Across all testing, no attacks successfully bypassed Incode’s mobile authentication flows. Browser-based web flows also performed well, although Incode had to address “limited early penetration” with prompt fixes to identity verification, accounting for the fact that “browser-based environments inherently allow greater flexibility in media input selection.” In the web tests, deepfake tests showed “mixed outcomes,” while injection attacks were “the only categories that produced repeatable success prior to remediation.” Once Incode fixed the problems SocialProof Security identified, it passed re-testing with no bypasses.