Put AI agents on payments and trades. Proof, consent, and a signed record on every move.
Every agent gets a cryptographic identity. Every transaction it initiates gets human or agent consent, bound to the amount and the counterparty, and written to a record your auditors can verify. The same proof covers your customers and your back office.
Fake the face. Clone the voice.
You still can't sign.
A wire clears today because someone on the call looked and sounded right. We make the release require a cryptographic cosign from two real people. A deepfake produces no key, so the money stays put.
People·The approver
The person releasing the money proves who they are with a key only they hold. No face to trust, no voice to fake.
Actions·The release
Every high-value transfer is signed and human-cosigned, policy-bound, in a tamper-evident record. No signature, no release.
The case this reconstructs (25.6 million dollars wired across fifteen transfers after a fully deepfaked video call) is cited in the evidence rail, not drawn here.
An authenticated agent can still move the money.
So the transaction needs consent, and a signed record.
A valid credential gets an agent in the door. It says nothing about whether the wire is safe to send. So every consequential transaction takes consent, human-in-the-loop or a supervising agent, bound to the amount and counterparty, and lands in a record your auditors can verify.
Actions·The consent
A person or a supervising agent approves the transaction, bound to its exact amount and counterparty. Not a blanket approval.
Actions·The record
Every transaction and approval is signed into a tamper-evident record your auditors can verify, without taking our word.
Reports held flat.
More of them are working.
The number of fraud reports barely moved. What changed is how often a report ended in a loss, from 27 percent to 38 percent in a single year. The dollars followed.
Reports flat, losses up: U.S. consumer fraud
Share of reports ending in a loss, 2023 to 2024.
SOURCE . FTC REPORTED FRAUD LOSSES 2024[1]
Walk the attacker's path.
We protect every step.
The red-team view, not a scare story. Four moves, the way the money actually leaves, and what stops each.
- 01
A call to the contact center. A cloned voice, a stolen SSN, the last four of everything. The IVR lets it through. [3]
ProtectVoiceCryptographic caller verification, not knowledge questions or a voiceprint. A cloned voice has nothing to present.
- 03
Credential stuffing and attacker-in-the-middle proxies on the banking web and app. [5]
ProtectWebOrigin-bound FIDO2. Stolen-credential lists and proxy kits have nothing to replay.
The credential that drains the payment ledger won't belong to a person.
Every surface a customer, an approver, or a service touches.
One rail under all of them.
Voice and People carry the fraud story, so they lead. The other six aren't a feature list. They're the rest of the attack surface, covered.
Contact center and IVR. Cryptographic proof, not KBA or a voiceprint.
Wire and treasury approvals, and the help desk. A deepfake produces no signature.
Banking web and app login. Origin-bound, credential-stuffing-proof.
Payment-rail service accounts. Every call signed.
Back-office RPA and servicing bots. Ephemeral tokens, full attribution.
Servicing and fraud-ops AI agents. Scoped and revocable.
Core and payment workloads. Bound to where they run.
Branch and teller. One phishing-resistant identity, federated.
Regulators are writing the rules against deepfakes.
We were built for them.
NYDFS now steers covered entities off SMS, voice, and video toward proof a deepfake can't produce. PCI 4.0 extends phishing-resistant MFA to everything touching cardholder data. We cover the hard ones, and what comes next.
NYDFS . 23 NYCRR Part 500[8]
Section 500.12 reached full scope on November 1, 2025: MFA for all access to all information systems. To beat AI deepfakes, DFS guidance steers off SMS, voice, and video toward physical security keys and digital certificates.
Phishing-resistant FIDO2 across customers, employees, and privileged access, aligned to NIST SP 800-63-4 AAL3, federated into your IdP.
PCI DSS 4.0 . Req 8.4.2[9]
Since March 31, 2025, MFA is mandatory for all access into the cardholder data environment, not just admins, and it must be phishing-resistant and replay-resistant.
Origin-bound, replay-resistant authentication for every CDE-touching system and terminal.
FFIEC . Authentication and Access
FFIEC guidance calls single-factor authentication inadequate for high-risk access and flags the risk of push-payment fraud.
Phishing-resistant MFA across the channels the guidance covers. We line up with the authentication expectation. The fraud-monitoring expectation is a separate control we sit alongside.
The threats and the rules are escalating together.
Every major incident pulls the next regulation tighter. Here is two years of it, and what we protect against each.
- May 2024Incident
A finance worker wired 25.6 million dollars after a video call where every colleague, including the CFO, was a deepfake.
Per-transfer cryptographic cosignCNN Business - Oct 2024Regulation
NYDFS guidance on AI risk steers covered entities off SMS, voice, and video toward keys and certificates a deepfake can't impersonate.
Phishing-resistant FIDO2, AAL3NY DFS, industry guidance on AI cybersecurity risk - Feb 2025Incident
CrowdStrike recorded a 442 percent rise in voice phishing across 2024, much of it help-desk impersonation.
- March 2025Incident
The FTC reported 12.5 billion dollars in consumer fraud losses for 2024, up 25 percent, as more reports ended in a loss.
Identity proof on every channelFederal Trade Commission - Effective Mar 31, 2025Regulation
PCI DSS 4.0 made phishing-resistant MFA mandatory for everything touching cardholder data, not just admins.
Origin-bound, replay-resistant authPCI Security Standards Council
Additional sources
- GartnerSep 2025
A Gartner survey of 302 security leaders found 62 percent of organizations hit by a deepfake in the prior year, most often paired with social engineering to push a transfer.
Gartner - FBI IC3, PSA I-112525Nov 25, 2025
Since January 2025 the FBI's IC3 logged more than 5,100 account-takeover complaints and over 262 million dollars in losses, with criminals posing as bank support staff.
FBI IC3, PSA I-112525 - Mandiant / Google Cloud2024
Mandiant tracked UNC5537 using stolen credentials to reach roughly 165 customer instances of a major cloud data platform, none protected by MFA. Some credentials hadn't been rotated in four years.
Mandiant / Google Cloud - The Hacker News (citing Rubrik Zero Labs 45:1 and Entro Labs 144:1)2025-2026Estimate
Non-human identities (service accounts, API keys, tokens, workloads) outnumber humans by a wide margin, with reported ratios from about 45:1 to 144:1.
The Hacker News (citing Rubrik Zero Labs 45:1 and Entro Labs 144:1)
We make the stack you already run provable, end to end.
A skeptical CISO has heard the pitch. Here is exactly how we slot in.
- 01
We federate into your Okta, Entra, Ping, or ForgeRock and make every identity on them cryptographic.
- 02
We prove the right person authorized the transfer. Your scam monitoring covers the customer talked into authorizing it themselves.
- 03
We remove the need to trust a face or a voice at all.
- 04
We're the identity control plane. Your fraud-decisioning stack stays the risk brain.
Find the gaps before an attacker does.
Book a 30-minute technical review.
Bring your contact-center verification, your wire and treasury approval chain, and your CIAM login. We'll show you exactly what we protect, and where you still need cover.