Glyphward

Criminal background check document AI · Employment history verification AI · Identity document verification AI · Professional licence and credential AI

Prompt injection in employee background screening AI

Employee background screening AI has become the primary gatekeeping infrastructure for workforce hiring decisions across criminal background check verification, employment history validation, identity document authentication, and professional licence and credential verification — concentrating FCRA 15 USC §1681e(b) maximum possible accuracy obligations, 15 USC §1681c 7-year reporting limitation rules, EEOC April 2012 guidance on criminal history disparate impact under 42 USC §2000e, state ban-the-box statutes including California AB 1008, New York City Fair Chance Act, and Illinois Human Rights Act, Form I-9 E-Verify 8 CFR §274a.2 employer verification obligations, IRCA 8 USC §1324a unlawful employment penalties, OIG HHS exclusion list 42 USC §1320a-7 mandatory exclusion from federal healthcare programmes, NPDB National Practitioner Data Bank 42 USC §11131 adverse action reporting requirements, JCAHO credentialing and privileging standards, and state professional licensing board disciplinary sanction databases in AI systems that process county court criminal record scan photographs, employer HR records and W-2 wage history images, passport and driver licence photographs, USCIS Employment Authorization Document images, and professional licence scan photographs at hiring volumes that make individual human investigator review of every AI-processed document impracticable for large employer and consumer reporting agency operations. HireRight AI performs more than 50 million background checks per year for Fortune 500 HR clients through AI-assisted court record scan classification, criminal history indicator extraction, and adverse action workflow generation tools that HR departments and background screening professionals depend upon for FCRA §1681e(b) maximum accuracy compliance and EEOC criminal history guidance disparate impact analysis. Sterling Check AI has performed more than 100 million background checks for more than 50,000 clients through AI-assisted criminal record document scan classification, employment verification, and adverse action notification tools with FCRA accuracy and state ban-the-box compliance dimensions. First Advantage AI performs more than 6 million background checks annually for 33,000+ global clients including healthcare, financial services, and government contractors through AI-assisted document classification and background check report generation tools. Checkr AI serves more than 100,000 companies — including Uber, Lyft, DoorDash, and major gig economy platforms — through AI-assisted criminal background check, MVR, and identity verification tools at gig economy hiring volumes where AI-assisted processing is operationally necessary for meeting platform contractor onboarding speed requirements. Equifax Workforce Solutions The Work Number AI maintains more than 650 million employment and income records from direct employer data contributions, serving healthcare, financial services, and government employer clients as the primary employment and income verification data repository with FCRA §1681e(b) accuracy obligations for employer-direct verification data. Accurate Background AI, IntelliCheck AI for identity document verification in banking and employment, and Veriff AI — which has verified more than 10 billion sessions for fintech and employment clients — complete the landscape of AI-assisted background screening, identity document authentication, and professional credential verification tools. Each background screening AI platform shares a structural vulnerability creating adversarial image injection exposure with direct hiring compliance, civil rights, immigration, and healthcare programme exclusion consequence: they depend on county court criminal record scan photographs, employer HR records and wage history images, government-issued identity document photographs, USCIS work authorisation document images, and professional licence scan photographs that pass through AI processing layers before their output governs hiring decisions — decisions where AI output manipulation through adversarially crafted document images creates FCRA §1681e(b) accuracy violations, EEOC disparate impact exposure, IRCA unlawful employment liability, OIG mandatory exclusion failures, and NPDB adverse action reporting obligation failures of substantial legal and regulatory severity.

