I talk endlessly about presentation attack detection independent testing, but I occasionally discuss injection attack detection independent testing also, who performs the test (as more entities do so), and who has been tested.
The testing entities perform the test according to the European Committee for Standardization (CEN) standard CEN/TS 18099:2025.
“This document provides an overview of:
– Definitions of biometric data injection attacks;
– Use cases for injection attacks with biometric data on essential hardware components of biometric systems used for enrollment and verification;
– Tools for injection attacks on systems using one or more biometric modalities.
This document provides guidance for:
– Injection Attack Instrument Detection System (defined in 3.12);
– adequate risk mitigation for injection attack tools;
– Creation of a test plan for the evaluation of an injection attack detection system (defined in 3.9).”
And Ingenium and BixeLab have developed their own testing methods.
iBeta and Injection Attack Detection Testing
And if you need a third choice of a testing lab, there is one. Via a sponsored post, iBeta joined the party.
“A new testing solution from iBeta Quality Assurance meets a growing need for evaluations of injection attack detection (IAD) products. The lab’s IAD testing launches today, and will be part of what iBeta showcases at Identity Week 2026 in Amsterdam next week. It includes testing up to Level 3, against the European standard CENS/TS 18099: 2025, across multiple platforms. And it presages the planned 2027 publication of the ISO/IEC standard dedicated to injection attack testing. iBeta will release a IAD testing solution for the ISO standard when it is released.”
Changes
The Biometric Update quote about the forthcoming ISO/IEC standard illustrates the challenge in testing when standards change, and new standards are adopted.
Something the Kantara Initiative recently addressed:
“Kantara Initiative announces the formal publication of the Kantara Initiative International Assurance Program: SP 800-63A-4 Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA), aligned to NIST Special Publication 800-63A Revision 4 – Identity Proofing.
“Following completion of the public review process and consideration of community feedback, the assessment criteria have been finalized and are effective immediately.”
NIST Special Publication 800-63A Revision 4 is the successor to Revision 3. Kantara Initiative previously offered assessments against the older standard, and can now assess against the newer one.
This illustrates the ripple effect of standards revisions…and in the case of injection attack detection, upcoming new standards.
Or, in official terms, Pope Leo XIV issued his first encyclcial.
An encyclical is a document issued by a Roman Catholic pope providing guidance upon an issue that affects church members…and frankly non-church members also.
They are officially entitled in Latin, although the text is translated into many languages. The title of the encyclicals issued by Pope Leo’s predecessor, Pope Francis, include
Pope Leo’s is called “Magnifica Humanitas” (English here).
Why would ID Tech, or Bredemarket, spend time discussing the writings of a Roman Catholic Pope?
Because the encyclical is subtitled as follows:
ON SAFEGUARDING THE HUMAN PERSON IN THE TIME OF ARTIFICIAL INTELLIGENCE
That seems…relevant.
Because while we can consider artificial intelligence from technological and business perspectives, we can also certainly consider it from a moral perspective. And Pope Leo did, in a document numbered with 245 paragraphs. Let’s take a look at…um…the 95th one (heh):
“95. Here, we must recognize another crucial aspect, which I have noted earlier. In many cases within the digital context, control over platforms, infrastructure, data and computing power does not rest with States, but with major economic and technological actors. These entities effectively set the conditions for access, determine the rules of visibility and shape the very possibilities for participation. When such power is concentrated in the hands of a few, it tends to become opaque and evade public oversight, increasing the risk of distorted forms of development that give rise to new dependencies, exclusions, manipulations and inequalities.”
Why does Pope Leo care about tech bros? To answer that question we have to go to the beginning of the first paragraph.
“Humanity, created by God in all its grandeur, is today facing a pivotal choice: either to construct a new Tower of Babel or to build the city in which God and humanity dwell together.”
Google Gemini.
For those not familiar with the Bible, the Tower of Babel story in the Old Testament represents an episode in which, due to “stuff,” all the people of the world were divided and unable to talk to each other. Pope Leo goes into more detail in paragraph 7:
“7. In order to answer these questions and discern how to navigate responsibly the era of AI, I would like to bring to mind two scenes from the Bible: the construction of the Tower of Babel (cf. Gen 11:1-9) and the rebuilding of the walls of Jerusalem (cf. Neh 2–6). The story of Babel appears in the Book of Genesis, at the origins of humanity, immediately after the genealogies of Noah’s sons. After settling in a plain in the land of Shinar, the people decided to build a city and a tower “with its top in the heavens” (Gen 11:4). Fearing being scattered across the earth, they sought to guarantee stability and power for themselves, and above all to “make a name” for themselves. It was an impressive feat: a single language, a single technology, a single direction. However, the project concealed a profound danger. It was a project conceived without reference to God, supported by a uniformity that eliminated diversity and that chose homogenization over communion. When a city is built on pride and the claim to self-sufficiency, communication breaks down, languages are confused and people no longer understand each other. The result is not unity, but dispersion. Babel thus reveals the limits of any effort that, however grandiose, arises from self-affirmation, sacrifices human dignity for efficiency and aspires to reach heaven without God’s blessing.”
