Digital Identity Verification Solutions

Trust in the AI age is being redefined by new approaches to authentication. Here are some of the key recent developments you need to be aware of: 🏷️ Pinterest will start labelling pins as "AI modified" where AI generation or alteration is detected, using both metadata and Pinterest's own classifiers. The platform will also start testing a ‘see fewer’ option on GenAI-labelled Pins, allowing users to avoid AI content for certain categories featuring high volumes of AI modification or generation, including art and beauty. 🏷️ Adobe and the Content Authenticity Initiative announced the public beta launch of the Content Authenticity app, a free tool anyone can use to digitally sign their work and request to opt out of training by AI using Content Credentials. Content Credentials also help provide transparency about how a piece of content may have been captured, generated, or edited over time. 🏷️ Google confirmed SynthID, its proprietary watermarking technology, will be deployed within Gemini's new image editing features, continuing its policy of deploying SynthID within all Gemini products. Google also announced they're experimenting with adding a visible watermark on all images generated by Gemini. 🏷️ LinkedIn announced its native verification process can now be used across partner platforms, providing a "Verified on LinkedIn" badge to confirm a user's identity has been authenticated. Adobe are one of the first to integrate the feature within the new Content Authenticity app (mentioned above) and its Behance platform. 🏷️ Sam Altman's Tools for Humanity, the startup behind the World Human Verification project, unveiled a mobile version of its Orb device designed to determine the difference between a human and an AI agent. The "Orb Mini" scans an individual's eyeballs, providing a "unique identifier on the blockchain to verify you're a human". Let me know if you think I missed anything significant. Links in the comments below:

🗞️ Needed report By CyberArk on a burning issue : identity security. A decisive element that will determine our ability to restore digital trust. 🔹 « Identity is now the primary attack surface. » Defenders must secure every identity — human and machine 🔹 with dynamic privilege controls, automation, and AI-enhanced monitoring 🔹and prepare now for LLM abuse and quantum disruption. Machine identities are the fastest-growing attack surface 🔹Growth outpaces human identities 45:1. 🔹Nearly half of machine identities access sensitive data, yet 2/3of organizations don’t treat them as privileged. Quantum readiness is urgent 🔹Quantum computing will break today’s cryptography (RSA, TLS, identity tokens). 🔹Transition planning to quantum-safe algorithms must start now, even before standards are finalized. Large Language Models include prompt injection, data leakage, and misuse of AI agents. So organizations must treat them as a new class of machine identity requiring monitoring, access controls, and secrets management. 🧰 What can we do? ⚒️ 1/ Implement Zero Standing Privileges (ZSP) • Remove always-on entitlements; grant access dynamically and just-in-time. • Minimize lateral movement by revoking privileges once tasks are complete 👥2/ Secure the full spectrum of identities • Differentiate controls for workforce, IT, developers, and machines. • Prioritize machine identities: vault credentials, rotate secrets, and eliminate hard-coded keys. 🛡️ 3/ Embed intelligent privilege controls • Apply session protection, isolation, and monitoring to high-risk access. • Enforce least privilege on endpoints; block or sandbox unknown apps. • Deploy Identity Threat Detection & Response (ITDR) for continuous monitoring. ♻️ 4/ Automate identity lifecycle management • Use orchestration to onboard, provision, rotate, and deprovision identities at scale. • Relieve staff from manual tasks, counter skill shortages, and improve compliance readiness. 5/ Align security with business and regulatory drivers • Build an “identity fabric” across IAM, PAM, cloud, SaaS, and compliance. • Tie metrics (KPIs, ROI, cyber insurance conditions) to board-level priorities. 6/ Prepare for next-generation threats • Establish AI/LLM security policies: control access, monitor usage, audit logs. • Begin phased adoption of post-quantum cryptography to protect long-lived sensitive data. Enjoy the read