TL;DR

Employee background screening AI platforms — HireRight AI, Sterling Check AI, First Advantage AI, Checkr AI, Equifax Workforce Solutions The Work Number AI, Accurate Background AI, IntelliCheck AI, Veriff AI — process criminal background check county court record scan photographs, employment history W-2 wage history and HR records document images, identity document passport and driver licence photographs, and professional licence and credential scan images through AI-assisted conviction indicator extraction, employment history validation, identity authentication, and credential sanction identification pipelines. Adversarially crafted images submitted through HireRight/Sterling/Checkr criminal background check AI processing channels, Equifax The Work Number AI employment verification interfaces, IntelliCheck/Veriff identity document AI platforms, and professional credential verification AI systems can cause AI systems to suppress criminal conviction and sex offender registry indicators in background check AI, conceal employment falsification and termination-for-cause indicators in employment history AI, mask identity document authenticity failures in identity verification AI, and hide OIG exclusion and professional licence sanction indicators in credential AI — triggering FCRA 15 USC §1681e(b) maximum accuracy violations, EEOC April 2012 disparate impact guidance failures, Form I-9 E-Verify 8 CFR §274a.2 employer verification failures, IRCA 8 USC §1324a unlawful employment liability, OIG HHS exclusion 42 USC §1320a-7 mandatory exclusion failures, and NPDB 42 USC §11131 adverse action reporting obligation failures. Glyphward scans each background screening AI input image at the ingestion boundary with a threshold of ≥ 60 for criminal background check AI, ≥ 65 for employment history AI, ≥ 55 for identity document AI, and ≥ 65 for professional credential AI. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in employee background screening AI

1. Criminal background check document injection (HireRight AI, Sterling Check AI, Checkr AI)

Criminal background check document AI processes county criminal court record scan photographs, superior court felony conviction record document scans, sex offender registry record display images, federal criminal court record PACER document scan images, state criminal record CHRI (Criminal History Record Information) display photographs, and FCRA-compliant criminal background check report display images from HireRight AI processing more than 50 million background checks per year for Fortune 500 HR clients through AI-assisted court record scan image classification, criminal conviction indicator extraction, and FCRA adverse action workflow generation tools; Sterling Check AI at more than 50,000 client deployments processing criminal record document scan images through AI-assisted conviction indicator classification and background check report generation tools with FCRA accuracy and state ban-the-box compliance workflow integration; First Advantage AI at 33,000+ global clients processing criminal background check document scan images through AI-assisted document classification and background check report generation tools; and Checkr AI at more than 100,000 company clients including Uber, Lyft, DoorDash, and Amazon Flex processing criminal background check document images through AI-assisted criminal history indicator extraction and adverse action notification tools at gig economy contractor onboarding volumes that make individual human investigator examination of every AI-processed court record scan impracticable for platform contractor compliance operations.

The adversarial injection surface is the county criminal court record scan photograph and FCRA background check report display image submission pathway: HireRight AI, Sterling Check AI, or Checkr AI criminal background check document scan images submitted through AI-assisted conviction indicator classification and criminal history identification tools for AI background check report generation and adverse action workflow initiation. An adversarially crafted county court criminal record scan — in which pixel perturbations applied to the conviction disposition indicator display region, the charge description and felony/misdemeanour classification visual marker, or the sex offender registry status indicator display in a criminal court record scan image cause the AI to suppress a criminal conviction indicator or sex offender registry flag that would otherwise generate an adverse action workflow entry, a background check report criminal history disclosure, and an FCRA §1681c reporting compliance record — can create a background check report that fails to disclose criminal history that the actual court record scan documents. In high-volume employer and gig economy background screening environments where HireRight AI or Checkr AI processes thousands of criminal background check document scans per day without individual human investigator pixel-level examination of every AI-processed court record scan before the AI conviction indicator classification governs the background check report, adversarial suppression of conviction indicators creates negligent hiring liability and FCRA accuracy obligation failure dimensions for consumer reporting agencies and employers.

