In late 2024, the National Institute of Standards and Technology (NIST) released a foundational update to its digital identity guidelines: SP 800-63-4. This wasn't just a minor revision; it was a "call to arms" against the weaponization of Generative AI.
For the first time, NIST has moved beyond simple "liveness" checks, mandating that organizations defend against Injection Attacks and Forged Media (Deepfakes). At Truly, we are proud to announce that our platform is built from the ground up to meet these rigorous new requirements, providing "Presence Assurance" in a world of synthetic deception.
Traditional security tools look for a "live" human. But today’s attackers don’t just show a photo to a camera; they use virtual drivers to inject a high-fidelity deepfake directly into the meeting stream.
NIST SP 800-63-4 explicitly addresses this by introducing two critical defense layers:
Presentation Attack Detection (PAD): Detecting physical spoofs (masks, photos).
Injection Attack Detection (IAD): Detecting when the video sensor itself has been bypassed or manipulated.
Truly is designed for high-stakes environments for hiring, financial transfers, and executive communications where identity assurance is non-negotiable. Here is how we embed the NIST recommendations into our core product:
NIST now requires verifiers to analyze media for "signatures of AI-generated content." Truly’s proprietary AI scans every frame of your Zoom, Google Meet, or Microsoft Teams call in real-time. We don't just look for a face; we analyze the digital artifacts, frame-rate inconsistencies, and "neural seams" that only appear in synthetic media.
A major pillar of the new NIST standard is the "integrity of the sensor and its associated endpoint." Truly goes beyond the video feed to inspect the system environment. We detect if a participant is using a virtual camera or a software emulator (like OBS or Snap Camera) to feed a deepfake into the call, effectively blocking injection attacks before they can deceive your team.
Static verification at the start of a meeting is no longer enough. Attackers can wait for a meeting to start and then "swap" to a deepfake. Truly provides continuous monitoring throughout the session. By utilizing unpredictable "Active Challenges"—such as subtle light-reflection patterns (Flashmarking)—we verify that the person on screen is physically reacting to the real-time meeting environment.
NIST 800-63B doubles down on phishing resistance. Truly complements your existing MFA by ensuring the person behind the authenticated device is actually the authorized user. We bridge the gap between "having the key" and "being the person," fulfilling the NIST mandate for robust Authentication Assurance Levels (AAL3).
As Gartner predicts that 30% of enterprises will no longer consider face biometrics reliable by 2026, the NIST SP 800-63-4 guidelines provide the only viable roadmap for trust.
By integrating Truly into your workflow, you aren't just adding a "plugin"; you are aligning your organization with the highest federal standards for digital identity. Whether you are conducting a $25 million wire transfer or interviewing a critical new hire, Truly ensures that the person on the other side is genuinely present.
Don’t just take our word for it—experience the standard. Request a Demo at Truly.ws