What percentage of applicants are fraudulent? I was shocked to learn that it's around 30-50% (especially for remote roles!) Misrepresenting skills, lying about experiences, or fake reference are nothing new - this is why companies have methods in place to validate skills through assessments, verify the identity of references, etc. But the current state - different people showing up throughout the interview, the person who shows up on day one being a different person from the one who interviewed, people using AI filters to misrepresent their identity or to feed them answers to try and game an interview is a new challenge. Of course some folks are just trying to game the system to land a job in a difficult job market. But there are also bad actors who are looking to gain access to private data or destroy systems and that's a huge risk for employers (and all of us who trust these companies to protect our data). This was a big topic of discussion at Talent Connect this week, and here's what some companies are doing: - Checking email history - Checking for VPN usage - Using IP addresses to verify location - Using AI screeners that also monitor for use of additional tools, whether you're reading from a script, etc. - Asking candidates to share their background or share their entire screen - Checking your LinkedIn - Using tools like CLEAR or ID me to to verify identify - Recording interviews or taking pictures of candidates at each stage - Having people show their ID on screen and using facial recognition software to ensure a match - Requiring an in person interview as part of the job, even if the job is remote Does some of this feel invasive to an applicant, particularly when most people are doing the right thing and just trying to get a job? Yes, I would imagine so. Do I think companies are going to prioritize candidate experience at the expense of their own security? Absolutely not. The risk of a company accidentally hiring a bad actor is far greater than them declining someone great for their role who doesn't like their hiring process. My advice to jobseekers: 1. You need to do your due diligence.  Multiple times every day, I see people falling for scams. And some of the practices above are great ways for scammers to take advantage of jobseekers. So before actually clicking links, showing your ID, or taking an interview, make sure you're communicating with a legitimate employer. 2. Maintain an active LinkedIn.  Include a profile picture, post every now and then, have connections from former employers or classmates. 3. Decide what you're comfortable with Personally, if I want to work at a company and trust that company, I'm gonna do the AI interview or their ID verification. If you don't want to, that's OK, but know it could mean being disqualified. 4. Don't do things that make you look fake If your application looks like the ones submitted by bots, they may assume you're a bot.

Here's a decision tree to help developers and admins who manage Microsoft 365, Azure and Entra tenants, pick the most secure authentication method for their apps. Managed Identities The best option for app secrets is to not have any secrets in the first place. This way, you're app credentials can never be leaked. Where possible, always choose to use managed identities in Azure and similar features in other platforms like AWS and GCP. Did you know that with Managed Identities in Azure, no one, including the Global Administrator, can access the underlying credential? With managed identities, identities are provided and deleted with Azure resources. Workload Identity Federation With workload identity federation, you can set up Microsoft Entra ID to trust 3rd-party identity provider tokens from services like AWS, GitHub, and Google Cloud. For example, using this approach, an app running on AWS with an identity in Amazon Cognito can present its Cognito token to Entra ID to access Entra-protected resources like Azure OpenAI or Microsoft Graph.  Certificates Not all services in Azure support Managed Identities yet, and there maybe instances where workload identity federation might not be an option. The next best method is to use certificates for app authentication. When using certificates, you are responsible for using short lived certificate expiry, protecting the private key from being leaked and rotating the cert when it expires (or if there is a compromise). You also need to worry about application outage while the cert is being rotated (unless your devs add support for multiple active keys). Client ID & Secret This is by far the most used app authentication method because of its simplicity. Unfortunately, this is also the reason credentials are leaked quite easily and unintentionally. Dangers include secrets checked into code, secrets left lying around on unencrypted text files, etc. Leaked credentials grant easy access to your data to threat actors. Where possible, help your devs and vendors move off client secrets to using stronger authentication like managed identities and certs. Learn more To learn more about avoiding common app-related security pitfalls, see this recent post by Brian Melton-Grace. https://lnkd.in/gNYz6zZx To learn about workload identity federation, see https://lnkd.in/gqRfC2bZ To learn about using Entra conditional access policies for workload identities, Workload Identity Protection, and setting tenant policies to block the use of secrets, see https://lnkd.in/gqvV5rGY If you found this helpful, please like and share this post with your network! Tx.

