When Passports Execute: Exploiting AI Driven KYC Pipelines
Sean Park
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 1
TrendAI principal threat researcher Sean Park demonstrated how stored prompt injection attacks embedded in passport images can cause AI-driven KYC (Know Your Customer) pipelines to exfiltrate other users' identity data. More importantly, he showed how to scale and automate the generation of semantically diverse injection prompts — overcoming both LLM safety filters and the reliability problem — turning what was a finicky manual exploit into a repeatable automated attack. ---
AI review
Park turned stored prompt injection from a party trick into an automated offensive capability. The sub-agent architecture with semantic diversity tracking to generate 200 varied injection prompts across 13 models is the real contribution — this is the part of the talk that should keep KYC pipeline architects awake at night.