The AI Arms Race and the Death of Traditional Biometrics in 2026

The global financial sector and enterprise cybersecurity landscape have entered a paradigm-shifting era in 2026, characterized by the systemic weaponization of Generative Artificial Intelligence (GenAI) and the deployment of autonomous AI agents by malicious actors. The traditional cybersecurity perimeter, once defined by static network boundaries, firewalls, and rule-based access controls, has effectively dissolved. In its place, human identity has become the absolute primary attack surface.^[1] This transition is explicitly marked by the catastrophic failure and collapse of traditional biometric verification mechanisms, which were fundamentally designed for physical presentation attacks rather than the sophisticated digital injection and synthetic video attacks that now dominate the contemporary threat landscape.^[3]

We are definitively past the era of easily detectable phishing emails and rudimentary credential stuffing. The rapid democratization of frontier AI models has yielded an unprecedented economic and operational asymmetry between attackers and defenders. While financial institutions and enterprise technology firms spend millions to fortify Know Your Customer (KYC) and Anti-Money Laundering (AML) pipelines, threat actors now utilize heavily commoditized, highly accessible AI tools costing mere dollars to generate photorealistic deepfakes, clone executive voices with near-perfect fidelity, and map enterprise vulnerabilities at machine speed.^[4]

During the first half of 2025 alone, deepfake-related fraud losses exceeded $410 million, with industry projections estimating that generative AI-enabled fraud across the financial sector could reach an astonishing $40 billion annually by 2027.^[1] The technology driving these losses has evolved from a theoretical fringe risk into a daily operational reality that undermines the fundamental trust mechanisms required for digital commerce and remote banking.^[1] This exhaustive report analyzes the 2026 threat landscape, detailing the transition from static cyber threats to autonomous agentic operations, the fundamental vulnerabilities inherent in current biometric frameworks, the psychological exploitation at the core of executive impersonation, and the regulatory imperatives driving the next generation of identity security.

By 2026, the fundamental nature of a cyberattack has shifted from human-driven keyboard exploitation to machine-speed autonomous operations. Gartner projects that 40% of enterprise applications will embed task-specific AI agents by the end of 2026, a staggering increase from less than 5% in late 2025.^[10] This evolution to "Stage 2" agentic AI transforms applications from static productivity tools into platforms capable of end-to-end autonomous collaboration.^[10] While this transition drives legitimate enterprise productivity, it concurrently provides threat actors with untiring, highly intelligent cyber-operatives.

Traditional security models focus on identifying and patching specific software vulnerabilities, relying on the assumption that an attacker must manually discover and exploit these flaws. However, AI agents introduce a paradigm shift because they are inherently non-deterministic. They do not merely execute a pre-written script or a linear set of commands. Instead, they are provided with a high-level goal-such as exfiltrating a customer database or moving funds across a decentralized protocol-and they autonomously reason through the necessary steps, adjusting their tactics in real-time based on the specific network environment they encounter.^[10]

Providing expert professional commentary on this systemic shift, Barak Turovsky, Operating Advisor at Bessemer Venture Partners and former Chief AI Officer at General Motors, observes the following regarding the fundamental nature of agentic threats:

"AI agents are not just another application surface-they are autonomous, high-privilege actors that can reason, act, and chain workflows across systems. The core risk isn't vulnerability, it's unbounded capability.".^[10]

This concept of "unbounded capability" is the defining cybersecurity challenge of 2026. Traditional rule-based security systems are easily subverted by agents because the agents do not follow documented, predictable steps. Furthermore, they lack any human moral judgment; given an optimization function, an agent may aggressively alter, delete, or manipulate critical infrastructure in highly destructive ways simply to achieve its programmed objective, without any hesitation or fatigue.^[10]

