Lensa AI and Biometric Data: What To Know Before You Use These Trending Apps

lensa ai image

The Internet has been abuzz with the newest trend on social media: using AI to generate avatars and artistic images of yourself. Last week, the hottest app in app stores was “Lensa AI,” a photo-editing app that automatically turns selfie photos into digital portraits. The app’s new “Magic Avatar” feature generates AI-rendered art in many different styles after the user submits 10 to 20 photos of themselves into the app. The app has a pricey subscription, but a $3.99 trial allows the user to create 50 images to post as they like.

Sounds fun… but from a cybersecurity perspective, there is a lot to consider. In this blog, we will look at the risks and ramifications of utilizing AI-based apps like Lensa AI, and how users can continue to stay safe while keeping up with the newest digital trends.


1. Trending companies can become quick targets

During the first five days since the launch of its Magic Avatar feature, Lensa AI received over 4 million downloads worldwide and generated $8.2 million in revenue. With any company or application that suddenly amasses a large group of users, there is a risk of becoming a target of cyberattacks. Hackers are eager to exploit new and successful companies for their newfound revenue and lack of cybersecurity preparedness.

Quick tip: When using a trending, new app, make sure that its privacy policies are clearly disclosed and that you have read through the company’s terms and conditions with regard to data usage and sharing. Always stay informed on how your data will be used and handled, and be aware of what cybersecurity protocols are in place in case of an attempted breach.


2. Biometric data is a commodity

Data has become a commodity in the 21st century, as the saying goes, data is the new oil. Most people think of data as figures and numbers, but instead, data can exist in many other forms. Although everyone knows well enough to protect their login credentials and bank account numbers, very few acknowledge the fact that photos are also a type of data, as they contain a wide range of information like biometrics, time, and location.

Such biometric data is especially useful for deep learning. For instance, Lensa AI’s Magic Avatar feature is powered by an open-source AI model called “Stable Diffusion”. Co-developed by Stability AI and the ComVis group at LMU Munich, Stable Diffusion is a text-to-image generative model that feeds on a large pool of existing images and selfies to enhance its image generation capability. Like so, photos containing biometric information such as facial characteristics and expressions can be a valuable asset to AI models.

Valuable assets are also dangerous assets. Sharing photos containing biometric data can pose a security risk as they could potentially be misused to power AI models for malicious purposes such as generating deep fake photos and videos containing misinformation and hateful content.

Due to such concerns, Lensa AI explained that its system automatically deletes all uploaded selfies once the artwork is generated, and that it does not use the uploaded photos for any other purposes. This may not always be the case for copycat apps that are sure to pop up. 

Quick tip: Before uploading photos onto any new apps, learn about how the company processes the photos and for how long the photos will be stored in its systems. Always make sure that the company does not use your photos beyond the intended purpose.


3. Beware of the risks of an open-ended policy

Aside from biometric data and the potential risks of artificial intelligence, there’s always the risk of exposing other data elements to a company when using its website or applications. For example, companies may sell your information to third parties or other services. Information can include your IP address, your OS, mobile network information, as well as other personal data.

Quick tip: Always take a look at the privacy policies of an application before you download. If there are elements you are uncomfortable with, make sure to configure the privacy settings on your phone. iPhone users can do this by going to Settings > Privacy > Tracking to turn off specific permissions for certain applications. Android users can go to Settings > Apps > Permissions to configure the level of permissions granted for each app.


4. Use AI responsibly

Lensa AI is one of the first AI-based apps available to the public. Yet, only days after the Magic Avatar feature was launched, some artists claimed that their artwork had been stolen. Some even noted that the signatures of artists are still visible on the artworks generated by Lensa AI. This is because Stable Diffusion conducts deep learning by processing copyrighted artwork and openly accessible materials from the internet. Although the model does not generate exact replicates of any particular artwork, some of them do show significant resemblance, leading to concerns across the artist community.

Since Stable Diffusion is one of the first open-source AI models, users must learn to utilize it responsibly. As it enables anyone to generate art by entering texts, many were able to use it to create images containing violent and hateful content.

Quick tip: All users should be responsible for the materials they create using AI. Do not use AI to generate unlawful outputs and never spread AI-rendered content without evaluating its legality.



Biometric data and user authentication

Not only is biometric data a useful asset to AI models, but it is also widely used for user authentication and access control. Biometric authentication such as facial recognition and fingerprint scanning has become one of the most popular multi-factor authentication (MFA) methods across the globe, used by businesses, governments, and even border controls.

Penta Security’s iSIGN+ is a single sign-on (SSO) MFA solution that supports biometric authentication, helping enterprise clients safely manage user identity and access across their networks. iSIGN+ is used by a wide range of organizations across the globe, from enterprises to schools and hospitals.

To learn more about iSIGN+, contact us.


For more information on security implementation, check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Automotive, Energy, Industrial, and Urban Solutions: Penta IoT Security