The identity system is failing under AI

The global cybersecurity crisis has entered a new and far more dangerous phase. Artificial intelligence has handed attackers the tools to automate credential theft at unprecedented speed, and the identity systems billions of people rely on every day including passwords, biometrics, and passkeys are failing one by one. Netlok, LLC, a California based cybersecurity innovator, is answering with Photolok, the first and only patented identity platform engineered from the ground up to be AI resilient. This press release outlines why traditional logins can no longer be trusted, and how a photo based approach changes the economics of attack in favor of defenders.

The scale of the problem and the shift in attacker economics

The numbers are staggering. Reported cybercrime losses reached 16.6 billion dollars in 2024, a 33 percent jump from the prior year. Industry projections indicate global cybercrime damages could rise to 10.5 trillion dollars in 2025, up from 3 trillion dollars a decade earlier, which would represent the largest transfer of economic wealth in history. Identity is the front line of that damage. More than 97 percent of identity attacks now rely on password spray or brute force methods, and one major cloud provider blocks about seven thousand password attacks each second. As attackers adopt large scale automation and data poisoning, they can iterate through credential permutations faster than legacy systems can respond.

Tony Perez, CEO of Netlok, explained the challenge this way. AI is the invisible world. In the physical world, if somebody runs a red light and hits your car, you can see the damage and you deal with it. With AI, you cannot see it coming, and you do not understand how you are going to be attacked. That is what makes this threat so overwhelming, not just to the United States, but to the world.

Why biometrics and passkeys are now vulnerable

Deepfake technology has rendered facial recognition, voice verification, and fingerprint scanning fundamentally unreliable. Forty seven percent of organizations report experiencing some form of deepfake based attack within the past year. Passkeys, widely promoted as the successor to passwords, depend on those same device biometrics as the first step in the chain. Compromise the biometric or the device, and the promise of passwordless security collapses. According to Perez, incremental fixes like longer passwords, more prompts, or more device checks do not change attacker economics. Traditional identity and access management solutions are outdated. Innovative invention is always ahead of the market, and I saw this coming in 2015. No one was taking the replacement of passwords seriously until the Sony breach. Now, with AI, the situation is grave from top to bottom.

How Photolok works

Photolok replaces fragile secrets with a visual recognition process designed around how the human brain naturally remembers images. During setup, a user receives three photos drawn randomly from Photoloks custom library. At sign in, the user identifies those familiar photos from randomized visual portfolios. The experience takes about ten to fifteen seconds and requires no passwords, no biometric data, and no memorized codes. Behind the scenes, four independent layers of randomization protect every session. Cryptographic randomization governs the photo selections and sequence. Behavioral randomization shapes how choices are presented to each user. Temporal randomization ensures that time based factors never repeat in a predictable pattern. Deceptive randomization introduces visual decoys and adaptive traps that frustrate pattern learning. Because nothing is static and nothing repeats, AI has nothing to learn, replicate, or predict.

Situational security that protects the person

Photolok extends protection beyond the credential to the individual. Duress Photos act as a silent alarm if a user is logging in under coercion. Selecting a designated duress image looks like a normal sign in to an observer while quietly triggering an alert or a restricted session. One Time Photos self destruct after a single use, which defeats shoulder surfing and screen recording. These features turn the log in moment into a dynamic safety check that adapts to context. Equally important, Photolok collects no biometric templates, stores no passwords, and minimizes personal data exposure. It respects privacy by design while raising the bar for security in environments where AI tools have made static identifiers unreliable.

Better security with less friction and lower overhead

Most users recognize familiar photos faster and with less stress than they recall complex strings of characters or submit to repeated device checks. That advantage shows up in daily operations. Photolok can reduce account lockouts and help desk calls tied to password resets. Because there are no passwords to phish and no biometric templates to steal, risk and recovery costs drop sharply after attempted compromises. For organizations, the transition does not require a rip and replace of existing systems. Photolok is designed to complement identity and access platforms already in use, adding a layer that stands up to automated guessing, deepfakes, and replay attacks.

Patents and global readiness

The Photolok platform is protected by issued patents across major markets, including the United States, the European Union, the United Kingdom, Japan, Canada, Australia, and Mexico. That intellectual property reflects years of research and engineering to create an identity system that anticipates adversaries who use machine learning and synthetic media. The approach is portable across sectors. Financial services, healthcare, media, critical infrastructure, and public sector agencies can deploy visual authentication to protect customers, employees, and partners without introducing new biometric liabilities.

A practical path forward

The identity system most of the world relies on was never built for adversaries who can imitate faces, clone voices, and guess passwords at machine speed. Netlok created Photolok to confront that reality with something different and more human. By replacing static secrets with dynamic visual recognition that constantly changes, Photolok restores the defender advantage. For organizations seeking a practical path beyond passwords, beyond vulnerable biometrics, and beyond brittle passkeys, Photolok offers a way to secure access while keeping the experience intuitive. To learn more about Photolok and how it can fit your security strategy, connect with Netlok and request a demonstration.