iProov has published its annual Threat Intelligence Report, documenting a sharp rise in AI-enabled identity fraud across enterprise and financial systems.
iProov's 2026 Threat Intelligence Report reveals a significant escalation in generative AI-powered identity attacks, with injection attacks targeting iOS devices rising 741% year-on-year and deepfake impersonation expanding into everyday corporate workflows. The report draws on data from iProov's Security Operations Centre (iSOC), combining real-time threat detection, dark web monitoring, red-team penetration testing, and biometric security research.
Injection attacks targeting iOS devices accelerated sharply throughout 2025. Whilst the first half of the year recorded a 14% increase, activity surged by 1.151% in the second half compared with the same period in 2024, resulting in a 741% increase for the full year. According to the report, this trajectory reflects the industrialisation of attack techniques that were previously limited to experimental or state-sponsored operations, now deployed as repeatable, scalable playbooks.
Deepfakes move deeper into enterprise environments
The report documents a shift in deepfake usage beyond identity verification systems and into broader corporate workflows, particularly video-based interactions. Advances in image-to-video generation are reducing the resources required to produce synthetic identities from minimal source material. The Ponemon Institute found that 41% of organisations have experienced deepfake attacks targeting executives, while a September 2025 Gartner study found 37% of cybersecurity leaders had encountered deepfake incidents during video calls.
Southeast Asia has emerged as a testing ground for new fraud techniques, recording a 720% spike in attacks during Q3 2025. The region has seen a rise in virtual camera attacks and stolen KYC identity packages, with techniques subsequently adopted and scaled to other regions, particularly Latin America.
Standards alignment and continuous monitoring
The report argues that static, legacy approaches to identity verification are no longer adequate given the pace of threat evolution. It calls for systems capable of continuous threat environment monitoring, aligned with recently updated standards including NIST SP 800-63-4, CEN/TS 18099, and FIDO Face Verification Certification. The shift, as framed by the report, extends organisational focus from technology capabilities alone to the visibility, agility, and operational speed of the systems that maintain them.
Broader industry incidents cited in the report, including those affecting Marks & Spencer and Jaguar Land Rover, illustrate how gaps in identity and access security can allow a single successful impersonation or social engineering attack to disrupt operations.
