Digital Identity in the Age of AI: Challenges and Opportunities

Yes, AI is everywhere. And yes, that means it is having an impact (one that will only grow) on the digital identity space. And like most other transformative technologies, the impact will be incredibly positive … and also something to be very concerned about. Now that the paper led by OpenAI asking policymakers, technologists, and standards bodies to think about how to develop mechanisms to identify whether an entity online is a person or an AI (I had a small part in that paper), the whole AI and identity is back at the forefront of my brain.

How AI is Changing Digital Identity Security

As our online identities grow more complex, artificial intelligence (AI) is playing a bigger role in keeping them safe. Organizations use AI to spot all sorts of nefarious activities and protect personal information by analyzing patterns and catching anything out of the ordinary. (Which makes me ask, “what is ordinary and who defines it?” I’d love to have that conversation sometime over beverages.)

AI isn’t just for tech giants—industries like banking and e-commerce are using it to prevent fraud and verify identities. For example, in banking, AI can track transaction habits to flag anything unusual, potentially stopping fraud before it happens. In online shopping, AI helps confirm who you are during transactions, cutting down on the risk of identity theft.

What is Adaptive Authentication?

Adaptive authentication is changing how we verify digital identities. Instead of relying on passwords, this method uses AI to evaluate the risk of an access request in real time. It looks at factors like where the request is coming from, what device is being used, and what time it is.

This approach has big benefits. For users, it means fewer annoying password prompts. For companies, it means stronger security because the system can adjust the level of authentication needed based on the perceived risk. All good stuff, until you look at the amount of data AI must access in order to make these determinations. Privacy advocates have a lot to say about this.

The Challenges of AI in Digital Identity

So let’s talk about the privacy aspects for a moment. While AI offers new ways to secure digital identities, the ramifications when it comes to privacy are huge. AI systems need a lot of data to work effectively, and this raises questions about how that data is collected and used.

Another concern is the potential for AI to be used in malicious ways, like creating deepfakes—fake media that looks real but isn’t. This technology could be used to create false digital identities, making it harder to tell what’s real online.

The European Union’s AI Act tackles the issues of where and how AI might be used, and is the first comprehensive regulation in the world on the subject. But, being the first, there are still significant concerns about whether it is enough. The rest of the world is watching to see what works, what doesn’t, and what they can take away from the effort for their own regulations.

AI’s Role in Different Industries

AI-driven digital identity tools are being used in many sectors, each with unique challenges and applications:

• Finance: AI helps detect fraud faster and more accurately by analyzing years of transaction data to spot suspicious patterns.
• Healthcare: Digital identity is crucial for protecting patient privacy and streamlining services. AI helps verify identities and manage access to sensitive medical records, ensuring secure and personalized care.
• E-commerce: Online retailers use AI to prevent identity theft by analyzing shopping patterns. AI can flag unusual transactions that may indicate fraud, protecting both the customer and the retailer.

Is there an industry that AI won’t touch? If that industry has any kind of online presence, then I’d say no, probably not.

The Global View: Working Together on AI and Digital Identity

Digital identity challenges aren’t confined to one country—they’re global. Just like when thinking about the Internet, commerce, and human migration, geopolitical boundaries are just another consideration when it comes to digital identity. I’ve already mentioned the EU’s AI Act. If you’re following this space at all, you should also be aware of the OECD’s AI Principles, initially published in 2019 and updated earlier this year (May 2024). If you’re in the US, you really need to check out the Executive Order President Biden’s administration posted in October 2023, “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.”

It’s always fascinating (and a little scary) when technology outpaces the law. Of course, it’s not all that great when the law outpaces technology and starts to make stuff up about what’s possible. If it wasn’t my digital identity and that of my 8 billion fellow humans, I’d heat up some popcorn and watch the demolition derby that is technology standards and regulations.

Wrap Up

So, yup, AI is having a big impact on digital identity. It’s making things safer, improving user experiences, and helping industries operate more efficiently. But with these benefits come challenges, especially around privacy and security.

For tech leaders, you kind of don’t have a choice. Your organization needs to get involved in shaping AI-driven digital identity solutions. By adopting these technologies now AND following the principles that exist to make it safe for your employees and customers, you will improve your organization’s security and efficiency. If you don’t, the hackers of the world will thank you.

And if you’re an individual contributor like me, stay on top of the tech news for the latest in security recommended practices. Look for any open calls for comments on the standards and principles that impact this space.

Of course, if you’d like to outsource paying attention to all this and get someone to write a monthly report on the latest, reach out to me, and we’ll see what’s possible.