Skip to main content

Resources

Why trying to detect fake documents is a losing strategy.

For every advance in document detection, there is a corresponding advance in document generation. The arms race cannot be won by the defence. The alternative is to change the question entirely.

The Detection Problem

Document detection tools – software designed to identify AI-generated, tampered, or fabricated documents – operate on a reactive model. They are trained on examples of known fraudulent documents. They identify statistical patterns, metadata anomalies, and artefacts associated with known document generation and editing techniques.

The fundamental weakness of this model is that it requires the fraud to have been seen before. Detection tools cannot reliably identify novel fraud techniques until they have been trained on examples of those techniques. By the time a detection tool is updated to identify a new class of fraudulent document, that class may have been in circulation for months.

AI-powered document generation compounds this problem. Large language models and image generation systems can produce documents that are not merely difficult to detect – they can be specifically optimised to evade known detection signatures. A fraudster with access to a detection tool can use it to test their forgeries and refine them until the detection tool returns a clean result.

The Arms Race Has No Winner

The history of digital content authentication is a history of escalating arms races between generation and detection. Email spam filters improved; spammers adapted. Captcha challenges became more sophisticated; bots became more capable. Deepfake detection tools were trained; deepfake generation models improved.

In each case, the generation side has structural advantages: it only needs to succeed once per target, it can iterate faster than detection systems can be updated, and it operates at scale. Detection systems must succeed every time and against every variant.

Document fraud follows the same pattern. Detection-based approaches will always be racing to catch up with generation capabilities. They will always be catching yesterday's fraud techniques.

The Alternative: Shift the Question

The alternative to detection is authentication – not the detection of fakes, but the verification of genuine documents.

The question “is this document fake?” has an answer that becomes harder to establish with certainty as generation technology improves. The question “was this document authenticated by a verified person with something to lose?” has a definitive answer that does not depend on the sophistication of detection technology.

If a document was authenticated by a verified individual whose identity has been confirmed against a government or professional register, and the authentication is cryptographically bound to that identity, then the question of whether the document is AI-generated is irrelevant. The individual who authenticated it cannot deny their attestation. They bear full accountability for the document's contents.

The Role of Non-Repudiation

Non-repudiation is a legal and technical concept that prevents a party from denying an action they have taken. In document authentication, non-repudiation means that an authenticator cannot deny having authenticated a document, because the authentication record contains a cryptographic signature that could only have been created by their private key, following a biometric challenge that confirms their physical presence.

Non-repudiation changes the incentive structure for document fraud. If an accountant authenticates a financial statement that is subsequently found to be false, they cannot claim they did not authenticate it. They cannot claim they did not know its contents. The authentication is on the record. Their professional standing, and potentially their freedom, is at stake.

This accountability layer is absent from detection-based approaches. Detection, even when it works, can only identify a document as suspect – it cannot establish who created it, who benefited from the fraud, or what legal accountability attaches to the fraud.

Authentication Does Not Require Perfection

A common objection to authentication-based approaches is that they depend on the authentication layer being perfectly secure. If an authenticated document can itself be forged – if an attacker can authenticate a fraudulent document as a genuine authenticated document – then the authentication layer provides no real protection.

This objection misunderstands the model. Authentication does not need to be unbreakable; it needs to create accountability. If an attacker succeeds in authenticating a fraudulent document through Audrie, they must have done so using a verified identity. That identity – the person who authenticated the document – is on the record. The fraud is attributed to a specific, verified individual.

Compare this to a forged certified copy: if a fraudster presents a forged certified copy, the fraud is attributed to no one in particular. There is no verified identity behind the certification. There is no accountability.

What Authentication Cannot Do

Audrie authenticates provenance, integrity, and accountability. It does not verify the truthfulness of document contents. A company director who authenticates a financial statement containing false information has provided a cryptographic record of their attestation – which increases, not decreases, their accountability. But Audrie cannot prevent a verified individual from authenticating a false document.

Authentication is most powerful as a systemic norm. When authentication becomes the expected standard – when banks require authenticated documents, when regulated entities default to requesting authenticated counterparty records – unauthenticated documents become suspect by default. The absence of authentication becomes a signal, not just the presence of it.