For the last two decades, "verification" has meant the same thing: ask someone for a document, then look at it. A pay stub to prove income. A bank statement to prove assets. An insurance certificate to prove coverage. A screenshot to prove membership. The document is the proof.
That paradigm is now broken. Not bent, not strained — broken. And the reason is straightforward: the tools that generate convincing fake documents are now better, faster, and cheaper than the tools designed to detect them.
The document problem
Allianz Commercial reported a 300% year-over-year increase in AI-generated document fraud across insurance claims in early 2026. That number is striking, but it should not be surprising. Generative AI has made document forgery trivially accessible. A pay stub that would have taken a skilled forger hours to produce can now be generated in seconds with a text prompt. Bank statements, tax returns, insurance certificates, medical records — all of them are vulnerable.
The industry's response has been predictable: build better detection. OCR systems that look for pixel-level inconsistencies. AI models trained to spot AI-generated artifacts. Human reviewers who scrutinize fonts and formatting. Each of these approaches shares the same fatal flaw — they are playing defense in an arms race where the offense has a structural advantage.
Every detection model you build will eventually be beaten by a generation model that accounts for whatever you detect. This is not a solvable problem on the detection side. It is an architectural problem with the document paradigm itself.
Why documents were never proof
Here is the uncomfortable truth: a document has never been proof. It has always been a representation of proof. When you ask someone for a pay stub, you are not asking for their actual payroll record. You are asking for a copy — a rendering of data that lives in a payroll system somewhere. The document is a proxy for the truth, not the truth itself.
This distinction mattered less when creating a convincing fake copy was difficult. If producing a forged pay stub required specialized equipment and real skill, then the document served as a reasonable proxy. The cost of forgery was high enough to deter most people.
That deterrence has evaporated. When the cost of producing a perfect forgery drops to zero, the proxy becomes worthless. No amount of inspection can restore its reliability, because the fundamental trust model — "this document is probably authentic because faking it would have been hard" — no longer holds.
Going straight to the source
If documents are copies, and copies can be faked, then the only reliable approach is to go to the original. The system of record. The source.
This is the core of what Burnt does. Instead of asking a user to upload a document, we ask them to connect to the source where that data lives. The mechanism varies by source:
- Payroll and employment: The user authenticates with their payroll provider through OAuth. Burnt verifies employment status and income directly against the live system.
- Banking and finance: The user connects their bank account. Burnt confirms balances or transaction history from the institution's own records.
- Email-based verification: The user grants access to a specific email. Burnt uses the email's existing DKIM cryptographic signature to verify that the message is authentic and extracts only the relevant fact.
- Government and public records: Where portals are available, the user authenticates and Burnt verifies data from the issuing authority.
In every case, the data is verified against the live source, not a static copy that someone produced and handed over. The difference is categorical. A document tells you what someone claims is true. A source connection tells you what is actually true.
What this means for businesses
The business case for source verification is not abstract. It is measurable across every metric that matters.
Fraud drops to near-zero. You cannot fake a live connection to a payroll system. You cannot fabricate a DKIM-signed email from a domain you do not control. You cannot forge a bank's API response. Source verification eliminates the entire category of document fraud because there is no document to forge.
Processing time drops from days to seconds. Document-based verification requires intake, review, and often manual adjudication. Source verification is automated and instant. The user connects, the data is verified, and the result is returned — typically in under ten seconds.
User experience improves dramatically. No one enjoys scanning documents, uploading files, and waiting for a manual review. Connecting to a source is a single OAuth flow — the same pattern people use every day to log into apps with Google or Apple. It is familiar, fast, and frictionless.
Operational costs fall. Fewer manual reviews, fewer fraud investigations, fewer false positives. Teams that previously spent hours reviewing documents can focus on higher-value work.
The privacy advantage
There is a counterintuitive benefit to source verification that is easy to overlook: it is actually better for user privacy than document uploads.
When someone uploads a pay stub, they hand over an entire document full of personal information — their name, address, employer details, tax withholdings, year-to-date earnings. Most of that data is irrelevant to the verification at hand. But once the document is uploaded, it is all exposed.
With source verification, Burnt extracts only the specific data point needed. If you need to confirm that someone earns above a threshold, that is the only question asked and the only answer returned. No raw documents are stored. No excess personal data is retained. The verification is purpose-limited by design.
This is not just a user benefit — it is a regulatory one. GDPR's data minimization principle and CCPA's purpose limitation requirements are satisfied architecturally, not through policy documents and employee training. Privacy compliance becomes a property of the system, not a process layered on top of it.
The future of verification is not better document scanning. It is not more sophisticated AI detection models racing against more sophisticated AI generation models. It is stepping off that treadmill entirely.
The future of verification is not looking at documents at all. It is going straight to the source.
Frequently asked questions
Source verification confirms data directly against the system of record where it originates, rather than reviewing a document copy. Instead of asking for a pay stub, Burnt connects to the payroll system to verify income directly.
Generative AI has made document forgery trivially accessible. A convincing fake pay stub or bank statement can be produced in seconds. Detection models cannot keep pace with generation models, making the document paradigm structurally broken.
Burnt uses three protocols: DKIM signatures to verify emails, HTTPS/TLS to verify web portal data, and OAuth to connect directly to systems of record like payroll providers and banks. Each verifies data against the live source.
Yes. Document uploads expose entire files of personal information. Source verification extracts only the specific data point needed. No raw documents are stored and no excess personal data is retained, satisfying GDPR and CCPA by design.