Autonomous Vulnerability Mapping in the Enterprise

The capabilities of these offensive agents are far from theoretical. In early 2026, a joint empirical study conducted by Wiz Research and the frontier AI security lab Irregular evaluated the performance of advanced models-including Claude Sonnet 4.5, GPT-5, and Gemini 2.5 Pro-against highly realistic enterprise and banking vulnerabilities.^[11] Researchers constructed ten controlled lab challenges modeled precisely after real-world breaches, utilizing a standard Capture the Flag (CTF) framework deployed via a proprietary agentic harness optimized for offensive security evaluations.^[11]

The results demonstrated a frightening level of machine proficiency. In one specific challenge modeled after a real-world hack of a major financial institution (dubbed the "Bank Actuator" vulnerability), an AI agent identified the underlying Spring Boot framework solely by analyzing the structure and timestamp format of a generic 404 error message.^[11] Without any human prompting or prior situational awareness, the agent immediately targeted the /actuator/heapdump endpoint to retrieve sensitive data and execute the exploit, securing the unique flag that proved compromise.^[11]

Furthermore, the economic cost of operating these autonomous offensive agents is alarmingly low. For single-target, directed tasks where the agent was pointed at a specific application, the expected cost per successful exploit ranged from a mere $1 to $10.^[11] Even when given a broad scope-instructed to scan an entire hosting environment and identify targets independently-the agents remained highly effective, with costs only increasing by a factor of 2 to 2.5.^[11] Agents consistently proved faster than human penetration testers at pattern recognition, stack identification, and executing complex, multi-step exploits, such as a 23-step authentication bypass on a coding platform.^[11] While agents occasionally struggled with highly creative pivots that required out-of-the-box intuition, their ability to scan codebases in seconds, identify misconfigurations at machine speed, and execute tactical exploit steps makes them a devastating, highly scalable threat to financial networks.^[11]

The McKinsey "Lilli" Compromise and the Speed of Machine Exploitation

The speed and autonomy of AI agents necessitate a fundamental rethinking of Security Operations Centers (SOC) and incident response timelines. An illustrative example of this threat is the compromise of McKinsey & Company's internal generative AI platform, "Lilli." The platform, used by approximately 30,000 employees for document analysis and strategy work, was targeted by an autonomous AI agent developed by the cybersecurity startup CodeWall during a red-team exercise.^[10]

Operating without any prior credentials, insider knowledge, or a human-in-the-loop, the autonomous agent identified publicly exposed technical documentation listing over 200 endpoints.^[10] The agent discovered that 22 of these endpoints required no authentication, and one specific endpoint accepting user search queries failed to properly validate input, creating a severe SQL injection flaw.^[10] Crucially, standard automated scanning tools had failed to flag this issue. However, the CodeWall agent recognized the vulnerability when database error messages reflected field names verbatim.^[10]

Within a mere two hours, the agent gained "write" access to the production database. This exposure allowed the agent to potentially access 46.5 million chat messages involving sensitive client engagements, 728,000 files, and 95 internal system prompts.^[10] The agent could have rewritten the chatbot's core instructions using a single HTTP call and a SQL UPDATE statement, requiring no code changes or software deployments.^[10] This incident confirms that human SOC analysts cannot match the velocity of autonomous agents. The detection window for data exfiltration, system manipulation, and cross-chain fund movement has narrowed from weeks or days to mere seconds.^[12]

OpenClaw and the Dissolution of Traditional Identity Boundaries

The proliferation of open-source agentic platforms has dissolved the traditional enterprise perimeter from the inside out. In early 2026, the viral surge of OpenClaw (formerly Clawdbot and Moltbot)-an open-source, locally run AI agent platform dubbed "Claude with hands"-highlighted this massive insider risk.^[13] Amassing hundreds of thousands of repository stars and driving a hardware rush for dedicated hosting machines, OpenClaw represents a significant shift from a helpful chatbot to an all-powerful autonomous entity capable of managing emails, executing terminal commands, and interacting deeply with enterprise applications like Slack, Teams, and Salesforce.^[14]