The FCRA, EEOC, and state ban-the-box consequences of adversarially suppressed conviction indicator classification in criminal background check AI span FCRA 15 USC §1681e(b) maximum possible accuracy requirements, 15 USC §1681c 7-year reporting limitation, EEOC April 2012 guidance on criminal history and disparate impact under 42 USC §2000e Title VII, California AB 1008 individualized assessment requirements, New York City Fair Chance Act notice and hold requirements, Illinois Human Rights Act criminal history use limitations, and employer negligent hiring liability dimensions. FCRA 15 USC §1681e(b) requires consumer reporting agencies to follow reasonable procedures to assure maximum possible accuracy of information in consumer reports — adversarial manipulation of HireRight AI, Sterling Check AI, or Checkr AI criminal background check document classification that suppresses conviction indicators in consumer report outputs creates §1681e(b) maximum accuracy obligation failures and consumer reporting agency FCRA civil liability exposure under 15 USC §1681n (willful noncompliance) and §1681o (negligent noncompliance). The EEOC’s April 2012 guidance on employer use of arrest and conviction records under Title VII recommends that employers conduct individualized assessments before taking adverse action based on criminal history; adversarially suppressed conviction indicators that later surface in post-hire context create individualized assessment procedural compliance failures and employer negligent hiring liability dimensions when the adversarially manipulated background check failed to surface disqualifying conviction history. California AB 1008 requires California employers to conduct individualized assessment before denying employment based on criminal history and prohibits use of certain conviction types — adversarially corrupted background check AI that suppresses conviction indicators for conviction types that are permissible bases for adverse action under AB 1008 creates both negligent hiring exposure and AB 1008 procedural compliance failure dimensions. Threshold: 60 for criminal background check AI — reflecting FCRA §1681e(b) maximum accuracy, 15 USC §1681c 7-year rule, EEOC April 2012 disparate impact guidance, state ban-the-box statute, and employer negligent hiring liability dimensions.

2. Employment history verification document injection (Equifax Workforce Solutions The Work Number AI)

Employment history verification document AI processes W-2 wage history document photographs, employer verification letter document scans, human resources employment record display images, pay stub and payroll record scan photographs, ADP/Ceridian employer payroll system record display images, and Equifax The Work Number direct employer data verification display images from Equifax Workforce Solutions The Work Number AI maintaining more than 650 million employment and income records from direct employer data contributions serving healthcare, financial services, and government employer background screening clients as the primary employer-direct employment and income verification data repository; HireRight AI and Sterling Check AI at employer verification programme operations processing employment history document images through AI-assisted employment history classification and verification report generation tools; First Advantage AI at global employment verification operations processing employment history and wage verification document images through AI-assisted document classification and verification report tools; and Accurate Background AI at employment background screening operations processing employment history document scan images through AI-assisted verification classification tools — extracting employment history accuracy classifications and employment record falsification indicator determinations from employment verification document photograph inputs in AI-assisted employer background screening pipelines.

The adversarial injection surface is the W-2 wage history document photograph and employer HR records display image submission pathway: Equifax The Work Number AI or HireRight AI employment verification document images submitted through AI-assisted employment history classification and falsification indicator identification tools for AI employment verification report generation. An adversarially crafted W-2 wage history or HR employment records document photograph — in which pixel perturbations applied to the employer name display region, the employment dates indicator visual marker, or the termination reason documentation display in an employment verification document photograph cause the AI to suppress a falsified employment indicator or termination-for-cause marker that would otherwise generate an employment discrepancy flag, a background check adverse finding notation, and a FCRA employment verification accuracy record — can create an employment verification report that fails to surface falsified employment history or concealed termination-for-cause circumstances that the actual employment record documents. In employer background screening environments where Equifax The Work Number AI or HireRight AI processes employment history verification requests for thousands of job applicants without individual investigator examination of every AI-processed employment document photograph before the AI employment classification governs the verification report, adversarial suppression of employment falsification indicators creates employer hiring decision accuracy and FCRA §1681e(b) reasonable procedures compliance failure dimensions.

