92: The Real Problem Isn't Deepfakes. It's Identity (with Jasson Casey)

In this episode of The Security Podcast of Silicon Valley, host interviews Jason Casey, a seasoned security expert and board member of Beyond Identity, about the evolving challenges of digital identity in the age of AI and deepfakes. Casey argues that the real problem isn't deepfakes themselves, but the fundamental failure to verify identity and trust in digital communications. He explains how traditional security models—relying on passwords, session cookies, and long-lived credentials—are inherently flawed because they allow secrets to move across systems, creating exploitable attack surfaces. Drawing on secure enclaves like TPMs and ARM TrustZone, Casey presents a proactive security model where credentials never leave the device, enabling real-time attestation of device integrity, user posture, and identity. This approach shifts security from reactive detection to prevention, eliminating entire classes of attacks like session hijacking and man-in-the-middle exploits. The conversation also explores how AI adoption is hampered by trust and compliance concerns, and how identity-aware systems can provide auditability and enforce policies across human and non-human agents in AI workflows. Casey emphasizes that security must align with business outcomes—reducing friction, improving user experience, and even driving revenue growth—while stressing that foundational computer science principles remain vital in the AI era. Key takeaways include: 1) The shift from detecting deepfakes to verifying identity and device integrity is critical; 2) Immovable credentials via secure enclaves eliminate credential theft and session hijacking; 3) Identity is the universal bridge across all digital interactions, making it the ideal enforcement point; 4) AI security requires auditing agent identity, device posture, and data access permissions; 5) Security solutions must be designed with both IT admins and end users in mind, minimizing user friction; 6) Proactive identity protection reduces help desk tickets and security incidents while improving productivity; 7) The most effective security aligns with business goals, not just compliance; 8) Foundational knowledge of how computers work remains essential for building resilient systems. The episode concludes with Casey’s conviction that fundamentals matter more than ever, and that the future of security lies in prevention, not detection.