Advancements in AI have made it increasingly difficult to distinguish between what is real and what is not, and inauthenticity is a growing problem. Given this week is International Fraud Awareness Week, I wanted to highlight a few ways our teams are working to protect members from inauthentic interactions on LinkedIn.   1. Detecting and removing fake accounts - Fake accounts are the root of a lot of harm on the internet and often use AI-generated profile images to disguise themselves and do harm through scams and fraud. Last year, our teams collaborated with University of California, Berkeley’s Professor, Hany Farid, to develop a new approach for detecting a common type of AI-generated profile photos with 99.6% accuracy. Earlier this year, we shared an update on the work and introduced a new concept for a model that can detect AI-generated profile images produced by a variety of different generative algorithms. You can read the latest on our research and approach here: https://lnkd.in/J8dskW 2. Helping foster content authenticity and transparency - Digital information is a critical part of our everyday lives, and we want our members to be able to accurately identify AI-generated or AI-edited images and videos. A few months ago, LinkedIn started rolling out Content Credentials, the Coalition for Content Provenance and Authenticity (C2PA)’s technical standard. Content Credentials show up as a “Cr” icon on images and videos that contain C2PA metadata. When you click the icon, you'll be able to trace the origin of the AI-created media, including the source and history of the content and whether it was created or edited by AI. You can learn more about LinkedIn’s adoption of C2PA standards here: https://lnkd.in/eGRhdcEc 3. Features to signal trust - Building trust is the first step to any opportunity, whether it’s a new job, opportunity, or connection. LinkedIn’s verification feature allows members to display verified information, including identity, workplace, and educational institutions. Having a verification badge can help give others more confidence to interact because specific information has been confirmed, which helps build credibility with your audiences. When you see a verification badge on LinkedIn, you can use this information to make informed decisions about the people, companies, and jobs you interact with on LinkedIn. Learn more about the latest on LinkedIn verification: https://lnkd.in/e3Q_FeqY While bad actors are relentless in their efforts, I am so proud to be part of this mission-driven team continuing to disrupt their plans, equip our members with more tools, and keep Linkedin safe, trusted and professional. 

#AI | #Blockchain : MahaAgri-AI Policy 2025-2029 .  The key objectives that the department of Agriculture seeks to achieve through this policy are : 1. Develop and deploy a statewide food traceability and quality certification platform as part of #DPI : Establish a digitally integrated platform that ensures end-to-end traceability of agricultural produce and enables verification of food quality through credible government backed and internationally recognised certifications. Leveraging AI, blockchain, QR codes, and #IoT, the platform will enhance transparency, support compliance with national and international standards, and improve market access for farmers and producer collectives. 2.  Promote Farmer Centric Design and Adoption: Ensure farmers are co-creators in AI solution design by enabling participatory model development, multilingual advisory delivery, and community-based piloting mechanisms 3. Deploy Remote Sensing-Based Engine as a Shared Digital Public Good for the state: Deploy a unified, AI-enabled Remote Sensing Intelligence Engine to serve as a shared digital public good across multiple departments. This engine will process satellite imagery, drone feeds, and GIS datasets to generate high-resolution insights on land use, crop health, water availability, soil moisture, vegetation indices, and disaster risk. 4. Build Digital Public Infrastructure for Agriculture (DPI-A): Operationalize the Agriculture Data Exchange (ADeX), expand weather and soil sensor networks, and integrate with platforms such as Agristack and MahaAgriTech to support AI readiness 5. Mainstream GenAI and Emerging technology across #Agriculture value chain: Deploy context-specific GenAI and emerging technology enabled tools for crop planning, disease and pest prediction, irrigation management, supply chain optimization, post harvest handling, and market access.

Decentralized Identity (DCI) systems are an innovative approach to managing personal data. By harnessing blockchain technology, they are designed to give individuals complete control over their identity information—a significant shift from traditional centralized systems in which entities like governments or corporations hold and manage personal data. This shift is crucial as it enhances privacy and transparency, allowing users to manage their data securely, and by utilizing blockchain technology, DCI systems ensure that data is secure, transparent, and tamper-proof. This technological foundation supports selective information sharing, where users can choose to share only the necessary data, thereby adhering to data minimization principles. Advanced encryption techniques within DCI systems protect user identities from theft and fraud, offering enhanced security and privacy. The global and interoperable framework of DCI systems allows for their application across various services, making them a versatile and user-friendly solution for managing personal identities in the digital age. #DecentralizedIdentity #DCI #blockchain #privacy #PersonalData

