Wonderful. So thank you so much for having me.
I, I really appreciate it. Always love participating in this conference. For those who do not know me, I'm Francis Elaney, I'm the co-founder and CEO of Abit. I've been in the biometrics and identity space for more than 25 years and definitely seen a lot of evolution and change in this space over time. Today I am here to talk about the impact of generative AI on our space and identity in particular, and looking at it.
We all know, you know, we all know a lot about the possibilities and we've all heard the headlines about the challenges, but the overall theme, not to be a spoiler in the beginning, but the overall theme is that we have the tools to combat the threats that, that we are facing. The tools have been in existence and it's now up to us, those who follow me.
You know, I talk a lot about corporate social responsibility, but it's really up to us to put these tools together and, and deploy them.
So we, we are able to, to address the opportunities and also, and also the challenge. So that's my overarching message. If you don't hear anything else, Dion, what I'm, what I'm saying that, that's really the takeaway for today. So to get started, let's jump in on, you know, where we are with generative ai. So I've been involved with numerous startups, numerous industries, seen tons of disruption, but I think we are all in agreement that what we've seen with generative AI in the last couple of years is really, really unprecedented.
And I'm not sure how many are familiar with the numbers, but it took chat GPT two months to reach a hundred million users. And here you see, compare that to everyone else, consumer facing applications.
So clearly we are onto something, but by no means are we, is chat GPT the only one generative AI is touching pretty much every aspect of everything that we're doing as, as we all, we all know. And in the process, it changing a lot of the societal assumptions that, that we've been making.
One very interesting thing that I have heard recently is that artists are actually embracing generative AI and allowing people to use their face, to use their voice and then charging royalties to make up songs. Yesterday I was with a co-founder of a company called Hour One, and she's all about allowing executives and people to develop avatars so that they could clone themselves for sales and product marketing and whatnot.
And I was also with someone in the education space who was talking about how how generative AI could actually be an equalizer to all of society, because now you can provide entry level people.
So I'm gonna go back, you can see the screen.
So I, so as I was saying, we have to look at the, the, the, it's really challenging a lot of the societal assumptions and some of the real scary numbers that I, that I heard yesterday is that there are a thousand to one ratio in efforts be spent on resource development versus AI safety. And what this means is that the same AI model that can give every child in the developing world in Africa, a lesson in biology, it's the same exact model that can give an an ISIS terrorist a weapon on developing a, a, a lesson on developing bio weapons.
And in our world of identity and fraud, we're already seeing cyber terrorists selling tools for only 99 99 a month that will enable audio clips to be generated tied to ransomware. So what does this really mean for us? And a game that, that if we were in person I would play is, you know, to the naked eye here are six, six images, five of them are fake and one of them is real. If there was a way to make this interactive, I would say let's vote for the one that I, I would love everyone to, to try to guess which one is real the last time we play this game.
Excuse me.
Fran, are you, are you moving your slides? Because we cannot see
Yes, I am am and you're not.
Okay, let's try this again.
Let's ask her if she feels com. Hey Francis. Thank you.
Yeah, the images are frozen. Do you feel comfortable proceeding with the presentation just verbally or is it dependent on the slides?
Yeah,
No, no, no. I'll just do it verbally.
Okay, thank you. Apologies for the problem.
I think it's better if I just do it verbally. Do you guys see me? You gotta see me or hear me?
Yes, we can hear you. We can hear you,
But you know we can, okay.
I just,
No, Francis, Francis, excuse me. Unfortunately, the, the connection apparently yeah, is not good and
It's, yeah.
Hi Francis, let we, we, the connection is very choppy, so let's give it one more try. Now all the images are off the screen, so maybe if you just get close, maybe speak slowly and get close to your microphone. Let's see if we can proceed with just the verbal and we'll give it one more try here, but we're really choppy on this end, but please proceed.
Sure. Can you hear me?
Yes.
So please proceed and just slowly and close to the microphone and let's see if that works.
Okay, so I, I did a game a couple of weeks ago with Blair Cohen who was a co-founder of Authentic id. And we flashed six images on the screen and we asked all the participants in the webinar to guess which of these images were real and which were fake. Nobody got the right answer, which is, which goes to show that the tools are developing very, very rapidly and we need to change how we look and think about information that we're getting online.