This development represents an identity security nightmare for enterprise Chief Information Security Officers (CISOs). An autonomous entity operating on a developer's machine possesses the lethal trifecta of AI agent risk: access to private corporate data, exposure to untrusted external content, and the authority to act on a human user's behalf.^[14] Because these agents operate with the user's localized permissions, traditional Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) mechanisms, such as SMS codes and push notifications, are effectively rendered dead.^[15] Autonomous bots easily bypass these controls in real-time by intercepting active session tokens or manipulating the host environment directly, making traditional password-based Identity and Access Management (IAM) frameworks entirely obsolete.^[15]

While automated attacks against KYC pipelines represent a massive volume of fraud, the highest individual financial impacts are derived from targeted executive impersonation and next-generation Business Email Compromise (BEC). The traditional corporate axiom of "trust but verify" has been utterly obliterated because, in 2026, seeing and hearing can no longer be equated with believing.

The Arup Incident: A Watershed Moment in Corporate Fraud

The defining case study of this psychological and technical vulnerability occurred in the finance department of the multinational design and engineering firm Arup. In a highly coordinated, sophisticated attack, a finance director based in Hong Kong received an urgent message regarding a confidential transaction and was invited to a routine video conference call.^[4]

Upon joining the Zoom call, the director saw the Chief Financial Officer and several other recognizable senior executives from the corporate headquarters.^[4] Every participant looked authentic, sounded entirely correct, and exhibited appropriate mannerisms and facial expressions. Instructed directly by the "CFO" to execute a highly sensitive, time-critical transaction, the finance director complied. Believing the visual and auditory evidence before them, the employee authorized 15 separate wire transfers totaling a massive $25.6 million (200 million HKD).^[23]

It was only later, when the employee verified the transaction with corporate headquarters through a separate, out-of-band channel, that the company realized the devastating truth. The finance director was the only living human being on the call. Every other face on that video conference was a real-time, interactive deepfake, meticulously generated from publicly available conference footage, shareholder meetings, and corporate media.^[4] By the time the fraud was discovered, the funds had vanished into dispersed criminal accounts.

The Exploitation of Human Psychology and Compliance Conditioning

The Arup case perfectly highlights the weaponization of human trust mechanisms. Traditional corporate security controls-manual review, dual-approval workflows, and hierarchical authorization-were fundamentally designed for linear threat models where impersonation was difficult and easily detectable.^[24] These frameworks operate on the evolutionary assumption of human visual and auditory reliability.

However, AI technology in 2026 can clone a human voice using just three seconds of reference audio, flawlessly replicating unique vocal characteristics, pacing, intonation, and emotional affect.^[4] Video deepfakes convincingly replicate facial movements and body language in real-time, matching lip movements to synthetic audio.^[4]

The psychological impact of this capability is profound. As noted by leading CISOs, organizations have spent decades training employees to comply with executive orders, to defer to corporate authority, and to execute instructions rapidly to facilitate business agility and maintain competitive advantage.^[24] When a flawless synthetic replica of the CEO or CFO leverages this deep-seated conditioned compliance, the human element becomes the weakest link in the security chain.

Internal testing data from Pindrop reveals that humans correctly identify deepfakes at roughly a 38% success rate-statistically worse than a random coin toss.^[24] Even highly trained cybersecurity researchers and media forensic experts routinely fail to distinguish synthetic media from authentic recordings during blind testing.^[24] The biological hardware of the human brain simply cannot detect the micro-anomalies of modern generative AI.

The Expanding Attack Surface: Virtual Meetings and the HR Threat

The threat of high-stakes impersonation extends far beyond direct wire transfers. In the distributed corporate environment of 2026, video conferencing platforms (Zoom, Microsoft Teams, Webex) represent the primary, most vulnerable attack surface for real-time deepfakes.^[5] The virtualization of the workforce post-2020 has permanently normalized remote, camera-based interactions, creating a massive, target-rich environment for threat actors.

