Updated: January 14, 2026
As digital transactions become increasingly central to our daily lives, presentation and injection biometric attacks represent a critical threat to identity verification systems. The rise of AI-generated deepfakes has created an urgent need for innovative strategies to combat identity fraud. Gartner VP Analyst Akif Khan emphasizes this reality: "GenAI-created deepfakes can be used by attackers to impersonate the identity of genuine customers or employees. Deepfakes can be combined with social engineering in calls to employees to try to trick them into helping the attackers achieve their goals."
Presentation attacks, also known as spoofing or imitation attacks, involve attempts to deceive biometric authentication systems using fake biometric samples, such as photos, videos, or other replicas of the genuine user. With the advent of deepfakes, the methods used to detect presentation attacks have become outdated as many deepfake videos are very well created to be presented as a live video, with great rendering of an attacker superimposing their image on a live video.
Liveness Detection & Deepfake Protection
One way to identify genuine users and prevent presentation attacks, like deepfakes, is through "liveness detection." Liveness detection helps distinguish between genuine, live individuals and manipulated synthetic representations. Here's how liveness detection helps identify users:
Dynamic movement recognition
Liveness detection systems analyze the dynamic aspects of facial expressions, eye movements, and other micro-expressions that occur naturally in live subjects.
Response to stimuli
Liveness detection may involve prompting the user to perform specific actions or respond to stimuli during verification.
3D depth analysis
Liveness detection often utilizes advanced techniques like 3D depth analysis. By assessing the three-dimensional aspects of facial features, the system can verify the spatial relationships between different facial elements, making it harder for static images or videos to pass as authentic.
Texture and reflection analysis
Liveness detection examines surface characteristics such as texture and reflections on the face. Natural skin has unique textures and reflects light in specific ways that may be hard to emulate.
Understanding injection attacks
All these technology components have been embedded across various liveness detection engines and have effectively prevented a "Presentation Attack" often used to game the system. Most deepfake attacks happen when an attacker injects a fraudulent video to game the liveness detection engine.
There are usually three types of injection attacks that occur:
Virtual H/W camera injections
Utilizing a virtual camera instead of a real camera to submit a photo or video. Software like Manycams is used to do this.
JavaScript injections
Utilizing browser console to inject spoofing JavaScript code to be run instead of existing one on the webpage.
Client server protocol injections
A fraudster breaks the data channel between the browser and server or Classic IT infrastructure "Man in the Middle" type of attack.
How 1Kosmos combats deepfake attacks
1Kosmos takes a multi-layered approach to defending against AI-generated deepfakes, combining proprietary biometric technologies with strategic partnerships to deliver comprehensive protection against both traditional presentation attacks and sophisticated AI-driven impersonation.
Reality Defender integration: Multimodal deepfake detection
In December 2025, 1Kosmos announced a strategic partnership with Reality Defender, integrating its real-time deepfake detection technology directly into 1Kosmos. This collaboration creates the only solution addressing both traditional presentation attack detection (PAD) and AI-generated visual impersonation in a unified platform.
Reality Defender's multimodal approach enhances 1Kosmos's existing PAD capabilities with continuously updated detection models that identify both live and pre-recorded AI-generated image and video impersonations. The integration operates seamlessly within existing 1Kosmos workflows, providing zero-friction deployment with no new licenses or infrastructure changes required. With 20% of all biometric fraud attempts now involving deepfakes and deepfake-driven fraud on a stark rise, this partnership delivers future-ready protection that anticipates emerging deepfake techniques while strengthening compliance with evolving regulatory requirements, including the EU AI Act and upcoming ISO 25456 standards.
Advanced liveness detection with LiveID and LiveID+
1Kosmos responds to the challenge of presentation attacks with LiveID and LiveID+. LiveID leverages the front-facing camera on the mobile device (selfie camera) and records a video of the user. Once LiveID has determined the user is genuine, through a liveness check, LiveID will capture a "selfie" of the user and use it as a biometric reference for authentication. LiveID+ is an advanced SDK client-side solution. By actively identifying and thwarting injection attacks in real time, LiveID+ sets a new standard for security, offering robust protection against the deceptive tactics of deepfakes.
Adding additional capabilities to LiveID with LiveID+ allows organizations to prevent this growing attack vector. The new client-side SDK will catch injection attacks and not permit any identity proofing or authentication attempt if an injection attack is detected.
Enter our orbit.
