AI is booming — but proving you’re human matters more than ever

If you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains and industry momentum.

But as I bounced between booths, sessions and meetings, a single statement still rings true: In this world of AI, you still need to ensure that you’re still human. And that’s not just a clever tagline, but a real-world necessity for enterprises and consumers alike.

AI doesn’t care who you are and it doesn’t know your intentions. This could make it difficult to tell the difference between an authorized admin or a malicious actor using stolen credentials. That job still belongs to authentication, and more importantly, to the human behind the authentication.

We spend so much time building smarter, more automated systems, but none of that matters if a person in that access chain gets phished, socially engineered or deepfaked into handing over their credentials – and attackers know it. AI has supercharged phishing attacks – it can help bad actors personalize emails at scale, spoof voices and video on calls and easily create fake login pages that look just like your internal tools. One mistyped password, one clicked link and suddenly your “Zero Trust” framework has a very real trust issue.

This is why we have to rethink what trust and verification looks like in an AI-driven world. It’s not just about smarter systems or advanced analytics – it’s about binding identity to something that can’t be faked, phished or replicated by an AI machine. That’s where strong, phishing-resistant authentication that requires a human presence and touch comes in as a crucial component of verifying digital identities in an online world not initially built with security in mind. That’s the power of device-bound passkeys. That’s the power of the YubiKey

YubiKeys are the gold standard for modern authentication because they bind login credentials to the physical world and you. They don’t rely on phishable credentials that can be stolen, like passwords, or codes that can be intercepted, like legacy one-time passcodes (OTPs). Modern FIDO passkey authentication proves that the person logging in is the one who’s supposed to be there.

The YubiKey cuts through the noise with one very real signal: This credential is stored on a trusted device and the login is backed by a human touch.

I had many conversations at RSA with folks who are wrestling with this exact problem and that’s where the YubiKey shines. They don’t just make authentication easier and stronger, they make it more human. And in a time where bots can generate unlimited content, deepfake interviews or simulate keyboard activity, we need that physical, phishing-resistant security  more than ever.

It’s important to balance the benefits and unknowns that AI presents. In a world where machines are beginning to mimic almost anything, verifying human intent and presence is critical. And when the security of your enterprise or personal online identity is on the line, trust starts at the point of login. Because at the end of the day, the strongest security signal isn’t artificial – it is, and will always be, human.

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST