Fake Passport Generated by ChatGPT Bypasses Security

A LinkedIn user has demonstrated how a counterfeit passport, generated using ChatGPT-4o, successfully passed a digital identity verification process. The experiment ignited intense debate among cybersecurity professionals and cast serious doubt on the continued reliability of traditional Know Your Customer (KYC) protocols.
Technology entrepreneur and venture investor Borys Musielak created the forged passport in mere minutes and shared the result on his LinkedIn profile. The fabricated document was so convincingly realistic that it spurred widespread discussion regarding the readiness of contemporary identity verification systems to defend against attacks powered by generative AI.
Ordinarily, AI-generated forgeries are readily detected due to formatting inconsistencies, poor typographic fidelity, or errors in the machine-readable zone. Yet Musielak’s counterfeit appeared almost indistinguishable from a legitimate passport. Observers noted that the process of document forgery has become significantly faster and more accessible than with traditional tools such as Adobe Photoshop.
Although the fabricated passport likely would not withstand scrutiny due to the absence of an embedded chip, it proved sufficient to bypass the most basic KYC procedures employed by some fintech services. Platforms such as Revolut or Binance, which rely solely on photo ID submissions and user selfies, may now be especially vulnerable to exploitation via deepfake technology.
Musielak emphasized the growing risk of mass identity theft for purposes such as fraudulent credit applications or the creation of fictitious accounts. The scalability enabled by generative AI empowers malicious actors to mount broad attacks on banking, cryptocurrency, and other financial infrastructures.
In response, experts advocate for broader adoption of verification techniques based on NFC technology and electronic identity documents (eID). These approaches enable hardware-level authentication, rendering them more resilient against generative forgeries.
Interestingly, just 16 hours after Musielak’s initial post, attempts to replicate the experiment failed—ChatGPT declined to generate a fake passport, citing safety protocols and restrictions on the creation of falsified documents.
The episode underscores that while countermeasures against the misuse of generative AI are gradually being implemented, they often arrive belatedly. Nevertheless, the incident involving the fake passport serves as a stark reminder of how rapidly emerging technologies can evolve into threats if not accompanied by stringent oversight and governance.