🔐 What’s the difference between a Decentralized Identifier (DiD) and a Proof of Humanity (PoH)? And why are Zero-Knowledge Proofs (ZK) the missing layer to scale their adoption in enterprise environments? In corporate settings where identity, traceability, and regulatory compliance are critical, digital identity management is evolving. A new layer is emerging: decentralized, verifiable, and privacy-preserving identities. 🆔 DiD: User-controlled identity A Decentralized Identifier (DiD) is a unique, verifiable, and decentralized identifier. It does not rely on a centralized identity provider (Google, Meta, a government...) but on a blockchain or DLT-based system. 🔧 Enterprise use cases: Passwordless authentication without relying on third parties. Signing contracts or audit trails without overexposing identity. Managing supplier identities in distributed industrial networks. 👤 Proof of Humanity: Ensuring a real person is behind the identity PoH verifies that an identity belongs to a real, unique human being. Having a wallet or identifier is not enough humanity must be verified. 🔧 Enterprise use cases: Access control to sensitive corporate processes (voting, compliance, certified training). Fraud prevention in incentive or marketing campaigns (bots, identity duplication). Verifying real users in internal networks or corporate communities. 🧠 ZK Proofs: the missing link The challenge was always: how to prove these conditions without exposing personal data or violating GDPR and similar regulations. With Zero-Knowledge Proofs, it's now possible to prove: That someone is an employee, That they completed a training or compliance check, That they are human and not registering multiple accounts… ✅ All without revealing their name, wallet address, or location. 🔧 Direct applications: Human Resources: global onboarding with embedded privacy. ESG reporting: anonymous but verifiable internal surveys. Finance & Compliance: AML/KYC adherence without unnecessary data exposure. 🏁 Conclusion This technological trio redefines how enterprises manage identity, personal data, and trust across distributed ecosystems. #Blockchain #DiD #ZKProofs #ProofOfHumanity #DigitalIdentity #PrivacyByDesign #GDPR #Web3Enterprise #KYC #ComplianceTech #DecentralizedIdentity

Google has begun phasing out third-party cookies, signalling a significant shift for publishers and advertisers. This change necessitates reevaluating strategies to maintain audience insights while respecting user privacy. As third-party cookies become obsolete, several alternatives have surfaced: ✅Privacy Sandbox: Google's initiative introduces APIs like Topics and Protected Audience to enable interest-based advertising without individual tracking. ✅Publisher-Side and Server-Side Tracking: Leverage first-party data collected directly from user interactions on your site. ✅Universal IDS and Identity Graphs: Anonymised identifiers track behaviour across platforms, balancing personalisation and privacy. ✅Fingerprinting: Uses device traits for identification (effective but ethically debated). Navigating this shift demands balancing innovation with ethics. While alternatives like Privacy Sandbox and server-side tracking fill gaps, success lies in combining these tools with user-centric strategies. Prioritise solutions that respect consent and transparency, like first-party data and contextual ads, to sustain relevance and trust. This isn’t just compliance; it’s a chance to rebuild audience relationships on ethical grounds. Here are the key takeaways for publishers: 1.    Invest in First-Party Data: Grow repositories via registrations, subscriptions, and direct engagement. 2.    Embrace Contextual Advertising: Align ads with content, not just user behaviour. 3. Prioritise Transparency: Clearly explain data use and obtain explicit consent. 4.    Adopt Privacy-Centric Tech: Choose tools that balance insights with compliance. Adapting to a cookieless world turns challenge into opportunity; ethical practices foster deeper trust. How is your team adapting? Share your strategies in the comments below! #CookielessFuture #FirstPartyData #PrivacyFirst #DigitalPublishing #AdTech

Why Identity Access Management Is Critical for Modern Enterprises Identity Access Management (IAM) is the vital part of any robust security architecture - especially as traditional perimeters dissolve in today’s distributed environments. For technical leaders and practitioners, effective IAM isn’t just about authentication. It’s about implementing continuous, granular controls that adapt to organizational change and emerging risk. Key pillars include: User Access Reconciliation: Regular alignment of granted permissions with actual entitlements in critical systems is non-negotiable. Automated and periodic reconciliation detects orphaned accounts and excessive privileges, reducing attack surfaces. Privileged Access Management (PAM): High-risk accounts with broad capabilities must be tightly governed. PAM enforces strict controls such as just-in-time elevation, session monitoring, and audit trails to protect sensitive assets from exploitation. Timely Access Revocation: When users change roles or exit, immediate deprovisioning is crucial. Delays can leave dormant accounts vulnerable to misuse or compromise. Automated workflows ensure access rights are always in sync with current employment status and responsibilities. Principle of Least Privilege: Users should have the minimal access needed to perform their functions - nothing more. This foundational control limits exposure and contains lateral movement in case of breaches. Periodic Role Transition Audits: Role transitions are inevitable. Regular reviews of access entitlements ensure that evolving responsibilities are matched by appropriate authorizations, preventing privilege creep and segregation-of-duty violations. In a zero-trust era, identity is the new perimeter. Mature IAM programs employ multifactor authentication, continuous role audits, and real-time response to changes, providing both agility and security at enterprise scale. #IAM #CyberSecurity #IdentityManagement #PAM #ZeroTrust