Ray argues that AI does not hallucinate, but instead confabulates. He explains the difference between the two terms:
“A hallucination is a conscious sensory perception that is at variance with the stimuli in the environment. A confabulation, on the other hand, is the making of assertions that are at variance with the facts, such as “the president of France is Francois Mitterrand,” which is currently not the case.
“The former implies conscious perception, the latter may involve consciousness in humans, but it can also encompass utterances that don’t involve consciousness and are merely inaccurate statements.”
And if we treat bots (such as my Bredebot) as sentient entities, we can get into all sorts of trouble. There are documented cases in which people have died because their bot—their little buddy—told them something that they believed was true.
Adapted by Google Gemini from the image here. CBS Television Distribution. Fair use.
After all, “he” or “she” said it. “It” didn’t say it.
Today, we often treat real people as things. The hundreds of thousands of people who were let go by the tech companies this year are mere “cost-sucking resources.” Meanwhile, the AI bots who are sometimes called upon to replace these “resources” are treated as “valuable partners.”
Are we endangering ourselves by treating non-person entities as human?
“Los Altos, CA, November 13, 2025 – Descope, the drag & drop external IAM platform, today announced that it has been recognized as a Leader in the 2025 Frost Radar™ for Non-Human Identity (NHI) Solutions, further validating Descope’s fast growth and innovation in the agentic identity space.”
“…an industry-first platform that helps organizations solve authentication and authorization challenges for AI agents, systems, and workflows. Notable additions include providing apps an easy way to become agent-ready while requiring user consent, providing agents a scalable way to connect with 50+ third-party tools and enterprise systems, and helping developers using the Model Context Protocol (MCP) protect their remote MCP servers with purpose-built authorization APIs and SDKs.”
“The Frost Radar™ is a robust analytical tool that allows us to evaluate companies across two key indices: their focus on continuous innovation and their ability to translate their innovations into consistent growth.”
It uses four classifications.
Frost classification
What it means
What it REALLY means
Growth and Innovation Leaders
High innovation (Y axis) and growth (X axis)
Good
Innovation Leaders
High innovation
Stagnant growth
Growth Leaders
High growth
Stagnant innovation
Challengers
Low growth and innovation
Stagnant everything
So a “Leader” could lead in some things, but not in others.
Even Descope’s announcement includes a Frost Radar picture that indicates that Descope may be a leader, but others (such as Saviynt and Veza) may be more leaderly.
But I guess it’s better to be some sort of “leader,” or even a “challenger,” then to not be recognized at all.
People weren’t laughing at Joel R. McConvey when he reminded us of a different saying:
“In Silicon Valley parlance, ‘create the problem, sell the solution.'”
Joel R. McConvey’s “tale of two platforms”
McConvey was referring to two different Sam Altman investments. One, OpenAI’s newly-released Sora 2, amounts to a deepfake “slop machine” that is flooding our online, um, world in fakery. This concerns many, including SAG-AFTRA president Sean Astin. He doesn’t want his union members to lose their jobs to the Tilly Norwoods out there.
The deepfake “sea of slop” was created by Google Gemini.
“What if we could reduce the efficacy of deepfakes? Proof of human technology provides a promising tool. By establishing cryptographic proof that you’re interacting with a real, unique human, this technology addresses the root of the problem. It doesn’t try to determine if content is fake; it ensures the source is real from the start.”
Google Gemini. Not an accurate depiction of the Orb, but it’s really cool.
As I’ve said before, proof of humanness is only half the battle. Even if you’ve detected humanness, some humans are capable of their own slop, and to solve the human slop problem you need to prove WHICH human is responsible for something.
Which is something decidedly outside of World’s mission.
But is it part of YOUR company’s mission? Talk to Bredemarket about getting your anti-fraud message out there: https://bredemarket.com/mark/
Whether you are a human or a non-person entity (NPE) with facial recognition capability, you rely on visual cues to positively identify or authenticate a person. Let’s face it; many people resemble each other, but specific facial expressions or emotions are not always shared by people who otherwise look alike.
All pictures Google Gemini.
But in one of those oddities that fill the biometric world, you can have TOO MUCH expression. Part 3 of International Civil Aviation Organization (ICAO) Document 9303, which governs machine readable travel documents, mandates that faces on travel documents must maintain a neutral expression without smiling. At the time (2003) it was believed that the facial recognition algorithms would work best if the subject were expressionless. I don’t know if that holds true today.
But once the smile is erased, any other removal of expression or emotion degrades identification capability significantly. For example, closing the eyes not only degrades facial recognition, but is obviously fatal to iris recognition.
And if you remove the landmarks upon which facial recognition depends, identification is impossible.
While expression or lack thereof does not invalidate the assumption of permanence of the biometric authentication factor, it does govern the ability of people and machines to perform identification or authentication.
There are a variety of non-person entities, all of which may engage in felonies. Take the late Maya Jean Yourex of Costa Mesa, California, who was encouraged to register to vote…even though Maya is a dog.
I’m sure that Carl DeMaio will hop on this story immediately.
Maya’s voting history
Maya first voted via mail-in ballot in the 2021 California gubernatorial recall election of Gavin Newsom. We know about this because Laura Lee Yourex posted a picture in January 2022 of her dog wearing an “I voted” sticker.
This could be dismissed as a silly picture, but Laura Lee’s October 2024 post exemplifies dumb crime. According to Orange County District Attorney spokeswoman Kimberly Edds (who presumably is human, though I haven’t verified this):
“Yourex had posted [a photo] in October 2024 of Maya’s dog tag and a vote-by-mail ballot with the caption “Maya is still getting her ballot,” even after the dog had passed away…”
The second ballot was rejected, but the first was counted.