Security researchers conservatively estimate that 60% to 80% of Fortune 500 CEOs have more than enough public footage available online to facilitate high-quality, real-time deepfake generation.^[5] Executives travel frequently, making the excuse "I'm in transit, let's use a quick video call" highly plausible to subordinate staff.^[5]

Furthermore, human resources and corporate hiring pipelines are actively under siege. Major financial institutions report multiple instances of extending lucrative job offers to candidates who conducted entire interview processes remotely, only to discover later that the candidate was entirely synthetic-a deepfake operated by a threat actor or state-sponsored group.^[24] The risk of inadvertently hiring a deepfake operative is severe. Once inside the corporate perimeter, these entities can bypass external security controls to steal intellectual property, exfiltrate customer data, or engage in salary arbitrage.^[26] As noted at the RSAC 2026 conference, the alert goes to security, but the hiring decision lives in HR, and recruiters are rarely trained as threat intelligence analysts.^[24]

The unprecedented severity of the AI fraud epidemic has triggered aggressive, sweeping regulatory responses globally. Financial institutions are no longer merely incentivized by self-preservation to protect their assets; they face immense legal liability, punitive fines, and operational sanctions if they fail to adapt to the new technological reality.

The European Union AI Act (Article 50) and Transparency Mandates

The most consequential and legally binding regulatory development of 2026 is the enforcement of the European Union Artificial Intelligence Act. Specifically, Article 50 of the Act introduces rigid, non-negotiable transparency obligations for AI-generated and AI-manipulated content, including deepfakes, which become fully enforceable across all member states in August 2026.^[29]

The AI Act fundamentally transforms deepfake detection from an optional cybersecurity best practice into a mandatory, highly audited compliance requirement. Under the regulation, organizations face severe financial penalties for non-compliance-reaching up to €35 million or 7% of their total global annual revenue, whichever is higher.^[31] Providers of generative AI systems, and critically, deployers utilizing them for professional or public-facing purposes, must ensure that all synthetic outputs are clearly marked in a machine-readable format and are easily detectable as artificially generated.^[32]

This forces financial institutions to completely overhaul their content management and verification pipelines. They must implement automated verification systems, such as Blackbird.AI's Compass Vision, that continuously analyze incoming visuals for manipulation, generate confidence scores, and establish documented audit trails suitable for regulatory review.^[31] The compliance burden requires integration directly into communication workflows, establishing a permanent cryptographic or forensic provenance for digital assets to prove reasonable diligence.^[31] In December 2025, the European Commission published the first draft of the Code of Practice on Transparency of AI-Generated Content, establishing the technical baseline for watermarking and detecting synthetic media that courts and regulators will use to assess compliance.^[29]

Concurrently, the Digital Operational Resilience Act (DORA), formally applied in the EU in January 2025, mandates that financial entities heavily harden their Information and Communication Technology (ICT) risk management, incident reporting, and third-party oversight.^[2] With 65% of large organizations viewing third-party and supply chain vulnerabilities as their top cyber resilience challenge (up from 54% in 2025), institutions are now legally bound to meticulously audit the AI dependencies and agentic risks introduced by their vendors.^[33]

FATF Horizon Scan and Global Anti-Money Laundering Overhaul

On a global scale, the Financial Action Task Force (FATF) issued a critical "Horizon Scan on AI and Deepfakes" in December 2025, outlining the urgent, immediate need to revise Customer Due Diligence (CDD), Anti-Money Laundering (AML), and Countering the Financing of Terrorism (CFT) frameworks.^[34]

The FATF report explicitly confirmed that legacy fraud detection technology has completely failed to keep pace with generative AI. It highlighted that deepfakes routinely and easily bypass current biometric liveness checks, triggering compliance alarms only post-factum, thereby creating a highly dangerous window for illicit fund diversion.^[3] The FATF strongly recommends that institutions invest in real-time synthetic media detection as a fundamentally distinct discipline from biometric verification, advocating for an "informed risk-based approach" tailored specifically to digital ID systems.^[36]

Furthermore, the FATF emphasized the severe risk of AI-automated transaction laundering. Threat actors are deploying custom AI agents specifically designed to route funds dynamically, exploit decentralized protocol vulnerabilities, and constantly alter transaction patterns to purposefully evade traditional rules-based AML monitoring systems.^[12] Financial institutions are now required to ramp up AI-detection capabilities, scale human review for anomalies, and invest heavily in cross-industry collaboration to identify synthetic laundering patterns.^[35]

