Business January 15, 2026

How we build our AI models

profile picture Matt Prendergast 5 min read
An image of a woman holding a driving licence in one hand and her mobile phone in another.

At Yoti, AI is not a general-purpose experiment. Instead, it is a set of purpose-built tools embedded directly into our identity, authentication and age verification products, designed to deliver secure decisions quickly while not collecting or processing unnecessary data.

Rather than using large, general-purpose AI systems, we build and deploy small, specialised models that each solve a clearly defined problem. This approach gives our customers stronger security, better privacy outcomes, faster performance and greater confidence in how decisions are made.

 

How do our AI-based checks work?

At Yoti, our approach is to use multiple models to perform very specific tasks, accurately. For example, an identity verification check would typically consist of four distinct steps, each powered by its own dedicated model:

  1. Data extraction – reading data from the identity document or an NFC chip read
  2. Document authentication – checking the identity document is not tampered with or a fake
  3. Face matching – confirming the user’s face matches that of the document owner
  4. Liveness detection – ensuring the user is a real person, not a bot, deepfake or presentation attack

Together, these four steps run in seconds to produce a report and recommended outcome depending on a customer’s risk appetite, without collecting or processing more data than necessary.

Similarly, a facial age estimation check consists of three checks:

  1. Age estimation – assessing the user’s age
  2. Liveness detection – ensuring the user is a real person, not a bot, presentation attack or deepfake
  3. Secure Image Capture (SICAP) – detecting injection attacks (ensuring the image used is genuine and captured live from the device camera)

These checks typically happen in under a second and return a simple yes/no outcome about whether the user is above or below a particular age threshold (like ‘over 18’) – with no personal information shared.

 

What are the benefits to this approach?

Since our solutions are modular, businesses have the option to use only the steps relevant to their specific use case:

  • A dating platform may only have a requirement for face matching to match users’ faces to their profile pictures.
  • A bank may only require liveness checks as part of a wider multi-factor authentication (MFA) flow for high-value transactions.

Even within a single check, multiple models often run in parallel. For example, a Yoti MyFace Liveness detection – also known as Presentation Attack Detection (PAD) – check can use over 10 individual models, each analysing different elements of an image to build an overall confidence score.

This layered approach helps avoid reliance on any single model. If one signal is inconclusive, others can still provide strong evidence. For instance, where one model may return a negative result, the rest can return a positive one. This leads to greater resilience against spoofing, bots and deepfakes. Examples of these checks include:

  • Light refraction analysis – helping to detect masks or printed images
  • 3D background inference from 2D imagery – helping identify uploaded or printed images

From extensive internal testing, independent evaluations and real-world deployment, this approach consistently improves the accuracy and robustness of checks.

 

Why use this approach to AI?

This modular approach means we can rapidly update, optimise or replace individual models when we identify new attack vectors. This means we can respond quickly, allowing for continuous improvement to our models. It’s a flexible framework that scales across industries, from retail terminals to financial online systems.

We process millions of checks every week, operate independent testing programmes and run an ethical hacker bounty scheme. This creates a real-world feedback loop. When new threats appear, we see them early and can develop and deploy technology to combat those threats.  

Finally, it means our models are efficient. Processing time is extremely quick – typically under a second. The processing power required is very low and, importantly, model size can be configured to be small enough to run entirely on-device. That could be a mobile phone, self-checkout terminal or a vending machine. This means checks can work offline and can ensure that personal data doesn’t need to leave the device. Yoti face matching and liveness detection is already used on device for Yoti Digital ID to enable offline capability.

Every model we deploy undergoes bias, fairness and accessibility testing. Across all of our products, we focus on minimising personal data processing and collecting only what’s necessary for the check being performed.

In short, our approach to AI is about building the right models, for the right checks, in the right products. This helps to deliver secure, privacy-preserving checks for you and your users – protecting you and your customers from fraud.

— Matt, B2B Marketing Director

Keep reading

An image of a teenager holding and using his mobile phone.
Articles December 10, 2025

Yoti helps platforms navigate Australia’s new social media age restrictions

Australia’s new age restriction laws for social media come into effect today, signalling a major shift in how online services must support age-appropriate access for younger users. As platforms prepare for increased regulatory scrutiny and tight compliance timelines, Yoti is enabling our social media partners to deploy trusted, privacy-preserving age assurance at scale. These reforms, led by the eSafety Commissioner, require major social media platforms to take ‘reasonable steps’ to stop under 16s from creating an account or using their services. There are no exceptions to this age limit, not even those with parental consent. The rules apply to

#age assurance #business
Amba Karsondas Amba Karsondas
3 min read
Zero trust authentication methods
Articles November 13, 2025

How strong authentication powers Zero Trust and protects against cyber threats

Until recently, organisational cybersecurity typically relied on a fortress mentality, by building a strong perimeter with firewalls and VPNs, and trusting everything inside. But in today’s digital world of cloud apps, remote work and hiring, supply chain integrations, virtual connections and sophisticated attacks, that approach is no longer enough. Once criminals breach the walls, they can often move freely and undetected. If a business can’t reliably confirm who’s accessing its systems, it leaves the door open for cyber criminals. When authentication is weak, malicious actors can: Steal employee or customer login credentials through phishing and use them to access

#authentication #business
Sofi Summers Sofi Summers
6 min read
A screen showing a Shopify site selling knives. An additional screen shows the different ways that customers can prove their age.
Articles November 7, 2025

Yoti age checks now available for Shopify stores

If you sell age-restricted products on Shopify, we’ve got good news. It’s now easier than ever to add secure, seamless age checks to your online store. Yoti has now officially integrated with Shopify – one of the biggest ecommerce platforms in the world. That means Shopify merchants can now offer fast, privacy-preserving age checks for their customers. If you’re selling alcohol, vapes, knives or other age-restricted items, this integration helps you meet legal requirements without adding unnecessary friction to your customers’ journey.   Why does this matter for Shopify merchants? Shopify powers millions of online businesses, including both independent

#age assurance #business
Amba Karsondas Amba Karsondas
5 min read