In a world of ‘scary good’ deepfakes and growing agentic abilities, it was inevitable that enterprises were going to face an issue with who’s who in their organisation. Can it be proved that it’s the right person on the end of an email or call? Zoom has partnered with World — Sam Altman’s biometric identity venture — to introduce a feature that lets meeting participants display a “Verified Human” badge next to their name. The badge confirms, via iris scan and real-time facial matching, that the person on camera is a biological human being and not a synthetic construct.

It works. The technology is genuinely smart, but is it a sign of greater challenges that lie ahead, and will they be a continual barrier to the many benefits agentic AI brings.

The fraud is already here

In early 2024, an employee at engineering firm Arup authorised a series of wire transfers during a video call. Every other participant turned out to be an AI-generated deepfake — including the company’s CFO. The loss was $25 million. A similar attack hit a multinational in Singapore in 2025. Across the industry, deepfake-enabled fraud exceeded $200 million in the first quarter of 2025 alone.

The response from the security industry has been to build better detectors — AI tools that analyse video frames in real time, looking for artefacts of synthetic generation. Pindrop, Reality Defender, and Resemble AI all offer this kind of frame-by-frame detection on Zoom’s own marketplace. The problem is that the models generating the deepfakes are improving faster than the models detecting them. Zoom and World have acknowledged this directly: Deep Face sidesteps the detection problem altogether by verifying identity against a biometric record rather than trying to inspect pixels.

That’s the right approach, but it also reveals something important about where the threat is actually heading.

The agentic dimension

So far, most discussion of deepfake fraud has focused on bad actors using synthetic video to impersonate humans. That is a real and growing problem, but there’s a second dimension that has received far less attention: the legitimate, sanctioned deployment of AI agents inside the same video and collaboration infrastructure.

Agentic AI is already attending meetings — to listen, summarise, take decisions, and trigger action points. Zoom’s own expansion of its agentic platform, announced in March, described AI systems that turn conversations into completed business outcomes without human follow-through. Digital twins that represent your viewpoint in meetings you didn’t attend are not a speculative capability; they are a current product roadmap item.

This creates a paradox at the centre of the “Verified Human” concept. Enterprises are simultaneously trying to ensure that the people on their calls are real humans and are deploying AI agents to attend calls where human participation would otherwise be expected. Both things are happening at once, sometimes within the same organisation, and the governance frameworks to handle the resulting ambiguity are continually playing catchup.

Threat actors are now using AI to join calls, request IT support, and reset passwords, operating in ways that are behaviourally indistinguishable from legitimate automated agents. The attack surface is not just deepfake humans. It is the difficulty of distinguishing between a sanctioned AI agent, an impersonating AI agent, and a real human — in real time, at enterprise scale.

What enterprises are actually doing

The response from security-conscious organisations has so far been fragmented. Some are requiring verification for any call involving financial authorisation — a phone call to a known number before any transfer is confirmed etc. Others are introducing multi-step authentication protocols that must be completed before certain categories of meeting can proceed. A smaller number are beginning to build identity governance frameworks that treat AI agents and humans as distinct but equally governed participants, each with defined permissions, audit trails, and access limitations.

The challenge is that most enterprises are deploying AI agents into their collaboration infrastructure faster than they are building the frameworks to govern them. Zoom’s agentic platform expansion, Copilot’s attendance at meetings, the proliferation of numerous AI notetakers and workflow agents — all of this is happening in organisations where the identity question has not been resolved. Who authorised this agent to be here? What is it permitted to do with what it hears? How do we know it has not been compromised? These are the same governance questions we covered in the context of AgentOps, applied to a different use case.

The verification arms race

Zoom’s integration with World is a reasonable response to the immediate problem: a high-assurance option for calls where the cost of impersonation is measured in seven figures. The limitation is practical — World ID requires iris scanning via a physical Orb device, and the network covers around 18 million users in a world where Zoom has hundreds of millions. For most meetings, it will remain a niche feature for specific high-stakes scenarios. And World itself carries regulatory baggage, with data protection authorities in Spain, Germany, the Philippines, and elsewhere having taken action over its data collection practices.

The deeper issue is that we are heading toward a future in which video calls (a default in remote work today) may routinely include a mix of humans, sanctioned AI agents, and potential imposters — and the infrastructure for distinguishing between them reliably does not exist yet. The Verified Human badge is a start, but what enterprises actually need is a Verified Participant framework: one that handles humans and agents with equal rigour, documents who and what was present, and creates an audit trail that holds up when something goes wrong.

That’s not a product announcement it’s an unsolved architectural problem. The organisations that start treating it as such now, rather than waiting for a $25 million lesson, are the ones that will be better positioned as the agentic workforce grows.