Shauli Zacks
Published on: June 27, 2025
As identity-based attacks grow more sophisticated, the stakes for digital trust have never been higher. To understand how organizations can stay ahead of threats like deepfakes, synthetic fraud, and evolving authentication risks, SafetyDetectives spoke with Patrick Harding, Chief Product Architect at Ping Identity. With over 20 years of experience in identity and access management, Harding plays a pivotal role in shaping the architecture behind Ping’s cutting-edge security solutions. In this interview, he shares insights into how AI is reshaping both the threat landscape and the tools used to defend against it — and explains why now is the time to rethink outdated identity systems.
Can you tell us a bit about your background and your role as Chief Architect at Ping Identity?
I’ve spent more than two decades in the identity and access management space, helping organizations secure their users, systems, and data. At Ping Identity, I’ve held various technical leadership roles, and in my current position as Chief Architect, I focus on advancing the design and strategy behind our identity platform. My work involves staying ahead of rapidly changing security and technology trends, especially as AI, biometrics, and decentralized identity shift the landscape.
At its core, my role is about anticipating what’s next. I partner closely with our product and engineering teams to ensure our architecture can support emerging needs around passwordless authentication, identity verification, and fraud prevention. We want to deliver seamless and secure digital experiences while making it harder for adversaries to exploit outdated systems.
What inspired you to start exploring the intersection of deepfake technology and identity security?
The rise of deepfakes and synthetic media wasn’t just fascinating from a technology perspective; it was alarming from a security perspective. We at Ping Identity recognized how these tools could easily mimic trusted individuals or spoof identity attributes in a manner that could deceive both humans and machines. When this capability intersects with the growing use of remote identity verification, we knew the stakes had changed.
For me, it was clear that traditional approaches to identity, such as passwords and even some forms of biometric matching, were becoming vulnerable to manipulation. At Ping Identity, we began looking deeper into the mechanics of deepfakes and synthetic fraud to help customers build smarter, layered defenses. The problem isn’t going away, so we must innovate faster than the malicious actors.
With AI making it easier than ever to generate realistic deepfakes, what are the biggest risks you see for identity-based cyberattacks?
The risks are multi-dimensional. Deepfake technology has given attackers the ability to convincingly impersonate executives, employees, and consumers in both real-time and recorded formats. Whether it’s a voice clone authorizing a wire transfer or a synthetic video gaining access to a sensitive system, we’re seeing identity fraud become more scalable, persuasive, and difficult to detect.
The biggest risk is erosion of trust in digital channels. If users or businesses can’t be sure who – or what – they’re interacting with, every digital transaction becomes suspect. This could have cascading effects across banking, healthcare, government, and beyond. And with the rise of autonomous AI agents, we’re not just talking about identity theft, we’re talking about identity fabrication at scale.
Can AI also be part of the solution? What role does it play in helping organizations detect and prevent deepfake-related fraud?
Absolutely. Just as AI enables more convincing fraud, it also provides powerful tools for detecting and preventing it. At Ping Identity, we’ve integrated AI into our platform to enhance real-time risk detection, behavioral analysis, and decision-making. For instance, AI can flag anomalies in login patterns, detect suspicious access requests, and perform liveness detection to verify whether a face or voice is authentic rather than generated.
What’s important is that AI is deployed in a layered and explainable way. It’s not a silver bullet, but it’s an essential part of a modern fraud defense strategy. Combining AI with robust identity proofing, dynamic risk signals, and policy-driven orchestration allows organizations to respond quickly and intelligently to threats, even as they evolve.
What identity management strategies do you believe are most critical for organizations as we’re halfway through 2025?
The first and most urgent is eliminating passwords. Passwords continue to be a primary vector for attacks, and users are tired of managing them. Passwordless authentication – using biometrics, passkeys, or device-based login – is more secure and user-friendly. At Ping Identity, we’re helping customers implement these solutions across workforce and consumer applications.
Second, organizations must embrace decentralized and verified identity. This allows users to control and share only the attributes they need, reducing overexposure of sensitive data and improving privacy. Finally, identity systems must be adaptive and context-aware, adjusting authentication and access based on signals like location, device, and behavior. Identity is no longer static – it needs to be intelligent and responsive.
What are some immediate steps companies can take to build a more resilient authentication infrastructure that can withstand these emerging threats?
Companies should start by assessing where static credentials or legacy authentication methods are creating risk. These should be replaced with phishing-resistant methods like biometrics or cryptographically bound passkeys. The next step is to introduce intelligent risk detection that uses machine learning to monitor login behavior and dynamically adjust access controls. For high-value transactions and user onboarding, investing in liveness detection and robust identity verification mechanisms is key.
Incorporating verifiable credentials can also enhance security, allowing users to present trusted, tamper-proof claims without exposing unnecessary information. Finally, companies should centralize their authentication policies so they can be easily managed, updated, and enforced consistently across ecosystems. The goal isn’t just resilience, it’s building digital trust at every interaction.
