Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems. Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states. […]

ChatGPT-4o

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.

Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states.

“You can now generate fake passports with GPT-4o. It took me 5 minutes to create a replica of my own passport that most automated KYC systems would likely accept without blinking.” Musielak wrote on X. “The implications are obvious –any verification flow relying on images as “proof” is now officially obsolete. The same applies to selfies. Static or video , it doesn’t matter. GenAI can fake them too. Photo-based KYC is done. Game over.”

The AI-crafted document closely mimicked a real passport, exposing major flaws in digital ID verification systems that rely solely on photo and selfie matching, without chip validation.

Musielak highlights concerns over the vulnerability of current ID verification systems. Unlike typical forgeries, he avoided common AI flaws, showing how quickly and easily convincing fakes can now be made, far more efficiently than with tools like Photoshop.

Tech News reported that the fake passport generated using ChatGPT-4o successfully bypassed basic KYC checks used by fintech platforms like Revolut and Binance, which depend on photo ID uploads and user selfies. Musielak warned of the rising threat of mass identity theft, fraudulent credit applications, and fake account creation, which are now more scalable with generative AI. Experts are calling for stronger defenses, including broader use of NFC-based verification and electronic identity documents (eIDs), which offer more resilient, hardware-level authentication.

Notably, within hours of Musielak’s demonstration, ChatGPT started rejecting comparable prompts, referencing its safety policies against generating fake documents.

“The only viable path forward is digitally verified identity, like eID wallets mandated by the EU. One of the companies ahead of this shift is our portfolio startup.” added the expert. “@authologic. If you’re running KYC in banking, insurance, travel, crypto, or anywhere else — it’s time to upgrade your process. Your users deserve better. So does your compliance team.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ChatGPT-4o)