And I would say that before where we're just seeing the beginning of the, of the challenges around generative AI and before we even see the impact of this really taking off already we are in a fraud crisis alone. This is a fraud crisis that is costing companies and enterprises and victims tons and tons of money, emotional as well. People are getting killed, people are killing themselves.
This is, in my opinion, a real, a real crisis. And the root of this crisis, in my opinion, boils down to compromise credentials. Either someone is stealing passwords or credential, either someone is being tricked to hand them over or someone is, is calling the help desk and is resetting those credentials. And this is all because personal information, these credentials or are essentially stored somewhere that are impossible to protect. And then we allow to use those credentials to authenticate ourselves somewhere in the transaction.
So even if an enterprise has passwordless authentication at the desktop or in the digital channel, if you allow someone to call your help desk and reset the credential using other information, that is where the attackers are going to go. And if anyone has any doubt, and what I'm saying, please refer to the MGM breach from last year, last September there was a company, I don't remember the name, that actually dissected that entire breach and it boils down to everything that I just mentioned.
And it's the same example over and over and over again.
So let me just say that because we're doing this audio, if anybody wants the slides, I'm very happy to send them. Just do me a favor and email at the end and I will send them my message. As I said in the beginning is that we do have the tools to combat this. There are five steps that I want to offer around combating these risks. I will start with the first one, eliminating central honeypots of personal information. We now have a whole group of technologies called Privacy Enhancing Technologies that can be used to store information and eliminate centralized repositories.
We don't have time to get into it today, especially with all of the glitches, but essentially these are technologies that will better protect data from hacks and which technology and which approach to be to, to choose.
Depends on the use case, depends on needs to audit and adjudicate.
Depends on whether and how you need to manage other keys and tokens and other personal information depends on the level of biometric performance and biometric modality and how you view vendor lock-in, like I said, we don't have time to get into it, but a non bit uses secure multi-party computation and zero knowledge proofs. I'm happy to get into all of that offline. Number two, use consistent biometrics across the user journey. I already alluded to the fact that pins and passwords and not as questions and we all know this are the root of all of the breaches.
And part of it is that the, the organizations are siloed in terms of having to connect the information that is collected at account origination all the way through the consumer or the employee lifecycle to the help desk.
This concept is called, I call it the circle of identity, others call it integrated identity management.
But according to either way, according to numerous studies including liminal research, it shows that if enterprise buyers take this approach, you can realize a 15 greater than a 15 x multiple on the investment By doing this because it reduces cost, reduces fraud, reduces manual review, reduces abandonment rate, and converts more customers and makes people more efficient. So take a look at this concept called integrated identity management or circle of identity. Number three, liveness detection. Today there should be no implementation of biometrics without this.
These are technologies that look for three or that are able to adjust for three things, 3D masks and models, whether they wear fraudsters, create a mask, deep fakes and presentation attacks where fraudsters will take a photo or video or voice recording of the authorized user and try to use that to get in.
So liveness detection also very, very important to use to combat the threat. Number four, injection detection.
Actually I think this is the most important out of all of them out because if you are able to look at, if you're able to understand that someone is capturing a fake voice or image and then trying to intercept the transmission, you would be able to stop a lot of fraud. And they're actually companies that are combining injection detection with biometric authentication in order to, in a single, in a single vector, in order to make sure that you're not separating like a malware detection away from the biometric authentication.
If you actually are doing do them simultaneously, you'll be able to to know that something is not right. Number five is augment biometric authentication with dynamic fraud detection. And this is really combining and looking at all kinds of risk signals also at the same time as doing a biometric authentication.
So this doing this will enhance the user experience because you may not want to or always ask for a biometric, but at least when you do, you know that it's based on a certain risk.
So my message is that despite the alarm bells, we do have the tools and we are able, if we are able to layer the tools, then we will be able to combat the threat and we, we can do this. So sorry for all of the technical difficulties, but hopefully the message was clear and I'm happy to share the slides and follow up with anyone offline. Thank you very much.
Thank you, Francis. Thank you so much.
