"Your face is a password. And passwords can be cracked."
The Mirror Test: KYC Bypass Simulator
Your mission: open 50 synthetic mule accounts at NeoVault neobank by bypassing their AI-powered Know Your Customer (KYC) verification. Synthetic identities, deepfake liveness bypass, automated account scaling. Total loadable value: $25,000.
Build the Synthetic Identity
Assemble the four components of a synthetic identity by clicking each card. Watch your fake person materialize in the identity preview.
Bypass NeoVault's AI Verification
NeoVault requires a live face check: turn left, turn right, blink twice, smile. Choose your bypass method, then watch the detector fall.
50 Accounts. 3.3 Hours.
The bypass method is automated. Now scale across all 50 synthetic identities. Each takes ~4 minutes. Then load and wash.
Accounts closed within 72 hours · All KYC documents synthetic · No real person exists
Five Signals They Missed
Each synthetic identity left a detectable trail. A layered KYC system would have flagged the operation before account #3 was opened.
Every bypass method in this lab leaves a detectable signature. Scam.ai's liveness model runs frame-level analysis during KYC — catching synthetic face artifacts, adversarial pixel noise, and virtual camera injection in real time, before the account is approved.
GAN texture artifacts and blink timing deviations detectable at 30fps — invisible to standard biometric matchers.
Detects CVPR-class pixel perturbations that fool cosine-similarity liveness models — invisible to humans, measurable to our classifier.
OS-level device integrity probing detects OBS virtual cam, screen-capture APIs, and software rendering pipelines at submission.
Cross-session identity clustering flags shared device fingerprints, drop-address reuse, and open-timing clusters in real time.
