Digital afterlife refers to AI systems that use a person’s digital traces-such as text messages, emails, voice recordings, photos, and videos-to create a posthumous chatbot, avatar, or similar interactive presence. Unlike a static memorial, these systems can generate new responses that sound like the deceased person, making them feel socially authentic.
In cyber security, that realism creates an identity-trust problem. A convincing synthetic voice or avatar can be used for impersonation, fraud, or social engineering if family members, staff, or service providers treat it as proof of identity. Defenders should assume the output is untrusted and require out-of-band verification before any sensitive action. Useful controls include clear disclosure, data minimization, access logging, narrow permissions, and a kill switch. Provenance matters too: teams should know what data trained the system, who authorized it, and what the agent is allowed to do. The security lesson is simple: a familiar voice is not the same as verified identity.