The FCRA, state qualified immunity, CFPB, and 18 USC §1001 consequences of adversarially suppressed employment falsification classification in employment history AI span FCRA §1681e(b) reasonable procedures obligations, state employer reference defamation qualified immunity statute dimensions, CFPB consumer reporting agency enforcement authority, 18 USC §1001 false statements in federal agency matter dimensions, and employer negligent hiring liability. FCRA §1681e(b) requires consumer reporting agencies, including employment verification services reporting on consumer employment history, to follow reasonable procedures to assure maximum possible accuracy of employment and income information in consumer reports; adversarial manipulation of Equifax The Work Number AI or HireRight AI employment history document classification that suppresses employment falsification indicators creates §1681e(b) reasonable procedures compliance failures with CFPB and FTC enforcement exposure under 15 USC §1681s CFPB and FTC enforcement authority. State employer reference defamation qualified immunity statutes — including California Labor Code §1053, Texas Labor Code §103.003, and Florida Statute §768.095 — provide employers limited qualified immunity for employment reference disclosures made in good faith; adversarial manipulation of employment AI that suppresses falsified employment or termination-for-cause indicators creates reference disclosure qualified immunity dimensions when suppressed AI classifications cause employers to fail to disclose accurate termination circumstances that they would have disclosed if the AI tool had accurately identified the falsification indicator. 18 USC §1001 imposes criminal liability for knowingly making false, fictitious, or fraudulent statements or representations in any matter within the jurisdiction of any US government agency; adversarial manipulation of employment verification AI records submitted in connection with federal contractor or government employment security clearance background investigations creates §1001 false statements dimensions. Threshold: 65 for employment history AI — reflecting FCRA §1681e(b) reasonable procedures, state employer reference qualified immunity, CFPB enforcement authority, 18 USC §1001 false statements, and employer negligent hiring liability dimensions.

3. Identity document verification injection (IntelliCheck AI, Veriff AI)

Identity document verification AI processes passport photograph and machine-readable zone scan images, US driver licence barcode and hologram authentication photographs, USCIS Employment Authorization Document (EAD/I-766) scan photographs, permanent resident card (I-551 Green Card) photographs, social security card document scan images, and Form I-94 Arrival/Departure Record display images from IntelliCheck AI at banking and employment identity document verification operations processing driver licence and identity document barcode and hologram authentication through AI-assisted document authenticity classification tools; Veriff AI at fintech and employment identity verification operations processing more than 10 billion verified sessions through AI-assisted identity document photograph classification and authenticity determination tools; Jumio AI and Onfido AI at employer and HR technology platform identity verification operations processing government-issued identity document photographs through AI-assisted document classification and identity authentication tools; and USCIS E-Verify at employer Form I-9 employment eligibility verification operations processing USCIS work authorisation document images through AI-assisted employment eligibility confirmation and tentative nonconfirmation (TNC) determination tools — extracting identity document authenticity classifications and employment eligibility determination inputs from identity document photograph inputs in AI-assisted Form I-9 and employment eligibility verification pipelines at employer onboarding volumes that make individual human HR specialist examination of every AI-processed identity document photograph impracticable for large employer operations.

The adversarial injection surface is the government-issued identity document photograph and USCIS work authorisation document scan image submission pathway: IntelliCheck AI or Veriff AI identity document photograph images submitted through AI-assisted document authenticity classification and identity eligibility determination tools for AI identity verification conclusion and Form I-9 employment eligibility record generation. An adversarially crafted passport, driver licence, or USCIS EAD document photograph — in which pixel perturbations applied to the hologram authenticity indicator display region, the machine-readable zone character string visual marker, or the USCIS watermark and security feature display in an identity document photograph cause the AI to classify a fraudulent or identity-borrowed document as an authentic government-issued identity document meeting Form I-9 List A document acceptability criteria when the actual document photograph displays authenticity failure indicators that identity document examination procedures would identify as non-genuine — can suppress an identity authenticity failure indicator that would otherwise generate a Form I-9 document examination rejection, a Tentative Nonconfirmation (TNC) initiation in E-Verify, and an employer IRCA compliance record. In large employer HR onboarding environments where IntelliCheck AI or Veriff AI processes hundreds of identity document verification requests per day without individual HR specialist examination of every AI-processed identity document photograph before the AI authenticity classification governs the I-9 completion and E-Verify submission, adversarial suppression of identity authenticity failure indicators creates employer Form I-9 compliance and IRCA unlawful employment dimensions.

