Risk Assessment of Artificial Intelligence-driven Threats Against Identity-Verification in Online Gambling
Gouveia de Ornelas, Karina (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121637291
https://urn.fi/URN:NBN:fi:amk-2025121637291
Tiivistelmä
This thesis explores the artificial intelligence-driven threats affecting identity verification within the online gambling sector, with Entain as the client.
As AI represents an emerging and rapidly evolving threat landscape, the company sought a structured catalogue of AI-enabled attack pathways to support regulatory readiness, inform internal training programs, and build organizational knowledge for ongoing risk management under UK Gambling Commission oversight. The research examines how emerging AI capabilities can undermine Know Your Customer (KYC) and related verification controls used by UK-licensed operators, identifying the most plausible attack paths across the identity-verification lifecycle using a qualitative, literature-based methodology. Adversarial techniques are mapped using MITRE ATLAS and MITRE ATT&CK, with risk assessment following the NIST SP 800-30 framework across six identity assurance stages.
The results present a structured catalogue of six AI-driven threats organized by risk level, with four assessed as Very High risk and two as High risk. The assessment documents how AI has lowered barriers to entry for sophisticated attacks, extended threats beyond initial onboarding to the entire customer lifecycle, and enabled model-aware techniques designed to evade machine learning-based verification systems. The findings provide operators with evidence-based documentation for UK Gambling Commission compliance reviews and establish a knowledge foundation for understanding AI-driven threats to identity assurance in online gambling.
As AI represents an emerging and rapidly evolving threat landscape, the company sought a structured catalogue of AI-enabled attack pathways to support regulatory readiness, inform internal training programs, and build organizational knowledge for ongoing risk management under UK Gambling Commission oversight. The research examines how emerging AI capabilities can undermine Know Your Customer (KYC) and related verification controls used by UK-licensed operators, identifying the most plausible attack paths across the identity-verification lifecycle using a qualitative, literature-based methodology. Adversarial techniques are mapped using MITRE ATLAS and MITRE ATT&CK, with risk assessment following the NIST SP 800-30 framework across six identity assurance stages.
The results present a structured catalogue of six AI-driven threats organized by risk level, with four assessed as Very High risk and two as High risk. The assessment documents how AI has lowered barriers to entry for sophisticated attacks, extended threats beyond initial onboarding to the entire customer lifecycle, and enabled model-aware techniques designed to evade machine learning-based verification systems. The findings provide operators with evidence-based documentation for UK Gambling Commission compliance reviews and establish a knowledge foundation for understanding AI-driven threats to identity assurance in online gambling.