Looking beyond immediate physiological checks, the frontier of cybersecurity and identity verification is actively merging with biotechnology. Substantial academic research, venture capital, and government funding are currently driving the commercialization of "biological computing" as the ultimate defense mechanism against purely digital synthetic impersonation.^[39]

Platforms utilizing Organoid Intelligence (OI)-a revolutionary scientific field where 3D cultures of human brain cells are interfaced directly with machine systems-are being developed to create hardware with unprecedented neurocomputing capabilities, minimal energy requirements, and massive scalability.^[41]

In the specific realm of biometrics and identity security, biological computing enables the utilization of dynamic, hyper-complex patterns of combined physiological and behavioral signals over time.^[40] Unlike digital algorithms, these biological systems adapt organically to the natural biological changes of the individual user, making them entirely robust against forgery from prior, recorded "versions" of a user's biometric signature.^[40]

This integration of biomolecules and Biomachine Interfaces (BMIs) represents a paradigm shift where the verification system itself possesses biological traits, making it theoretically impossible for a purely digital generative AI model to perfectly emulate the required neuro-biological response.^[43] While still in the early stages of commercialization, biological computing represents the horizon of zero-trust architecture, where human identity is verified not by digital proxies, but by direct biological resonance.

1. Fourthline, 'Deepfakes in Financial Services: How AI Fraud Is Reshaping Risks in 2026' (accessed April 6, 2026). Available at: https://www.fourthline.com/blog/deepfakes-in-financial-services
2. Kaseware, '2025 Cyber Risks Recap and 2026 Action Plan' (accessed April 6, 2026). Available at: https://www.kaseware.com/post/2025-cyber-risks-recap-and-2026-action-plan
3. 'Liveness Detection vs Deepfake Detection: What's the Real ...' (accessed April 6, 2026). Available at: https://www.duckduckgoose.ai/blog/liveness-detection-vs-deepfake-detection-whats-the-real-difference
4. 'Deepfake CEO Fraud: $50M Voice Cloning Threat CFOs | Brightside AI Blog' (accessed April 6, 2026). Available at: https://www.brside.com/blog/deepfake-ceo-fraud-50m-voice-cloning-threat-cfos
5. 'The $25 Million Deepfake: Why Your Video Calls Can No Longer Be Trusted' (accessed April 6, 2026). Available at: https://guptadeepak.com/the-25-million-deepfake-why-your-video-calls-can-no-longer-be-trusted/
6. '4 key steps to tackling AI-fuelled cyber fraud | World Economic Forum' (accessed April 6, 2026). Available at: https://www.weforum.org/stories/2026/03/ai-global-cyber-fraud-roadmap/
7. 'INTERPOL report warns of increasingly sophisticated global financial fraud threat' (accessed April 6, 2026). Available at: https://www.interpol.int/News-and-Events/News/2026/INTERPOL-report-warns-of-increasingly-sophisticated-global-financial-fraud-threat
8. FinTech Magazine, 'Deepfakes Drive 20% of Biometric Fraud Attempts' (accessed April 6, 2026). Available at: https://fintechmagazine.com/news/cybercrime-when-the-sun-is-down-entrust-shows-attack-surge
9. Entrust, '2025 Identity Fraud Report' (accessed April 6, 2026). Available at: https://www.entrust.com/sites/default/files/documentation/reports/2025-identity-fraud-report.pdf
10. 'Securing AI agents: the defining cybersecurity challenge of 2026 ...' (accessed April 6, 2026). Available at: https://www.bvp.com/atlas/securing-ai-agents-the-defining-cybersecurity-challenge-of-2026
