Pierluigi Paganini
April 06, 2025
Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states.
“You can now generate fake passports with GPT-4o. It took me 5 minutes to create a replica of my own passport that most automated KYC systems would likely accept without blinking.” Musielak wrote on X. “The implications are obvious –any verification flow relying on images as “proof” is now officially obsolete. The same applies to selfies. Static or video , it doesn’t matter. GenAI can fake them too. Photo-based KYC is done. Game over.”
You can now generate fake passports with GPT-4o.
— Borys Musielak @ Warsaw (@michuk) April 1, 2025
It took me 5 minutes to create a replica of my own passport that most automated KYC systems would likely accept without blinking.
The implications are obvious –any verification flow relying on images as “proof” is now officially… pic.twitter.com/SNnH8zYMGq
The AI-crafted document closely mimicked a real passport, exposing major flaws in digital ID verification systems that rely solely on photo and selfie matching, without chip validation.
Musielak highlights concerns over the vulnerability of current ID verification systems. Unlike typical forgeries, he avoided common AI flaws, showing how quickly and easily convincing fakes can now be made, far more efficiently than with tools like Photoshop.
Tech News reported that the fake passport generated using ChatGPT-4o successfully bypassed basic KYC checks used by fintech platforms like Revolut and Binance, which depend on photo ID uploads and user selfies. Musielak warned of the rising threat of mass identity theft, fraudulent credit applications, and fake account creation, which are now more scalable with generative AI. Experts are calling for stronger defenses, including broader use of NFC-based verification and electronic identity documents (eIDs), which offer more resilient, hardware-level authentication.
Notably, within hours of Musielak’s demonstration, ChatGPT started rejecting comparable prompts, referencing its safety policies against generating fake documents.
“The only viable path forward is digitally verified identity, like eID wallets mandated by the EU. One of the companies ahead of this shift is our portfolio startup.” added the expert. “@authologic. If you’re running KYC in banking, insurance, travel, crypto, or anywhere else — it’s time to upgrade your process. Your users deserve better. So does your compliance team.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ChatGPT-4o)
