You press your finger to your phone screen to access your bank account. You present your face to the camera to pass through security at the airport. Biometric authentication is a regular part of life and AI has been working behind the scenes in our lives for decades, too. And now, generative AIs increasing capabilities have thrust it to the forefront of nearly every conversation about technology. The seeming ubiquity of AI and biometrics suggests an inevitable convergence and we can already see this happening.As biometrics and AI are in use today, defining these technologies and their relationship to one another is not exactly cut and dry. The Biometrics Institute, which promotes ethical use of biometrics, asked its members about the relationship between the two technologies. The answers were conflicting.The organization published a paper, Members Viewpoints: The Relationship between Biometrics and Artificial Intelligence, sharing how some people view AI and biometrics as inextricably linked. Some say that biometrics are an adjunct to AI technology and as a consequence are always an integral part of it, according to the paper.On the other side of the debate, members argue that while the two technologies can be used together in many ways, some biometric applications exist quite separately from AI.Related:However you define AI and biometrics -- separately and together -- there are big questions for companies, governments, and individuals about the benefits, the risks, and responsible application.AI and More Powerful BiometricsWith AI tools readily available, threat actors are upping their game.AI-based attacks that we're seeing are right now primarily focused on how to compromise authentication systems through traditional mechanisms but made better by AI, Chace Hatcher, senior vice president of technology and strategy at cybersecurity company Telos, tells InformationWeek.It is harder to replicate a biometric marker than it is to compromise a password. Multi-modal biometric systems can enhance security in a time when attackers are always on the prowl for vulnerabilities and attack vectors.We can have a risk-based authentication system by layering the multiple biometric modalities accordingly, Geeta Gupta, head of AI and data science at Wink, a biometric authentication technology company, explains.The onslaught of AI-based attacks could drive more adoption of biometric security; the convenience of it is certainly another factor. And AI is in many ways powering stronger biometric capabilities.Related:AIs ability to analyze complex patterns is a clear boon in the biometrics space. It can pinpoint anomalies and recognize trends in vast swaths of biometric data. Perhaps humans could do the same but not nearly as quickly. Plus, AI systems can learn and improve over time. Fraud detection and prevention is made better.The underlying performance of the systems will get better, says Hatcher. The actual matching algorithms; they [will] work better: lower false rejections, lower false acceptance rates, less inherent bias in systems.Privacy and Security ConcernsBiometrics comes with obvious privacy concerns. When you hand over biometric data, you hand over immutable information unique to you. You cannot change your fingerprint or iris like you could a password. And as more biometric data is gathered -- and AI models have an insatiable need for data -- the risk of its compromise grows.If the data exists, and there's more of it, de facto it's more likely to be stolen, says Hatcher. Thats effectively true of any piece of data relevant to anything in the digital world.Threat actors can use AI-based attacks to go after biometric data with the goal of profiting from its sale. And then there is the concern that AI can be used to manipulate and mimic genuine biometric data.Related:Biometrics makes it harder to commit fraud, but the battle between cyber attackers and cyber defenders is never done. We have already seen examples of successful deepfake attacks. AI spoofing attacks aim to fool biometric systems into a false match and even use fake biometric data to pass security system checks, according to Biometric Update.You could make a sophisticated AI-based model of a known real human being now and fool some biometric systems out there with it, says Hatcher. I think anybody in the industry particularly in facial recognition and voice recognition is very concerned about it.Of course, enterprises are well aware of these threats, and there are ways to address them. Unsurprisingly, a fight-fire-with-fire approach is at the forefront. AI can be used to detect AI-based attacks on biometrics systems.As an example, AI models can undergo adversarial training, Gupta shares. Feed the model data that would be used in attacks against it to make it more resilient to real-life attempts.Anti-spoofing techniques can help thwart attempts to trick biometrics systems with manipulated or fake data.Most of the advanced systems [are] using infrared sensors to map the 3D contours of the face ensuring that the subject being scanned has a physical depth, unlike a flat photograph, Gupta shares as an example.And the more advanced systems have multiple mechanisms to verify identity and catch threat actors.In real time, we assess the variables and parameters like the geolocation of the person or the age of the person or any changes to the features of the person in real time, and we can enhance AI algorithms to learn from those changes, says Gupta.As organizations contemplate the risks that come with using AI and biometrics, data governance is essential. What data do organizations actually need to collect? How are they using it? How are they storing it?Organizations shouldnt collect data they don't need because you are creating a honey pot, says Hatcher. Hatcher also advocates for giving individuals more control over their identity information that is being stored. He hopes to see more tools that are cryptographically secure and embrace zero-knowledge proof; individuals can prove their identity without actually handing over their information.Ethical OutlookTogether, biometrics and AI can be a powerful way to combat fraud and verify identities. Over the course of its long history, which predates the technologys sophisticated digital iterations by centuries, it has been used in identity verification, citizenship registration, and criminology. But the capacity to categorize people has troubling possibilities.As a historian of biometrics and postdoctoral scholar in the social and ethical responsibilities of Computing at MIT's College of Computing, Michelle Spektor examines that history and its social impact.The same biometric data used to just simply identify someone, verify that they are who they say they are, has always had the capacity to be used to classify them or to single out people for discrimination, to make inferences about their personality, about their states of mind, to classify based on race, gender age, disability, to infer criminality, says Spektor.The question of bias is certainly a prominent one in the AI space. What happens when AI interprets biometric data and makes predictions about humans? The risk for bias and discriminatory outcomes are apparent.It is hard to imagine a world without biometrics and AI in it; the technologies are deeply ingrained in our day-to-day activities. But Spektor argues for a more mindful approach over simply assuming the use of this technology is always inevitable.Sometimes the question is also: Should we create or implement this technology at all? Is this the right context in which to use it? says Spektor.When AI and biometrics are used, enterprises and governments have a responsibility to do so securely and ethically. Many industry organizations have frameworks and principles to guide secure development and maintenance of systems that deploy AI and biometrics, but as those technologies evolve, these frameworks will have to as well.We don't know what kinds of capabilities will exist in the future. The kinds of things that can be done with that data, says Spektor. Having your, let's say, facial data stored somewhere, the realm of possibilities of what that could be used for has changed a lot over the last 10 years, 15 years, and will continue to change.