Digital identity verification is a central element in the economics of technology platforms. Services such as AI platforms, social networks and marketplaces use systems of Know Your Customer (KYC) and Know Your Business (KYB) to prevent fraud, identity theft and misuse of services.
In this context, the new report by the Malware Lab of Tinexta Defence, with the collaboration of the teams Governance and AIwhich analyses independent research published in February 2026 by researchers vmfunc, MDL and Dziurwa.
The research highlighted some critical issues related to Person, a leading global provider of digital identity verification services used by platforms such as OpenAI, Roblox, Reddit and LinkedIn, bringing to light several items of interest, including:
- the existence of an infrastructure Google Cloud dedicated to identity verification for OpenAI, active as early as 2023;
- the accidental exposure of 53 MB of TypeScript code on a FedRAMP-certified government deployment.
Subsequent checks showed that part of the infrastructure had been removed or protected after its publication, while other components were still active.
Starting from this evidence, our analysis examines the case and its main technical and regulatory implications, with a focus on transparency in digital identity verification systems. In a scenario where the latter try to respond to the need to counter fraud and identity theft, the problem emerges when they operate in an opaque manner, leaving users unaware of how their data are collected and processed.
If you wish to learn more, here is the link to our comprehensive study.
In addition, you can subscribe to the specific mailing list Cyber Studios by Tinexta Defence, to receive updates on upcoming research:
