Your biometrics block the photo. What about the video that never passed through the camera?
Kavuka Liveness proves there is someone alive, present, now — blocking presentation (photo, screen, mask) AND injection (virtual camera, synthetic feed, deepfake) in a passive proof of life, with no gestures or grimaces, with Device Fingerprint exposing the attack environment.
- Passive
- zero gestures, zero grimaces
- PAD + IAD
- presentation and injection covered
- 40%
- of biometric fraud attempts are deepfakes
- +830%
- deepfake growth in Brazil in one year
Passive proof of life in production across onboarding pipelines and authentication step-up — blocking presentation and injection in real time, with the deepfake ruler published quarterly.
Your biometrics were built to block the photo. The deepfake walks in through a door they cannot see.
The injection the old liveness cannot see
The synthetic video injected via virtual camera or emulator never passes through the lens — the classic liveness, built for photo and screen, simply does not see it.
The grimace in public that kills conversion
Active liveness asks for gestures and grimaces, embarrasses the user in public and drives conversion down — security paid for with onboarding drop-off.
The 'verified' stamp on a face that does not exist
The synthetic identity approved with a biometric seal enters credit, AML and promotions with the credibility of your own control — an authorized fraud factory.
Cost Deepfakes jumped from 500 thousand to 8 million files in two years and already account for roughly 40% of biometric fraud attempts — with Brazil growing 830% in a single year. An approved deepfake is not a fraud: it is an authorized factory, and the attack tool is public and cheap.
Proof of life across three fronts — the verdict of the system, not of a trick.
- 01
Capture
Passive liveness: the analysis happens in the capture itself, without friction, gestures or grimaces — the security the user does not see.
- 02
Prove
PAD blocks photo, screen and mask; IAD detects the virtual camera and synthetic feed in the signal — presentation AND injection covered.
- 03
Examine
Content analysis: the artifacts of the AI-generated face — inconsistencies in texture, lighting and physiology give the deepfake away.
- 04
Contextualize
Device Fingerprint alongside exposes the attack environment: the emulator, the installed virtual camera, the farm device.
A defense the size of the deepfake era
A single proof of life combines signal, content and context into one verdict — no layer alone is enough against the deepfake.
Presentation detection (PAD)
Photo, screen, video and 2D/3D mask
Injection detection (IAD)
Virtual camera, synthetic feed, emulator
Content analysis
Artifacts of the AI-generated face
Device Fingerprint
The attack environment exposed
Passive liveness
No gestures or grimaces — conversion intact
Active liveness (step-up)
Reserved for highest-risk operations
PAD certification
ISO 30107-3 / iBeta — the floor of the bar
System verdict
Signal, content and context in one result
Where Kavuka proof of life decides
Digital onboarding
The pipeline’s passive liveness — the critical module that approves the real user without friction and blocks the deepfake at the gate.
MFA step-up
Proof of life in operation authentication: the live face approving the sensitive transaction, not a replayed video.
Recurring proof of life
Benefits, social security and payroll loans — the Brazilian institutional use case, with proof of life invisible to the beneficiary.
Betting & Digital accounts
The doorway of the regulatory wave, under attack by public tooling — the specific defense for the fastest-growing vector.
Certification is the ticket; injection is the game
Kavuka Liveness operates under the global technical bar of presentation-detection certifications and treats biometric data as sensitive from the moment of capture. Certification is the floor, not the ceiling: injection, which classic certifications do not cover, is assessed by a proprietary arsenal in continuous evolution.
- Presentation-detection certification bar: ISO/IEC 30107-3 and iBeta as the minimum RFP attestation.
- Biometric data handled as sensitive data under data-protection law, with a legal basis and specific purpose.
- Published performance metrics and a quarterly deepfake report as an authority piece.
- Proprietary injection-assessment arsenal, beyond the scope of classic certifications, in continuous evolution.
- Encryption of biometric data in transit and at rest, with an audit trail of the verdict.
We ran the arsenal test against our old provider: the photo was blocked, the injection got through. We switched the next quarter.
We removed the grimace from onboarding and conversion rose — and the injected deepfake is still blocked. Security the user does not feel.
The biometric control we declared to the regulator was bypassable with a public tool. Now the verdict comes from the system, not from a single signal.
