Introduction
Trust is the most expensive vulnerability in modern security architecture. While the zero trust model has revolutionized network security, it often overlooks the human element. Attackers are exploiting this gap using sophisticated techniques like deepfakes and laptop farms to infiltrate organizations. In 2026, Cloudflare’s Threat Report highlights a critical issue: remote IT worker fraud, often orchestrated by nation-states like North Korea. These attacks use AI-generated identities and stolen credentials to bypass traditional security measures. To combat this, Cloudflare partners with Nametag to introduce identity-verified onboarding and continuous verification.
The Rise of Remote IT Worker Fraud
Remote IT worker schemes exploit the gap between hiring and onboarding. Attackers use stolen identities to gain access to corporate systems, often through domestic laptop farms. Once inside, they appear as legitimate employees with valid credentials. Traditional tools like DLP and UEBA detect threats too late—by then, the attacker is already inside.
How Attackers Operate
- Stolen or fabricated identities are used to secure remote IT roles.
- Laptops are shipped to mule addresses and connected via KVM switches.
- Attackers log in remotely, appearing as legitimate users with corporate credentials.
How Identity Verification Closes the Gap
Cloudflare’s partnership with Nametag introduces identity-verified zero trust. This solution ensures that the person accessing systems is a real, verified individual. By integrating Nametag’s Deepfake Defense™, organizations can authenticate users through biometrics and cryptography, preventing AI-generated forgeries.
Key Benefits
- Prevents deepfake IDs and selfies from being used in attacks.
- Verifies identity during onboarding and throughout the session.
- Eliminates the need for in-person verification in distributed teams.
How It Works: A Step-by-Step Guide
- Trigger: A new user attempts to access an onboarding portal.
- Challenge: Cloudflare directs the user to Nametag for authentication.
- Verification: The user submits a selfie and scans their government ID.
- Attestation: Nametag’s AI verifies the user’s identity, blocking deepfake attacks.
- Enforcement: Cloudflare grants access based on verified identity and policies.
A Layered Defense Strategy
This partnership complements Cloudflare’s existing security tools, including DLP, RBI, and CASB. Together, they create a layered defense that moves beyond device and credential checks to verify the human behind the keyboard. In an AI-driven threat landscape, cryptographic identity proof is essential.
Continuous Verification for Future Threats
Security teams can now use user risk scores to adjust access dynamically. If a user’s risk score spikes, access can be revoked or challenged with step-up verification. This approach protects against credential theft and session hijacking, even during active sessions.
Conclusion
Defeating deepfake insider threats requires a shift from assumed trust to verified identity. Cloudflare and Nametag’s solution closes the identity assurance gap, protecting organizations from laptop farms and AI-driven fraud. By integrating identity verification into zero trust, businesses can future-proof their security strategies.
Call to Action
Ready to strengthen your security posture? Contact Cloudflare and Nametag to implement identity-verified onboarding today.








