
Chief Executive Officer
Published: November 6, 2025

Passwords and MFA verify what you know or have, not who you are, so AI deepfakes can impersonate a trusted executive or admin and bypass standard checks with the “right” credentials.
The fix is identity assurance: a layer that verifies the human (liveness, biometrics, access-request forensics) with a tamper-proof audit trail for compliance.
dentity assurance is the level of confidence that a person accessing a system is genuinely who they claim to be, not just someone holding the right password or MFA token. It goes beyond credentials to verify the human, using signals such as liveness and biometric authenticity.
The catch: passwords verify something you know and MFA verifies something you have, but neither confirms who you are. AI deepfakes exploit that gap, letting an attacker with valid or socially engineered credentials impersonate a trusted person and walk through standard checks.
In This Article
For decades, organizations have relied on passwords and multi-factor authentication (MFA) to protect their most sensitive data. But what happens when the person using the correct credentials is not who they claim to be? As attackers adopt sophisticated tools like deepfake audio and video, companies face a chilling reality: traditional security measures can be bypassed by a convincing digital impersonation. Protecting critical systems and data repositories now requires a new line of defense, one that can verify the identity of the user, not just their credentials.
This post will explore the emerging threats to data security, particularly those aimed at organizations managing critical infrastructure. We'll examine how AI-driven impersonation tactics are creating vulnerabilities in even the most secure networks and discuss how a multi-layered security approach focused on identity assurance can provide the certainty needed to protect our most valuable digital assets.
The goal of any attacker is to gain privileged access. Once inside a network, they can disrupt operations, exfiltrate sensitive data, or cause catastrophic damage. Sophisticated actors, including state-sponsored groups, are now using AI to social engineer their way past security checkpoints. They can clone an executive's voice to authorize a fraudulent wire transfer or create a deepfake video of an IT administrator to request remote access. This creates a host of new and alarming challenges.
Critical infrastructure, such as energy grids, financial systems, and telecommunications networks, are prime targets for these advanced attacks. By impersonating a trusted employee, an attacker could bypass standard MFA protocols and gain control of vital systems. The potential for disruption, espionage, and widespread damage is immense. The threat is no longer just about guessing passwords; it's about faking an entire human identity.
Standard security protocols are built to verify something you know (a password) or something you have (a phone for MFA). They were not designed to verify who you are. These methods are vulnerable to AI-driven impersonation because they cannot distinguish between a real person and a sophisticated digital fake. They lack the ability to check for "liveness" or the biometric authenticity of the user requesting access.
The shift to remote and hybrid work has expanded the attack surface for every organization. Engineers, technicians, and administrators often need to access secure systems from geographically dispersed locations. This makes traditional perimeter security models obsolete and in-person verification impossible. Every remote access point becomes a potential door for an attacker using a fabricated identity.
Organizations in critical sectors operate under stringent regulatory frameworks, such as NERC-CIP for the energy industry. These mandates require an irrefutable, auditable record of all access control measures. A breach resulting from a failure to properly verify an identity could lead to crippling financial penalties, legal liability, and a complete loss of public trust.
To combat these next-generation threats, organizations need to evolve their security strategy. The Netarx Disinformation Security platform offers a powerful, proprietary solution by adding a crucial, adaptive layer of identity verification to existing security protocols. Designed to seamlessly integrate with your current systems—including user directories, VPNs, remote desktop solutions, and critical infrastructure controls—Netarx makes it simple to enhance defenses without disrupting operations.
Netarx sets itself apart by making advanced identity verification easy for organizations of any size:
No-Code, SaaS Simplicity:
Netarx is delivered as a cloud-based service that requires no coding or technical integration. You can deploy it rapidly across your organization without changing existing workflows or infrastructure.
User-Friendly Experience:
Employees receive clear, traffic-light signals—green for verified, yellow for review, red for block—guided by the platform’s real-time assessments. This intuitive system empowers staff to make fast, informed decisions without confusion or delays.
Automated Compliance Reporting:
Every identity verification and access event is logged in a tamper-proof, audit-ready format, making it effortless to demonstrate compliance with frameworks like NERC-CIP, HIPAA, and GDPR.
Here’s how Netarx’s multi-layered workflow closes modern security gaps:
Unlike static solutions, Netarx's proprietary forensic analysis can detect even advanced deepfake attempts and AI-altered images or video, providing a strong barrier against impersonators before access is ever granted.
The Netarx platform continuously monitors metadata from access-related communications—such as emails, texts, and video calls—to flag anomalies that may indicate social engineering or digital impersonation attacks. Because Netarx is delivered as a SaaS platform, organizations can deploy it quickly and start protecting sensitive systems without any coding or integration work. Employees receive clear, intuitive traffic-light signals—red, yellow, or green—making it simple to interpret verification results and respond appropriately in real time. For example, Netarx was recently able to flag and prevent a sophisticated phishing campaign aimed at a utility company, intercepting false IT support access before any damage was done.