If you strip the Tower of Babel episode from its religious trappings, it describes the pursuit of technology for technology’s sake, not necessarily benefiting the people and their needs. (Actually, their diverse needs.)
Most people agree that sacrificing human dignity for efficiency is undesirable regardless of your religious beliefs or lack thereof.
Pope Leo isn’t the only religious leader sounding a warning
Elder Gerrit W. Gong of the Church of Jesus Christ of Latter-Day Saints has also spoken on the topic.
“Increasingly, AI influences how we perceive real and unreal; the relationships we hold most important; the ways we work and organize society. We know AI needs stable character for moral judgment. Highly capable algorithmic reasoning is not human intelligence. AI systems will manifest admirable human values and judgment only as we imbue AI personas with such. Questions transcend technology. We need trust, safeguards, and goodwill as we work through competing values and priorities regarding AI.
“A high-stakes public conversation is opening. Publics want AI to be used safely, ethically, transparently—for children, others who are vulnerable, and citizens concerned for community costs and uses of water, electricity, and land, and for continuing impacts on jobs, education, and opportunity.”
And Elder Gong also addressed the tech bros.
“Beyond the speed and scope of AI disruption is another unprecedented challenge: AI is concentrating information, technology, and capital and thereby centralizing power. Concentrated, centralized power infringes freedom. It undermines the sovereignty of individuals, companies and countries. The complexities of data (including autonomy, integrity, privacy, security, sovereignty) and intellectual property (including creativity, ownership, provenance) further complicate individual, company, and country independence.”
Considering the history of this church as a minority group often facing persecution, it fears (from its perspective) being shut out of the international conversation.
“These developments underscore the need for pluralistic faith and ethics AI evaluation benchmarks and moral compass in AI. Pluralistically portraying faith traditions accurately, honestly, and respectfully does not privilege one faith tradition over another, or belief over nonbelief. It does not seek to convert individuals. It does not adjudicate faith claims. Pluralistically benchmarking faith and ethics in AI is not an imposition of religion on AI.”
Do you see the repeated references to “pluralistic” here?
We don’t want an LDS AI, or a Catholic AI, or a Tech Bro AI, or any other narrowly-defined AI. That would be catastrophic.
“Aware, Inc. (NASDAQ: AWRE)…announced the successful completion of an independent Injection Attack Detection (IAD) evaluation of its Aware Intelligent Liveness solution, conducted by BixeLab, a globally recognized authority in biometric testing and certification.”
4th Sector Innovations is no longer in Ontario—they paved paradise, put up a parking lot.
But bridges are just as important in 2026 as they were in 2021.
“Without a bridge, you’re stuck at one place and can’t get to the other place. Or you can try to get to the other place, but you may get very wet.
“Businesses need bridges to connect with their customers. When the bridges are erected, the customers understand what the businesses can do for them. If the customers need those particular services, they can buy them.”
This is critically important when the business is extremely technical but the customers and prospects aren’t. How does this amazing technology benefit the customers? Do they make more money? Do they keep their cities safer?
One advantage of moving from analog to digital instrumentation was in creating perfect production. While there are obvious disadvantages to non-human identity musical performances, at least MIDI pre-programming ensures that every note is played at precisely the right moment. As is every drumbeat.
Devo has had several drummers over the years (including the other Mothersbaugh brother Jim), but their drummer during their most renowned period was Alan Myers. He’s the one wearing glasses who is NOT Mark. This is what Jerry said:
“When you see and/or hear Alan perform live in DEVO performance videos or on our records from our heyday it’s somewhat mind-boggling to think that Alan drummed the way he did, when he did. I have flippantly referred to him in interviews as “the human metronome.” It was a comment meant to bequeath giant praise. Clearly his precision and power eclipsed whatever advantages that soulless drum machines can ever offer.”
During his years with DEVO, the band evolved from a live mostly-guitar band to one in which an entire album centered around the Fairlight CMI. And this, um, evolution affected Myers.
“The man who was considered the human drum machine had been pretty much replaced by actual drum machines on Devo’s 1984 album Shout, leaving him creatively disillusioned.”
So he left the band, presaging events nearly 40 years later when humans were replaced by non-humans.
Yeah, I knew I could shove this square peg into Bredemarket’s round hole.
