If you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains and industry momentum.
But as I bounced between booths, sessions and meetings, a single statement still rings true: In this world of AI, you still need to ensure that you’re still human. And that’s not just a clever tagline, but a real-world necessity for enterprises and consumers alike.
AI doesn’t care who you are and it doesn’t know your intentions. This could make it difficult to tell the difference between an authorized admin or a malicious actor using stolen credentials. That job still belongs to authentication, and more importantly, to the human behind the authentication.
We spend so much time building smarter, more automated systems, but none of that matters if a person in that access chain gets phished, socially engineered or deepfaked into handing over their credentials – and attackers know it. AI has supercharged phishing attacks – it can help bad actors personalize emails at scale, spoof voices and video on calls and easily create fake login pages that look just like your internal tools. One mistyped password, one clicked link and suddenly your “Zero Trust” framework has a very real trust issue.
This is why we have to rethink what trust and verification looks like in an AI-driven world. It’s not just about smarter systems or advanced analytics – it’s about binding identity to something that can’t be faked, phished or replicated by an AI machine. That’s where strong, phishing-resistant authentication that requires a human presence and touch comes in as a crucial component of verifying digital identities in an online world not initially built with security in mind. That’s the power of device-bound passkeys. That’s the power of the YubiKey.
YubiKeys are the gold standard for modern authentication because they bind login credentials to the physical world and you. They don’t rely on phishable credentials that can be stolen, like passwords, or codes that can be intercepted, like legacy one-time passcodes (OTPs). Modern FIDO passkey authentication proves that the person logging in is the one who’s supposed to be there.
The YubiKey cuts through the noise with one very real signal: This credential is stored on a trusted device and the login is backed by a human touch.
I had many conversations at RSA with folks who are wrestling with this exact problem and that’s where the YubiKey shines. They don’t just make authentication easier and stronger, they make it more human. And in a time where bots can generate unlimited content, deepfake interviews or simulate keyboard activity, we need that physical, phishing-resistant security more than ever.
It’s important to balance the benefits and unknowns that AI presents. In a world where machines are beginning to mimic almost anything, verifying human intent and presence is critical. And when the security of your enterprise or personal online identity is on the line, trust starts at the point of login. Because at the end of the day, the strongest security signal isn’t artificial – it is, and will always be, human.