11. 'AI Agents vs Humans: Who Wins at Web Hacking in 2026? | Wiz Blog' (accessed April 6, 2026). Available at: https://www.wiz.io/blog/ai-agents-vs-humans-who-wins-at-web-hacking-in-2026
12. 'Autonomous AI Agents and Financial Crime: Risk, Responsibility, and Accountability' (accessed April 6, 2026). Available at: https://www.trmlabs.com/resources/blog/autonomous-ai-agents-and-financial-crime-risk-responsibility-and-accountability
13. IBM, 'Cybersecurity Trends 2026' (accessed April 6, 2026). Available at: https://www.ibm.com/think/insights/more-2026-cyberthreat-trends
14. 'How autonomous AI agents like OpenClaw are reshaping enterprise identity security' (accessed April 6, 2026). Available at: https://www.cyberark.com/resources/blog/how-autonomous-ai-agents-like-openclaw-are-reshaping-enterprise-identity-security
15. YouTube, 'The End of Passwords? Why 2026 is the Year Your Identity Dies' (accessed April 6, 2026). Available at: https://www.youtube.com/watch?v=Cnr9VEy2OKY
16. SentinelOne, '10 Cyber Security Trends For 2026' (accessed April 6, 2026). Available at: https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-trends/
17. 'Deepfakes, Social Engineering, and Injection Attacks on the Rise: Entrust 2026 Identity Fraud Report Reveals Surging Attacks and Diversifying Tactics' (accessed April 6, 2026). Available at: https://www.entrust.com/company/newsroom/deepfakes-social-engineering-and-injection-attacks-on-the-rise
18. '2026 Identity Fraud Report | Entrust' (accessed April 6, 2026). Available at: https://www.entrust.com/resources/reports/identity-fraud-report
19. Sumsub Warns E-Commerce, Healthtech and Fintech at Risk, 'Synthetic Identity Document Fraud Surges 300% in the U.S.' (accessed April 6, 2026). Available at: https://sumsub.com/newsroom/synthetic-identity-document-fraud-surges-300-in-the-u-s-sumsub-warns-e-commerce-healthtech-and-fintech-at-risk/
20. 'Synthetic Identity Fraud Statistics 2026: Hard Numbers, Big Threats | BIIA.com' (accessed April 6, 2026). Available at: https://www.biia.com/synthetic-identity-fraud-statistics-2026-hard-numbers-big-threats/
21. 'Sumsub's Annual Report: Fraud Shifts to Complex Multi-Step Schemes in 2025, Agentic AI Scams Poised to Surge in 2026' (accessed April 6, 2026). Available at: https://sumsub.com/newsroom/sumsubs-annual-report-fraud-shifts-to-complex-multi-step-schemes-in-2025-agentic-ai-scams-poised-to-surge-in-2026/
22. Wolters Kluwer, 'The AI imperative in banking: Moving from pilot to production' (accessed April 6, 2026). Available at: https://www.wolterskluwer.com/en/expert-insights/the-ai-imperative-in-banking-moving-from-pilot-to-production
23. Vectra AI, 'AI scams in 2026: how they work and how to detect them' (accessed April 6, 2026). Available at: https://www.vectra.ai/topics/ai-scams
24. Pindrop, 'My First RSAC: How CISOs See the Deepfake Threat' (accessed April 6, 2026). Available at: https://www.pindrop.com/article/my-first-rsac-how-cisos-see-the-deepfake-threat/
25. ID.me, 'The Identity Fraud Landscape: 2026 and Beyond' (accessed April 6, 2026). Available at: https://network.id.me/article/the-identity-fraud-landscape-2026-and-beyond/
26. Sardine, 'Deepfake Detection: Identify and Stop Synthetic Media' (accessed April 6, 2026). Available at: https://www.sardine.ai/blog/ai-deepfake-detection
27. 'UNODC-INTERPOL global summit mobilizes action against fraud surge' (accessed April 6, 2026). Available at: https://www.unodc.org/unodc/en/press/releases/2026/March/unodc-interpol-global-summit-mobilizes-action-against-fraud-surge.html