Maya got away scot-free.
The fix was in. Imagen 4.
But Laura Lee potentially faces five felonies:
two counts of casting a ballot when not entitled to vote
perjury
procuring or offering a false or forged document to be filed
registering a non-existent person to vote
She is scheduled to enter a plea on Tuesday and theoretically faces six years behind bars.
“Proof of residence or identification is not required for citizens to register to vote in state elections or cast ballots in state elections, which was how Maya’s vote counted in the recall election of Newsom….
“It was not immediately known on Friday how Maya voted in that election.
“However, proof of residence and registration is required of first-time voters in federal elections, and the ballot in Maya’s name for the 2022 primary was challenged and rejected….”
Voting agencies can’t find fake IDs
However, as I have previously noted, voting officials do not have the knowledge or tools to determine whether a government identification document is legitimate.
This is fake. Well, the card is real, but it’s not official.
As long as Maya’s ID declared that she was 18 years old, some voting officials would approve it.
Even if Maya’s face on the ID was a dog face.
This is also fake. Really fake, since it’s Imagen 4 generated.
Beyond “ID plus selfie“
As for proof of residency, Laura Lee’s electric bill could list Maya on the account, and Southern California Edison would be none the wiser.
Which is why many identity verification processes go beyond “ID plus selfie” (what you have plus what you are), and also include checks of textual databases for additional evidence of the person.
I doubt that Laura Lee enrolled her dog Maya in all of these sources. How many Social Security Numbers, email addresses, bank accounts, credit cards, and other records would Maya have? “Canine identifiable information” (CII)?
Do you validate identities?
If you are a marketing leader that wants to promote your identity solution, and your company can benefit from a marketing consultant with 30 years of identity experience, schedule a meeting with Bredemarket at bredemarket.com/mark.
Have you ever used the phrase “sort of unique”? Something is either unique or it isn’t. And International Mobile Equipment Identity (IMEI) numbers fail the uniquness test.
Claims that International Mobile Equipment Identity (IMEI) numbers are unique
Here’s what a few companies say about the IMEI number on each mobile phone. Emphasis mine.
Thales: “The IMEI (International Mobile Equipment Identity) number is a unique 15-digit serial number for identifying a device; every mobile phone in the world has one.”
Verizon: “An IMEI stands for International Mobile Equipment Identity. Think of it as your phone’s fingerprint — it’s a 15-digit number unique to each device.”
Blue Goat Cyber: “In today’s interconnected world, where our smartphones have become an indispensable part of our lives, it is essential to understand the concept of IMEI – the International Mobile Equipment Identity. This unique identifier plays a crucial role in various aspects of our mobile devices, from security to tracking and repairs.”
These and other descriptions of the IMEI prominently use the word “unique.” Not “sort of unique,” but “unique.”
Which means (for non-person entities, just like persons) that if someone can find a SINGLE reliable instance of more than one mobile phone having the same IMEI number, then the claim of uniqueness falls apart completely.
Examples of non-uniqueness of IMEI numbers on mobile phones
“In theory, hackers can clone a phone using its IMEI, but this requires significant effort. They need physical access to the device or SIM card to extract data, typically using specialized tools.
“The cloning process involves copying the IMEI and other credentials necessary to create a functional duplicate of the phone. However, IMEI number security features in modern devices are designed to prevent unauthorized cloning.”
So don’t claim an IMEI is unique when there is evidence to the contrary. As I said in my April post:
“NOTHING provides 100.00000% security. Not even an IMEI number.”
What does this mean for your identity product?
If you offer an identity product, educate your prospects and avoid unsupportable claims. While a few prospects may be swayed by “100%” claims, the smarter ones will appreciate more supportable statements, such as “Our facial recognition algorithm demonstrated a 0.0022 false non-match rate in the mugshot:mugshot NIST FRTE 1:1 laboratory testing.”
When you are truthful in educating your prospects, they will (apologizes in advance for using this overused word) trust you and become more inclined to buy from you.
If you need help in creating content (blog posts, case studies, white papers, proposals, and many more), work with Bredemarket to create the customer-focused content you need. Book a free meeting with me.
“Google has released its MedGemma and MedSigLIP models to the public, and they’re powerful enough to analyse chest X-rays, medical images, and patient histories like a digital second opinion.”
“In the United States, it is a criminal offense for a person to claim they are a health professional when they are not. But what about a non-person entity?”
In the announcement, Google asserted that their tools are privacy-preserving, allowing developers to control privacy. In fact, developers are frequently mentioned in the announcement. Yes, developers.
OH wait, that was Microsoft.
The implication: Google just provides the tool: developers are responsible for its use. And the long disclaimer includes this sentence:
“The outputs generated by these models are not intended to directly inform clinical diagnosis, patient management decisions, treatment recommendations, or any other direct clinical practice applications.”
We’ve faced this before
And we’ve addressed this also, regarding proper use of facial recognition ONLY as an investigative lead. Responsible vendors emphasize this:
“In a piece on the ethical use of facial recognition, Rank One Computing stated the following in passing:
“‘[Rank One Computing] is taking a proactive stand to communicate that public concerns should focus on applications and policies rather than the technology itself.’”
But just because ROC or Clearview AI or another vendor communicates that facial recognition should ONLY be used as an investigative lead…does that mean that their customers will listen?
Bredemarket 