Introduction:
The client, operating an online marketplace for short- and long-term homestays and experiences worldwide, partnered with Firstsource to strengthen their platform safety and enhance user trust. Leveraging GenAI-enabled penetration testing (pen-testing), the team addressed identity and listings fraud, analyzed evolving threats, and developed a scalable methodology to tackle future risks. We also delivered over ten thousand high quality video and image assets created using GenAI and Non-GenAI methods, to simulate fraudulent behavior while conducting pen-testing.
Challenges:
The client sought to proactively address potential vulnerabilities impacting trust and safety of their platform and its users. Some of the challenges they faced were:
- Rising sophistication of AI-generated fraud attempts
- Need for scalable, proactive security testing
- Complex identity verification requirements
- Risk of fraudulent listings affecting platform trust
- Evolving threat landscape requiring adaptive solutions
How we made it happen:
We developed and implemented a scalable playbook for GenAI powered Pen-Testing, supported with required assets to test the platform’s defenses and help to strengthen its defenses against user identity and listings fraud. The key factors for the success of our approach were:
High quality assets covering GenAI and Non-GenAI based fraud techniques
Built a library of image and video assets for pen-testing scenarios involving identity and listing fraud, which included Govt. IDs, photos and videos for identity verification, Business verification documents, Interior and exterior images and videos of the property listings.
Holistic Taxonomy of Potential Threats and Verification Landscape:
We analyzed the potential threats, latest fraud techniques and mapped the attack vectors, creating a detailed taxonomy using the expertise of our domain specialists and partners.
Simulating Threats with Realistic Test Cases:
Developed robust test cases using GenAI and non-GenAI assets to simulate potential security breaches and assess the platform's ability to handle sophisticated fraud tactics.
Penetration Testing for Platform Security:
Conducted thorough penetration tests, generating actionable insights to enhance platform defenses. Our tests identified vulnerabilities and provided the client with key recommendations for improved protection.
Building a Scalable Testing Framework:
Created a playbook for scaling penetration testing across future cases. We documented outcomes and outlined preventive measures to ensure long-term platform security against evolving threats.