Why AI is central to federal identity assurance

As federal agencies continue to expand digital services, identity has become a foundational element of both cybersecurity and public trust. Ensuring that users are who they claim to be — and that their information remains protected across digital interactions — is now a central challenge for government IT leaders. Artificial intelligence (AI) is playing a growing role in strengthening identity assurance while helping agencies counter increasingly sophisticated fraud, including deepfakes, impersonation schemes, and account takeovers.

During a recent video discussion produced by Scoop News Group, federal and industry leaders explored how AI is reshaping identity proofing, continuous verification, and fraud prevention across government. The conversation highlighted both the policy considerations shaping identity standards and the operational realities agencies face as they modernize digital access.

Babur Kohy, director of the federal identity and cybersecurity division within GSA’s Office of Technology Policy, said agencies face a combination of technical, operational and policy challenges as they evolve identity systems.

“Identity proofing or verification faces a multitude of challenges, ranging from outdated perspectives to technological limitations,” says Kohy. “This is an area that requires refinement in terms of both standards and technological development, so that we’re building better versus building bigger.”

Kohy noted that most agencies rely on commercial technologies for identity proofing and continuous verification, reflecting a deliberate public-private partnership model designed to keep pace with rapid innovation. “Without the commercial vendors, it’s difficult for the government to operate,” he says. “It has been a really good partnership between government agencies and our commercial partners to ensure we have the best identity proofing and verification technologies available.”

Kohy’s office manages IDManagement.gov, which provides agencies with guidance on identity, credential, and access management as well as zero trust implementation. He emphasized that identity must be treated as a foundational layer of any cybersecurity strategy. “If we cannot properly identify and verify initially, everything else when it comes to security and identity is going to be much more challenging,” he says. “It all begins and ends with identities.”

Shifting from policy guidance to operational execution, Richard Grape, Senior Director of Strategy, Market Transformation, at LexisNexis Risk Solutions, said agencies must move beyond one-time identity checks and adopt continuous assurance models that reflect evolving risk.

“Identity is a lot more than just a one-time assurance event,” says Grape. “There are many agencies that still treat it as a single gate, and then they don’t necessarily vet that identity to the same level once an account is established. Account takeover and impersonation are serious threats right now.”

Grape urged agencies to think of identity assurance as a journey rather than a checkpoint, with controls that adjust as risk levels change. “You need a breadth of solutions that can do low-friction automated checks, but also deploy stronger tools when risk increases,” he says. “Think of identity assurance as a scalpel, not a hammer.”

Both speakers pointed to the need for AI-enabled defenses to counter AI-enabled fraud. “Use good AI to fight bad AI,” says Grape. Kohy noted his office’s work with the Defense Advanced Research Projects Agency (DARPA) to expand the use of deepfake detection tools and supporting playbooks across government.

Grape added that collaboration across agencies and sectors is essential to staying ahead of fraudsters.  “There are lessons others can share about risk signals and bad actors,” he says. “There are ways to do that securely and, in a privacy-preserving way that can create firmer gates for fraudsters.”

Beyond today’s threats, agencies are also preparing for emerging risks such as post-quantum cryptography and synthetic identity fraud. Both experts emphasized the importance of experimentation and adaptability as technology continues to evolve.  “Technology is evolving much faster than we can implement,” says Kohy. “But that leads to experimentation — and experimentation is how we build better guidance.”

Ultimately, the future of digital government will be defined as much by identity assurance as by service delivery. As agencies expand digital access, AI-driven identity defenses will play an increasingly critical role in protecting public trust, securing services, and staying ahead of emerging cyber risks.

Learn more about AI-driven identity assurance here.

This video panel discussion was produced by Scoop News Group for FedScoop and underwritten by LexisNexis Risk Solutions.