When AI Can Fake a Face, How Do You Know It’s Really a Human?
Passwords were never designed to prove who you are. They were designed to prove that someone knows a string of characters. For most of the history of the web, that was close enough. It is no longer close enough.
AI-generated faces and voices can now pass video verification checks. Deepfakes that would have been detectable two years ago are increasingly indistinguishable from live footage. Stolen credentials are available for purchase within hours of a breach. And AI agents, software systems that operate autonomously on behalf of users, are beginning to take actions in the world: making purchases, approving transactions, accessing documents, sending communications.
In that environment, the question of whether the right human is actually present at the moment a significant action is taken has moved from an edge case to a central problem. A new UK company called Confrmo has been built specifically to solve it.
What Confrmo Does
Confrmo sits above or alongside whatever authentication system a business already uses. It does not replace a login system or payment flow. It adds a verified human check at the moments that matter most: before a payment is approved, a document is accessed, an admin action is taken, or an account recovery is completed.
The verification combines facial recognition, liveness detection, device trust, location, time and behavioural signals. The liveness component is specifically designed to resist the kinds of attacks that now pass simpler checks: replay attacks, deepfake presentations and synthetic identity attempts. Every confirmed action is signed and recorded with a tamper-evident audit trail.
The interface for the end user is a VCode, a cryptographic visual code that appears on the screen. The user scans it with their phone camera or taps it on mobile. The verification runs in the background and returns one of three responses to the system: approve, step up, or block. There is no password to remember and no separate authentication app to navigate.
For businesses, the product deploys via a WordPress plugin with shortcodes, a JavaScript SDK, native iOS and Android SDKs, or a REST API. First integration is described as typically live in under a day.
Why This Problem Is Getting Harder
The timing of Confrmo’s launch, incorporated in the UK in May 2026, is not coincidental. Several converging developments have made verified human authentication a more urgent problem than it was even twelve months ago.
Deepfakes have crossed the threshold. AI-generated video and audio have reached a quality level where standard video KYC checks and one-time verification flows can no longer reliably distinguish a real person from a synthetic one. Financial services regulators and security researchers have been flagging this for over a year. The practical consequence is that businesses which rely on video-based identity checks are operating with a verification layer that is becoming progressively less reliable.
AI agents are beginning to act in the world. The most significant shift on the horizon is not humans using AI tools but AI agents taking actions on behalf of humans. An agent that can browse, transact, approve and communicate raises an immediate question: when an AI agent initiates an action in your system, are you able to verify that a real, authorised human instructed it? Most current authentication systems have no answer to this question.
Credential theft is industrialised. Phishing, credential stuffing and data breaches have made the assumption that a valid password represents a legitimate human increasingly difficult to sustain. Account takeover fraud is one of the fastest-growing categories of financial crime.
The Agentic AI Dimension
The most forward-looking aspect of what Confrmo represents is its relevance to the agentic AI era.
As AI agents become more capable and more widely deployed, the question of human authorisation becomes critical. An agent acting on a user’s behalf needs to demonstrate, at the moment it takes a significant action, that a real human with the appropriate authority has sanctioned that action. A cryptographic, biometrically-verified audit trail of human approval is not just a security measure. It is the foundation of accountability in a world where AI increasingly acts rather than just advises.
The businesses that think about this now, before agentic AI becomes a standard part of how they operate, will be considerably better positioned than those who encounter the authentication problem at the point where an agent has already taken an action that turns out to be unauthorised.
Who It Is Built For
Confrmo is aimed primarily at regulated sectors where the stakes of a mistaken or fraudulent identity are high: financial services, fintech, crypto businesses, legal and insurance providers, healthcare platforms, and high-value ecommerce. It also addresses the more prosaic but commercially significant problem of shared logins draining revenue from WordPress membership sites and content platforms.
The compliance alignment is explicitly signalled: the product is designed against the direction of GDPR, PSD3 (the revised EU payment services directive), SCA (Strong Customer Authentication), NIS2, eIDAS 2.0 and FCA identity assurance expectations. For UK businesses operating in regulated sectors, this positioning matters. The regulatory direction in financial services and data protection is unambiguously towards stronger identity assurance at the moment of sensitive action, not just at the point of initial login.
A Sign of Where AI Security Is Heading
Confrmo is one product, recently launched, and its place in the market will be tested over the coming months. But the problem it is addressing is real, growing and not yet well solved by existing tools.
The broader pattern it represents is significant. As AI capabilities advance, the distinction between a human and a convincing simulation of one is becoming harder to maintain using traditional methods. The response is a new category of infrastructure: runtime verification that combines biometric, behavioural and cryptographic signals to establish and maintain trust through a session, not just at its beginning.
For any business thinking about how AI changes the security and trust landscape, this is the direction of travel. The question of whether the right human is actually present, at the moment that something important happens, is going to become one of the defining infrastructure challenges of the next few years.
AI Search Ltd. Helping UK businesses navigate the AI landscape. Find out more.