The Form I-9, E-Verify, IRCA, FCRA, and AAMVA consequences of adversarially suppressed identity authenticity classification in identity document verification AI span Form I-9 8 CFR §274a.2 employer identity document examination and verification obligations, E-Verify USCIS employment eligibility verification programme requirements, IRCA 8 USC §1324a unlawful employment prohibition and employer civil and criminal penalty exposure, FCRA §1681b permissible purpose requirements, and AAMVA DL/ID Card Data Standard document authentication requirements. Form I-9 8 CFR §274a.2 requires employers to examine documents establishing identity and employment authorisation for each new hire and to verify that documents appear genuine on their face — adversarial manipulation of IntelliCheck AI or Veriff AI identity document classification that suppresses identity document authenticity failure indicators creates employer Form I-9 document examination reasonable procedures failure dimensions and IRCA §1324a civil and criminal penalty exposure when the employer completes and retains a Form I-9 based on adversarially corrupted AI identity authentication without independent document examination. IRCA 8 USC §1324a imposes civil penalties of $250–$2,000 per unauthorised worker (first violation) and up to $10,000 per worker (third or subsequent violation) and criminal penalties up to 6 months imprisonment for pattern or practice violations; adversarially corrupted identity verification AI that suppresses document authenticity failure indicators creates IRCA employer civil and criminal penalty exposure when adversarially manipulated AI identity authentication results in hiring unauthorised workers. E-Verify’s USCIS identity verification and employment eligibility system implements DHS SAVE (Systematic Alien Verification for Entitlements) and SSA employment eligibility data comparison; adversarially corrupted AI identity document classification that suppresses TNC-triggering indicators creates E-Verify programme compliance failure dimensions for federal contractors required to use E-Verify under Executive Order 13465 and FAR 22.1802. Threshold: 55 for identity document AI — reflecting Form I-9 8 CFR §274a.2, E-Verify USCIS, IRCA §1324a unlawful employment, FCRA §1681b permissible purpose, and AAMVA DL/ID authentication standard dimensions.

4. Professional licence and credential document injection (OIG exclusion AI, NPDB AI)

Professional licence and credential document AI processes state professional licence document scan photographs, medical board licence status display images, nursing NCLEX licence verification display photographs, attorney state bar admission status display images, engineering PE licence document scan photographs, JCAHO credentialing and privileging document images, OIG HHS exclusion list database display images, NPDB National Practitioner Data Bank adverse action report display images, and DEA controlled substance registration document scan photographs from HireRight AI, Sterling Check AI, and Accurate Background AI at professional licence verification programme operations processing professional licence scan photographs through AI-assisted licence status classification and adverse action identification tools; IntelliCheck AI and Veriff AI at professional identity and credential document verification operations; background screening AI platforms integrating OIG HHS exclusion database query results and NPDB adverse action report displays through AI-assisted exclusion flag and adverse action indicator classification tools; and healthcare employer credentialing AI systems at hospital and healthcare system credentialing and privileging operations processing physician and nursing licence, malpractice history, and DEA registration document images through AI-assisted credentialing workflow and privilege determination tools — extracting professional licence status classifications and professional sanction indicator determinations from credential document scan image inputs in AI-assisted employer credentialing, privileging, and professional licence compliance decision pipelines.

