Industrialized AI deception drives 1,151% surge in iOS-targeted injection attacks, as deepfake impersonation hits the enterprise
iProov, the world’s leading provider of science-based biometric identity verification solutions, released its 2026 Threat Intelligence Report. Drawing on live observations of criminal activity worldwide, the report examines how generative AI is enabling threat actors to evolve their tactics and launch attacks faster and at greater scale, targeting organizations that rely on digital identity verification to secure access to systems and high-value transactions.
Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
“Identity is becoming the new battleground in cybersecurity,” said Dr. Andrew Newell, Chief Scientific Officer at iProov. “Generative AI is allowing attackers to industrialize digital impersonation at scale.”
Key findings include:
- Injection attacks targeting iOS devices surged by 1,151% in the second half of 2025, contributing to a 741% annual increase.
- Deepfake impersonation is expanding within enterprises across everyday corporate workflows, particularly video-based interactions.
- Southeast Asia experienced a 720% spike in attacks in Q3 2025, highlighting the region’s role as a testing ground for emerging fraud techniques.
“Identity is becoming the new battleground in cybersecurity,” said Dr. Andrew Newell, Chief Scientific Officer at iProov. “Generative AI is allowing attackers to industrialize digital impersonation at scale. To defend against this, organizations must be able to establish genuine human presence in digital interactions to ensure trust and security.”
Evidence of the growing threat is reflected across the wider industry. According to the Ponemon Institute, 41% of organizations have experienced deepfake attacks targeting executives, while a September 2025 Gartner study found that 37% of cybersecurity leaders have encountered deepfake incidents during video calls. These findings illustrate how advances in AI are accelerating identity-based attacks — from deepfakes to impersonation and social engineering — across digital systems and corporate communications. Recent cyber incidents, including those affecting Marks & Spencer and Jaguar Land Rover, demonstrate how gaps in identity and access security can leave organizations exposed, allowing a single successful impersonation or social engineering attack to disrupt systems and operations.
The iOS Security Gap
Attacks targeting iOS devices accelerated rapidly throughout 2025, indicating they have suddenly become an attractive target for attackers. While the first half of the year saw a 14% increase in injection attacks, activity surged in the second half, rising by 1,151% compared with the same period in 2024. This marks the industrialization of attack techniques once feasible only for experimental or state-sponsored use, as they move from isolated operations to weaponized, repeatable playbooks deployed at scale.
Deepfakes Strengthen Their Hold on the Enterprise
Deepfakes are increasingly being used beyond identity verification systems and into everyday corporate workflows, particularly across video-based interactions. Advances in image-to-video generation, driven by widely accessible AI tools such as Kling AI, Nano Banana, and similar platforms, are making it easier than ever to quickly create highly realistic synthetic identities from minimal source material.
Globalization of Crime Networks With Southeast Asia Leading the Way
Identity fraud is also becoming increasingly globalized. Criminal groups are attacking in Southeast Asia which has become a test ground for new techniques, including virtual camera attacks and stolen KYC identity packages. During 2025, the region experienced dramatic spikes in activity, including a 720% increase in attacks during Q3. Once proven, these techniques are then adopted and scaled by criminal groups to other regions, particularly Latin America, accelerating the spread of coordinated identity attacks across global financial institutions and digital platforms.
Organizations Must Shift to Continuous Identity Threat Detection and Standards Alignment
The rapid evolution of the threat landscape is outpacing static, legacy approaches to identity verification and authentication. These approaches assume threats are constant and that defenses can be tested by static methodologies alone, and they have become obsolete and perilous. As a result, organizations must adopt systems that continuously monitor the threat environment and are set up to evolve in response to the changing threats, increasingly powered by AI. This broadens their focus from technology capabilities to the visibility, agility, and speed of the business systems that maintain them. Key to this is conformance with recently updated standards and guidelines outlined in NIST SP 800-63-4, CEN/TS 18099, and FIDO Face Verification Certification.
Catch more CIO Insights: CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write to psen@itechseries.com ]