During live remote and high-risk sessions, the platform’s video inference model joins meetings as a silent "bot"—analyzing live biometric data and verifying that the individual matches the authenticated digital identity. This non-intrusive, passive monitoring ensures access integrity from start to finish. In one recent deployment, Netarx enabled a major energy provider to eliminate unauthorized remote access attempts, with every session backed by cryptographically secure, time-stamped audit logs ready for compliance review.
By uniquely combining advanced AI-driven detection, seamless integration, and audit-friendly transparency, Netarx’s Disinformation Security platform doesn’t just stop today’s attacks—it sets organizations up for a more resilient and trustworthy future. Fortifying the Digital Fortress
By deploying a Disinformation Security platform, organizations can immediately and significantly enhance their security posture. This technology enables them to protect their most sensitive data and critical systems from sophisticated identity-based attacks.
100% Identity Assurance:
The multi-layered process provides security teams with complete confidence in the identity of every user requesting privileged access. This allows them to authorize legitimate connections to critical systems securely while blocking fraudulent attempts with certainty.
Mitigation of Advanced Breach Risk:
The combination of liveness detection and real-time biometric analysis successfully defends against sophisticated impersonation attacks. This protects sensitive corporate data and critical infrastructure from unauthorized access by even the most advanced adversaries.
Guaranteed Regulatory Compliance:
The platform automatically generates a detailed, tamper-proof audit trail for every single access request and verification event. This provides all the necessary documentation to meet strict regulatory scrutiny and demonstrates a commitment to the highest standards of data protection.
Passwords and tokens are no longer enough. In an era where anyone’s likeness can be convincingly faked, the ultimate security question has become: "Is the user real?" The new frontier of data security is centered on answering that question with certainty.
Organizations that manage critical data and infrastructure must adopt a proactive stance against identity fraud. By integrating a multi-layered disinformation security strategy, they can add an essential layer of verification that confirms the human behind the credentials. This approach not only prevents breaches but also builds a more resilient and trustworthy digital ecosystem for everyone.
SOURCES & REFERENCES
Use Secure Cloud Identity and Access Management Practices, NSA & CISA Cybersecurity Information Sheet (March 7, 2024). Recommends phishing-resistant MFA and stronger identity and access management against credential abuse.
Digital Identity Guidelines (NIST SP 800-63-4), Second Public Draft, NIST (August 2024). Defines identity assurance levels and standards for identity proofing, authentication, and presentation-attack (liveness) detection.
PRC State-Sponsored Actors Compromise U.S. Critical Infrastructure (Volt Typhoon, AA24-038A), CISA, NSA, and FBI joint advisory (February 7, 2024). Details state-sponsored intrusions into U.S. energy, communications, and water infrastructure.
Science & Tech Spotlight: Combating Deepfakes (GAO-24-107292), U.S. Government Accountability Office (March 11, 2024). Finds that existing detection methods may not accurately identify deepfakes in real-world conditions.
Reducing Risks Posed by Synthetic Content (NIST AI 100-4), NIST / U.S. AI Safety Institute (November 2024). Reviews the technical limits of synthetic-content detection and authentication.
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud, FBI Internet Crime Complaint Center (IC3), Public Service Announcement (December 3, 2024). Warns that criminals use AI-generated media and voice cloning to impersonate trusted people.

Chief Executive Officer
CEO/Founder of Netarx LLC, Real-time detection of deepfake and social engineering threats via enterprise video, voice and email. Managing Partner of Koach Capital, a Private Equity firm managing a multitude of commercial real estate (CRE) funds whose focus is retail sale-leasebacks. Sandy's entrepreneurial success began by founding a network integration and services provider that served large enterprises. We focused on advanced technologies including Business Intelligence (BI), Network & Information Security, Virtualization, Storage Area Networks, Unified Communications and Data Center Services. In 2009, Netarx acquired the VAR business of Analysts International (including Sequoia and Entree Systems). In 2011 Netarx was acquired by Logicalis (a division of Datatec - Symbol LSE: DTC) and stayed on as its Chief Technology Officer. He continued to build by founding Verge.io (Formerly Yottabyte) and Service.com. Also, Sandy served as a General Partner of Ludlow Ventures, a venture capital fund focusing on investments in early-stage tech companies. Sandy contributes to the community via lectures, publications and developing new technologies - he currently holds 8 Patents.
Passwords verify something you know and MFA verifies something you have, but neither confirms who you are. AI deepfakes let attackers impersonate a trusted person by voice or video and socially engineer their way past those checks, even with valid credentials.