Polish researcher Borys Musielak demonstrated a major security flaw in automated identity verification systems by using ChatGPT-4o to generate a convincing replica of his passport in just five minutes.
The AI-generated document proved realistic enough to potentially deceive most automated Know Your Customer (KYC) systems that rely on photo verification methods. Musielak shared his findings on social media platform X, highlighting serious implications for digital identity verification.
"Any verification flow relying on images as 'proof' is now officially obsolete," Musielak stated, noting that the vulnerability extends to both static and video selfie verifications.
The AI-crafted passport successfully bypassed basic KYC checks used by major fintech platforms like Revolut and Binance, which primarily depend on photo ID uploads and user selfies for verification.
Industry experts warn this development could enable large-scale identity theft, fraudulent credit applications, and creation of fake accounts with unprecedented efficiency compared to traditional methods like Photoshop.
In response to mounting security concerns, experts recommend implementing stronger authentication methods, particularly NFC-based verification and electronic identity documents (eIDs) that provide hardware-level security.
ChatGPT's developer has already taken action, with the platform now refusing similar document generation requests, citing safety policies against creating fake identification documents.
Musielak emphasized that the future of secure identity verification lies in digitally verified solutions, particularly pointing to EU-mandated eID wallets as a viable path forward for industries requiring robust KYC processes.