whether participants are real or not.

According to Casey, “Many organizations do not have in place cybersecurity strategies to combat AI deception attacks. They are further challenged by the fact that most deepfake detection tools and end-user training are probabilistic and cannot offer solid guarantees.

“With RealityCheck, we are providing organizations with a game-changing solution that shifts the focus to authentication assurances to make deterministic claims and ensures the authenticity and security of digital interactions. We will be further building more integrations for RealityCheck, to be able to attest the credibility of other communications such as email and chat.”

Extending the Secure Access platform

According to the announcement, RealityCheck is part of Beyond Identity’s Secure Access platform. The company claims that it will make it simple for organizations to defend against current attacks and stay secure while conducting day-to-day business.

It calls out four key features:

  • A dynamic badge displayed in the user’s camera layer
  • Surface user and device claims on the badge and participants’ panel
  • Participant verification status in Zoom side panel for meeting hosts
  • Simple end-user enrolment via Zoom marketplace

Importantly, this Zoom plugin is just the first step for RealityCheck. Beyond Identity will look to add this to other applications where establishing a user’s identity is key. The initial applications are focused on communication applications, email, and chat, but expanding it to other areas makes sense.

For example, banks already use a range of applications, such as facial recognition, for security. However, security companies are already warning of camera injection attacks. These bypass the phone’s camera tech to insert a deepfake stream. While the first wave of these attacks has focused on mobile devices, they can also be used on desktops and laptops.

The question is, can RealityCheck prevent that? If so, it will find ready adoption across a much wider range of applications than Beyond Identity is currently targeting.

Enterprise Times: What does this mean?

The surge of AI-generated avatars and deepfakes is creating a problem when it comes to identity. Are you talking to a real person, a valid business avatar, or are you the victim of an impersonation attack?

With increasing amounts of business transacted over video conference, email and chat systems, this is a real problem. How do you prove the identity of the person or persons you are interacting with? More importantly, how do you ensure that they are not substituted during the call?

Beyond Identity believes it has the solution with RealityCheck. However, there are other applications out there that verify real-time images of individuals. Can RealityCheck do a better job? It will be interesting to see how it performs now that it is available to customers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here