Category: AI

By Jarek Sygitowicz, Co-Founder and Chief Strategy Officer of Authologic

By now it’s something of a cliché to say the rapid rise of generative AI has fundamentally changed the threat landscape of the internet.

Nevertheless, it has, and the point bears repeating. Synthetic identities, deepfakes and AI-generated documents are no longer edge cases but the go-to tools of fraud. The more convincing generative models become, the faster they sideline traditional methods of digital verification like uploading photos of IDs, sharing personal data or performing visual checks.

The more data people share, the more material fraudsters have to exploit. Identity verification methods still depend on oversharing. Few flaws are more pressing.

Zero-knowledge proofs (ZKPs) offer a way out of this trap. Instead of asking users to reveal sensitive information to prove eligibility, ZKPs allow them to prove a fact about themselves without disclosing the underlying data. When AI can fabricate a face or a document, a photo becomes largely useless as a verification method.

More than that, ZKPs limit data exposure. Once viewed as a privacy improvement, data minimisation is now a security imperative.

Oversharing as a systemic vulnerability

Most online verification flows today unintentionally collect hordes of unnecessary information. Age checks often require a full photo of a government-issued ID, collecting addresses, height and weight, and eye color in the process. Address verification exposes home locations. Identity checks routinely capture names, document numbers, and biometric images, all stored beyond the reach and control of the end user.

When fraud required human effort and manual forgery, this model provided adequate protection. GenAI has made this model dangerously outdated almost overnight. A single leaked ID image can be reused and altered at scale. AI systems trained on real documents can generate convincing counterfeits that outpace any human review process.

The more data a platform collects in the name of safety and compliance, the larger its attack surface becomes. This paradoxical situation is begging to be fixed.

Provable facts are the new identity

Zero-knowledge proofs flip the logic of verification. Instead of asking “Who are you?” they ask “Is the specific claim you are making true?”

Wallets with zero-knowledge technology provide cryptographic answers to simple yes-no questions like ‘Does this person live in the UK?’ or ‘Is this person over 18?’ No exact birthdate or address is given; no document image changes hands. The verifier learns only what it needs to know.

Apple, Samsung and Google wallets now verify age or identity attributes via mobile driver’s licenses (MDLs) and digital IDs. The increasingly widespread use of MDLs, already live in 20 U.S. states, is evidence this approach is moving from theory into practice. A user authenticates locally, often with biometric verification like Face ID and the wallet generates a proof that satisfies the request. The relying party never views the underlying credential.

Even GenAI has its limits. It can indeed forge an image, but it can’t fabricate a cryptographic proof tied to a government-issued credential without access to the wallet itself.

How Spain’s age verification laws could popularise ZK proofs

ZK-based verification introduces a different compliance model that reduces liability, which may prove critical as more age verification laws come into effect. Earlier in February, the Spanish government publicly announced plans for a nationwide ban on social media for children under 16. Enforcing it would require digital verification checks.

Using ZK proofs, adults in Spain could access social media sites without uploading any real data to a given platform. Since it never receives the full identity data, that platform cannot leak it or fail to protect it. A hacker can’t access actual personal data, just a useless set of binary confirmations. Verification, long an extended data custody problem, is now a momentary cryptographic interaction.

In and beyond Spain, age verification can and should rely on ZK proofs. Asking users (especially minors) to upload identity documents creates serious ethical and security risks. Proving age without revealing identity resolves this tension.

For the first time in digital history, trust online depends less on visual evidence and more on cryptographic certainty. Photos, videos and documents are becoming unreliable signals in the age of GenAI. No more holding up three fingers and nodding your head for a live selfie. Verifiable credentials and zero-knowledge proofs are becoming the new anchors of trust. The days of this technology being treated like a niche cryptographic concept are over. A truly secure and modern verification system asks better questions to get only the answers it needs. No more and, crucially, no less.

About the author

Jarek Sygitowicz is the co-founder and Chief Strategy Officer of Authologic, the full-stack global e-ID hub for industries reliant on KYC and AML processes. In 2013 he co-founded ZenCard, which allowed businesses to offer loyalty and rewards programs to customers using their existing payment cards. The company was acquired in 2017 by PKO BP, one of the largest banks in Poland. A longtime entrepreneur, he now serves as co-founder of Authologic, where he oversees strategy, client relations, design, and UX.