“The cable channel had a problem with the animated crinkle cut french fry entering the doughnut hole….They really had a problem with the following shot of the woman with an ecstatic look on her face.”
Anyway, here’s a fun video…not a good video. And not “Peek-A-Boo”; that one freaked me out.
“Despite its undeniable impact on all of us, artificial intelligence is just a feature. Like the Pentium, or Corinthian leather.
“And it’s a feature that everyone has. Not a differentiator at all.
“To say your software is AI-powered is like an automotive company saying their cars have tires.
Google Gemini.
“How many times do you see Ford or Toyota saying their cars have tires?
“They don’t waste their time talking about something that everyone has.
“And you shouldn’t waste your time talking about your AI feature.”
But people continuously talk about AI anyway. And in parallel, a bunch of free newsletters and not-so-free courses are offering to teach you everything about AI.
“But I took the initiative and educated myself about TI. I subscribed to a free weekly newsletter that covered all the aspects of TI in detail. Frank, I’ll Slack you the link and within a week you’ll know more about TI than Ethan!”
In case you missed it, “TI” stands for “tire intelligence.”
But a funny thing happened when I wrote that post.
I linked to a REAL free newsletter on tires.
Tire Review is a real website that offers a variety of free weekly e-newsletters that are all about tires. But for the record, Tire Review does NOT believe that tire intelligence is the nexus of the most significant advance of the last 100 years.
And I ended up subscribing to it, even though I am not in the tire business (although I am a user) and the chances of Bredemarket acquiring a tire client are very low…but not zero.
So without further ado, here’s Bredemarket’s take on tire sidewall stiffness, based upon this Tire Review article.
To understand this, you need to remember that a driver’s connection to the road is based upon the connection between the road and the four (or eighteen) tires (“contact patches”) on the vehicle. These contact patches are essential, a point that Amanda Sorensen makes in another Tire Review article.
“You’re feeling everything in your body, and the craziest part to think about is that at the end of the day, it comes down to the four contact patches that are on the ground and what you’re feeling as the tires are feeding information through the speed of the car.”
Back to the sidewall discussion.
“Most drivers focus on tread design, tread wear or overall tire appearance. However, sidewall stiffness also plays a major role in how a tire feels and performs on the road.”
So what do stiff sidewalls do?
“Tires with greater sidewall stiffness flex less during operation. As a result, the tire reacts more quickly when the driver turns the steering wheel.
“Drivers may notice sharper steering response during lane changes or cornering. Many drivers associate that quicker response with improved control and stability.”
But steering sharpness comes at the expense of comfort. If you want a smoother ride, you need softer sidewalls.
So in the same way that biometric vendors tune their systems to minimize either false positives or false negatives, “[t]ire manufacturers tune sidewall stiffness to match specific driving priorities such as comfort, handling, stability or load support.”
“Arizona is among the first states in the country to transition beyond the digital driver licence (mDL) into full-fledged mobile vehicle documentation, officially updating its proprietary Arizona Wallet app. They have allowed residents to upload and store their official vehicle registration, title information, and insurance details directly onto their smartphones.”
But there’s a philosophical problem here.
As I’ve noted previously, title (and registration) are primarily associated with a non-person entity (the vehicle), not a person.
Yes, a person may hold the title to a vehicle. Or the title may be held by two people, in the case of spouses.
But the title belongs to the vehicle.
Yet the aforementioned Arizona Wallet app is held by people.
Shouldn’t a vehicle have its own wallet, and then grant access to elements in the wallet to one or more person wallets?
And what if the car gets mad at its human owner(s) for boring driving habits and not taking it to the car wash every week, and therefore decides to change its registered owner to someone else who is more exciting and car-loving?
Google Gemini.
I’ll admit that this is a flight of fancy, but it raises governance issues about maintaining non-human identities.
We were both saying the same thing, but from different perspectives.
Here’s part of how Wheatley put it.
“Focus on care and concern – reach out, offer help, stay true to your company purpose and values.
“Meet your customers where they are – both where they ‘hang out’ now, and to meet their current concerns.”
But it’s important to remember why you’re doing this.
“Building a good marketing plan helps motivate your audience to take the next step. And, in the end, to say “yes” to what you’re offering.
“But of course, they need to want to come. Your intent needs to be authentic. It will be if you genuinely believe that you can offer them value (and they recognise that) and you want to be in the relationship for the long term, not just to make a quick sale this quarter.”
Earlier this week I signed a contract with a former client from the first stint of Bredemarket (2020-2022). I had to end that contract because my then-new employer Incode competed with my client.
But then Incode became my ex-employer, and eventually my former client came back.
Bredemarket 