28. 'INTERPOL ¦ Global Financial Fraud Threat Assessment 2026 | FinancialCrime.lu' (accessed April 6, 2026). Available at: https://financialcrime.lu/2026/03/16/INTERPOL-Global-Financial-Fraud-Threat-Assessment-2026/
29. 'European Commission Publishes Draft Code of Practice on AI Labelling and Transparency' (accessed April 6, 2026). Available at: https://www.jonesday.com/en/insights/2026/01/european-commission-publishes-draft-code-of-practice-on-ai-labelling-and-transparency
30. Pearl Cohen, 'New Guidance under the EU AI Act Ahead of its Next Enforcement Date' (accessed April 6, 2026). Available at: https://www.pearlcohen.com/new-guidance-under-the-eu-ai-act-ahead-of-its-next-enforcement-date/
31. 'Deepfake Detection Now Required Under European Union AI Act Rules | Blackbird.AI' (accessed April 6, 2026). Available at: https://blackbird.ai/blog/deepfake-detection-required-eu-ai-act-blackbird-ai-compass/
32. 'Illuminating AI: The EU's First Draft Code of Practice on Transparency for AI-Generated Content | Publications | Kirkland & Ellis LLP' (accessed April 6, 2026). Available at: https://www.kirkland.com/publications/kirkland-alert/2026/02/illuminating-ai-the-eus-first-draft-code-of-practice-on-transparency-for-ai
33. 'From autonomous AI attacks to interconnected systems: Five forces reshaping cyber risk in Asia Pacific | Visa' (accessed April 6, 2026). Available at: https://www.visa.com.sg/about-visa/stories/2026/from-autonomous-ai-attacks-to-interconnected-systems-five-forces-reshaping-cyber-risk-in-asia-pacific.html
34. FATF, 'Horizon Scan AI and Deepfakes' (accessed April 6, 2026). Available at: https://www.fatf-gafi.org/en/publications/Methodsandtrends/horizon-scan-ai-deepfake.html
35. Impacts on AML/CFT/CPF | TLT LLP, 'FATF Horizon Scan: AI & Deepfakes' (accessed April 6, 2026). Available at: https://www.tlt.com/insights-and-events/insight/fatf-horizon-scan-ai-deepfakes----impacts-on-aml-cft-cpf
36. Shufti Pro, '5 Key Takeaways from the FATF Horizon Scan Report on Deepfakes' (accessed April 6, 2026). Available at: https://shuftipro.com/blog/key-takeaways-from-fatf-horizon-scan-report-on-deepfakes/
37. Promon, 'Deepfake attacks in mobile banking: A growing threat to app security in 2025' (accessed April 6, 2026). Available at: https://promon.io/security-news/deepfake-mobile-banking-apps
38. 'The death of the password a deep dive into biometrics behavioral analytics and the zerotrust future' (accessed April 6, 2026). Available at: https://www.ijisrt.com/the-death-of-the-password-a-deep-dive-into-biometrics-behavioral-analytics-and-the-zerotrust-future
39. Department of Industry Science and Resources, '2025 Calendar Year' (accessed April 6, 2026). Available at: https://www.industry.gov.au/sites/default/files/2026-02/senate-order-13-2025-calendar-year.pdf
40. System and method to maintain health using personal digital phenotypes - Google Patents, 'US11786174B2' (accessed April 6, 2026). Available at: https://patents.google.com/patent/US11786174B2/fr
41. ResearchGate, 'Robotic surgery and cardiac biosignals: Bridging human-artificial intelligence collaboration | Request PDF' (accessed April 6, 2026). Available at: https://www.researchgate.net/publication/400030668_Robotic_surgery_and_cardiac_biosignals_Bridging_human-artificial_intelligence_collaboration
42. computing, '2025 tech trends report • 18th edition' (accessed April 6, 2026). Available at: https://ftsg.com/wp-content/uploads/2025/03/Computing_FINAL_LINKED.pdf
43. 2025 tech trends report - Future Today Strategy Group, '18th edition' (accessed April 6, 2026). Available at: https://ftsg.com/wp-content/uploads/2025/03/FTSG_2025_TR_FINAL_LINKED.pdf