波兰研究员利用ChatGPT-4o在5分钟内生成逼真假护照,成功绕过多数自动化KYC系统。此技术暴露基于照片和自拍的数字身份验证系统漏洞,凸显AI生成内容对身份盗窃和欺诈的威胁。专家呼吁采用更安全的验证方式如电子身份证和NFC验证。 2025-4-6 08:19:53 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC
A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.
Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states.
“You can now generate fake passports with GPT-4o. It took me 5 minutes to create a replica of my own passport that most automated KYC systems would likely accept without blinking.” Musielak wrote on X. “The implications are obvious –any verification flow relying on images as “proof” is now officially obsolete. The same applies to selfies. Static or video , it doesn’t matter. GenAI can fake them too. Photo-based KYC is done. Game over.”
— Borys Musielak @ Warsaw (@michuk) April 1, 2025You can now generate fake passports with GPT-4o.
It took me 5 minutes to create a replica of my own passport that most automated KYC systems would likely accept without blinking.
The implications are obvious –any verification flow relying on images as “proof” is now officially… pic.twitter.com/SNnH8zYMGq
The AI-crafted document closely mimicked a real passport, exposing major flaws in digital ID verification systems that rely solely on photo and selfie matching, without chip validation.
Musielak highlights concerns over the vulnerability of current ID verification systems. Unlike typical forgeries, he avoided common AI flaws, showing how quickly and easily convincing fakes can now be made, far more efficiently than with tools like Photoshop.
Tech News reported that the fake passport generated using ChatGPT-4o successfully bypassed basic KYC checks used by fintech platforms like Revolut and Binance, which depend on photo ID uploads and user selfies. Musielak warned of the rising threat of mass identity theft, fraudulent credit applications, and fake account creation, which are now more scalable with generative AI. Experts are calling for stronger defenses, including broader use of NFC-based verification and electronic identity documents (eIDs), which offer more resilient, hardware-level authentication.
Notably, within hours of Musielak’s demonstration, ChatGPT started rejecting comparable prompts, referencing its safety policies against generating fake documents.
“The only viable path forward is digitally verified identity, like eID wallets mandated by the EU. One of the companies ahead of this shift is our portfolio startup.” added the expert. “@authologic. If you’re running KYC in banking, insurance, travel, crypto, or anywhere else — it’s time to upgrade your process. Your users deserve better. So does your compliance team.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ChatGPT-4o)
如有侵权请联系:admin#unsafe.sh