The adversarial injection surface is the professional licence document scan photograph and OIG exclusion/NPDB adverse action report display image submission pathway: background screening AI or healthcare employer credentialing AI professional credential document images submitted through AI-assisted licence status classification and professional sanction indicator identification tools for AI credentialing determination and employer privileging decision. An adversarially crafted professional licence scan photograph or OIG HHS exclusion list database display — in which pixel perturbations applied to the licence sanction or revocation indicator display region, the OIG exclusion status flag visual marker, or the NPDB adverse action report disclosure indicator display in a professional credential document image cause the AI to classify a healthcare worker with an active OIG mandatory exclusion, a revoked or suspended professional licence, or a reportable NPDB adverse action as a credential-cleared professional not meeting sanction or exclusion indicator criteria when the actual credential display documents active exclusion or licence sanctions meeting mandatory exclusion and adverse action reporting thresholds — can suppress a sanction or exclusion indicator that would otherwise generate a credentialing rejection, an employer exclusion verification failure notification, and an OIG exclusion compliance record. In healthcare employer credentialing operations where credentialing AI processes professional credential document images for hundreds of physicians, nurses, and allied health professionals without individual credentialing specialist pixel-level examination of every AI-processed credential display before the AI classification governs the credentialing workflow, adversarial suppression of OIG exclusion and licence sanction indicators creates federal healthcare programme participation consequences of potentially catastrophic regulatory severity.

The OIG exclusion, NPDB, JCAHO, and state professional licensing board consequences of adversarially suppressed credential sanction classification in professional licence AI span OIG HHS exclusion list 42 USC §1320a-7 mandatory exclusion from federal healthcare programme participation, NPDB National Practitioner Data Bank 42 USC §11131 adverse action reporting requirements, 42 USC §11137 NPDB query obligations, JCAHO credentialing and privileging standards for Joint Commission-accredited healthcare organisations, state professional licensing board disciplinary sanction database requirements, and federal healthcare programme overpayment and civil monetary penalty dimensions. OIG HHS exclusion under 42 USC §1320a-7 mandates exclusion of healthcare providers convicted of certain criminal offences from participation in Medicare, Medicaid, and other federal healthcare programmes — healthcare employers that employ OIG-excluded individuals in positions that provide patient care services, manage or control programme funds, or make programme determinations bear federal healthcare programme repayment obligations, OIG civil monetary penalty exposure up to $10,000 per day per item or service furnished by the excluded individual, and potential OIG Corporate Integrity Agreement requirements. NPDB 42 USC §11131 requires hospitals and other healthcare entities to report adverse privilege actions to the NPDB; 42 USC §11137 requires hospitals and other eligible entities to query the NPDB when appointing or granting clinical privileges to healthcare practitioners, and when renewing appointments or privileges every 2 years — adversarial manipulation of NPDB adverse action report display classification that suppresses adverse privilege action indicators creates §11137 query result accuracy failures and hospital NPDB compliance obligation dimensions. JCAHO credentialing standards require Joint Commission-accredited healthcare organisations to implement systematic processes for verifying practitioners’ credentials, privileges, and disciplinary history; adversarially corrupted credentialing AI that suppresses OIG exclusion or licence sanction indicators creates JCAHO standards compliance failure dimensions with accreditation consequence. Threshold: 65 for professional credential AI — reflecting OIG §1320a-7 mandatory exclusion, NPDB §11131/§11137 adverse action reporting and query, JCAHO credentialing standards, state licensing board sanction database, and federal healthcare programme overpayment dimensions.

Integration: employee background screening AI image ingestion with Glyphward pre-scan