Test your current biometrics against our attack arsenal — and see what gets through.
We run presentation, injection and recent deepfakes on your flow and return a report of what is blocked and what gets through.
- For businesses only. No purchase commitment.
- Data used solely for commercial contact.
- Enterprise leads answered within 1 business day.
What liveness is and why it became the line of defense
Liveness (proof of life) is the proof that the face before the camera is a living person, present, now — not a photo, a screen, a mask or a synthetic video. It answers the question that biometric match alone cannot: is the face that matches the document really there, or is it a representation? Without proof of life, any image resembling the holder passes verification — and that gap is exactly where modern biometric fraud enters.
There are two technical fronts. Presentation Attack Detection (PAD) blocks the artifact shown to the camera: the printed photo, the phone screen, the replayed video, the 2D or 3D mask — the classic analog attack. Injection Attack Detection (IAD) blocks the fake video inserted directly into the flow, via virtual camera, emulator or app manipulation, without ever passing through the lens. Injection is the vector growing roughly 40% a year that classic liveness — designed for photo and screen — simply cannot see. It is the declared frontier of the entire category in 2026: the consensus that PAD alone is not enough.
There are also two experiences. Active liveness asks for gestures — blink, turn the face, smile: safe against simple attacks, but with friction, public embarrassment and drop-off. Passive liveness analyzes the signals of the capture itself, invisible to the user — which is why it became the conversion standard. Kavuka is passive by default, with active reserved for highest-risk operations as step-up. This is the new bar: biometrics should be judged not only by match accuracy, but by resistance to attack — the photo, the screen, the mask and, above all, the injected deepfake.
Context explains the urgency: deepfakes jumped from 500 thousand to 8 million files in two years and already account for roughly 40% of biometric fraud attempts, with Brazil growing 830% in a single year — the epicenter. An approved deepfake is not an isolated fraud: it is an authorized factory, because the synthetic identity with a biometric seal enters credit, AML and promotions with the credibility of your own control. And the attack tool is public and cheap. The asymmetry is only resolved with a specific defense — signal, content and context in a single verdict. That is why liveness stopped being a feature of biometrics and became the line of defense itself.
What is the difference between active and passive liveness?
Active liveness asks for gestures (blink, turn, smile) — safe against simple attacks, but with friction, public embarrassment and drop-off. Passive liveness analyzes signals of the capture itself, invisible to the user — the current standard of security with conversion. Kavuka is passive by default, with active reserved for highest-risk cases.
What is an injection attack and why does it matter?
It is the synthetic video inserted directly into the flow — via virtual camera, emulator or app manipulation — without ever passing through the lens. Classic liveness (built for photo and screen) does not see it; it is the fastest-growing vector and the frontier of the category. Detection requires analysis of signal, content and device — Kavuka’s three fronts.
Does liveness block deepfakes?
The deepfake attacks through two doors: presented on a screen (blocked by PAD) or injected into the flow (blocked by IAD + content analysis + device context). No layer alone is enough — the system verdict is what sustains the defense.
Is the liveness certified?
We operate under the presentation-detection certification bar (ISO 30107-3 / iBeta) and publish performance metrics — treating certification as the floor, not the ceiling. Injection, which classic certifications do not cover, is assessed by a proprietary arsenal in continuous evolution.
Can I test against my current biometrics?
Yes — the arsenal test runs the current vectors (presentation, injection, recent deepfakes) against your flow and returns a report of what passes and what is blocked. It is the diagnosis that renews (or not) your provider.
Does passive liveness harm the user experience?
On the contrary. Passive liveness analyzes the capture itself without asking for gestures or grimaces — the user does not notice the verification happening. This eliminates the friction and public embarrassment of active liveness and preserves onboarding conversion.
How does liveness integrate with biometrics and onboarding?
Liveness is the inseparable partner of Biometrics and the critical module of the Digital Onboarding pipeline, complementing Synthetic Identity (the threat) and Device Fingerprint (the context). On the Kavuka platform, it delivers the proof-of-life verdict via API/SDK within the same verification flow.
Let's talk
Your next high-impact decision starts with the right data.
Talk to a GUÉP specialist and find where applied intelligence creates the most value in your operation.