Employee background screening AI image ingestion flows from HireRight AI, Sterling Check AI, First Advantage AI, and Checkr AI criminal background check county court record scan channels, Equifax Workforce Solutions The Work Number AI and HireRight AI employment history verification document photograph interfaces, IntelliCheck AI and Veriff AI identity document verification photograph platforms, and professional credential licence verification AI and healthcare employer credentialing AI document image processing systems into criminal conviction indicator classification AI, employment history accuracy assessment AI, identity document authenticity classification AI, and professional licence sanction and OIG exclusion indicator AI pipelines. Insert Glyphward’s pre-scan at the ingestion boundary before AI-generated output is committed to criminal background check reports, employment verification conclusions, identity authentication determinations, or professional credentialing decisions:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Background screening AI — FCRA 15 USC §1681e(b) maximum possible accuracy;
# §1681c 7-year reporting rule; EEOC April 2012 disparate impact 42 USC §2000e;
# state ban-the-box (CA AB 1008, NYC Fair Chance Act, IL HRA);
# Form I-9 8 CFR §274a.2; IRCA 8 USC §1324a;
# OIG HHS exclusion 42 USC §1320a-7; NPDB §11131/§11137.
THRESHOLD_CRIMINAL_BACKGROUND_CHECK_AI = 60  # HireRight/Sterling/Checkr; §1681e(b); EEOC
THRESHOLD_EMPLOYMENT_HISTORY_AI        = 65  # Equifax The Work Number; §1681e(b); CFPB
THRESHOLD_IDENTITY_DOCUMENT_AI         = 55  # IntelliCheck/Veriff; I-9; IRCA §1324a; E-Verify
THRESHOLD_PROFESSIONAL_CREDENTIAL_AI   = 65  # OIG §1320a-7; NPDB §11131; JCAHO


class BackgroundScreeningAIContext(str, Enum):
    CRIMINAL_BACKGROUND_CHECK_AI = "criminal_background_check_ai"  # HireRight, Sterling, Checkr
    EMPLOYMENT_HISTORY_AI        = "employment_history_ai"         # Equifax The Work Number
    IDENTITY_DOCUMENT_AI         = "identity_document_ai"          # IntelliCheck, Veriff
    PROFESSIONAL_CREDENTIAL_AI   = "professional_credential_ai"    # OIG, NPDB, JCAHO


def threshold_for(context: BackgroundScreeningAIContext) -> int:
    mapping = {
        BackgroundScreeningAIContext.CRIMINAL_BACKGROUND_CHECK_AI: THRESHOLD_CRIMINAL_BACKGROUND_CHECK_AI,
        BackgroundScreeningAIContext.EMPLOYMENT_HISTORY_AI:        THRESHOLD_EMPLOYMENT_HISTORY_AI,
        BackgroundScreeningAIContext.IDENTITY_DOCUMENT_AI:         THRESHOLD_IDENTITY_DOCUMENT_AI,
        BackgroundScreeningAIContext.PROFESSIONAL_CREDENTIAL_AI:   THRESHOLD_PROFESSIONAL_CREDENTIAL_AI,
    }
    return mapping[context]


async def scan_background_screening_ai_image(
    image_path: str | Path,
    context: BackgroundScreeningAIContext,
    employer_id_hash: str,           # SHA-256 of employer EIN or organisation identifier
    applicant_ref: str,              # e.g. "HIRE-BGC-2026-44821", "CRED-NPI-2026-88841"
    screening_session_id: str,       # background check order batch, credentialing session ID
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan an employee background screening AI image for adversarial injection payloads
    before forwarding to criminal conviction indicator classification, employment history
    verification, identity document authentication, or professional licence and credential
    sanction indicator AI systems.

    Raises AdversarialBackgroundScreeningAIImageError if score meets threshold:
      - CRIMINAL_BACKGROUND_CHECK_AI: threshold 60; FCRA §1681e(b); EEOC; ban-the-box
      - EMPLOYMENT_HISTORY_AI:        threshold 65; FCRA §1681e(b); CFPB; §1001
      - IDENTITY_DOCUMENT_AI:         threshold 55; I-9 §274a.2; IRCA §1324a; E-Verify
      - PROFESSIONAL_CREDENTIAL_AI:   threshold 65; OIG §1320a-7; NPDB §11131; JCAHO
    """
    image_bytes     = Path(image_path).read_bytes()
    image_b64       = base64.b64encode(image_bytes).decode()
    image_sha256    = hashlib.sha256(image_bytes).hexdigest()
    client_scan_id  = str(uuid.uuid4())
    threshold       = threshold_for(context)

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "background_screening_context": context.value,
                "employer_id_hash":             employer_id_hash,
                "applicant_ref":                applicant_ref,
                "screening_session_id":         screening_session_id,
                "client_scan_id":               client_scan_id,
                "image_sha256":                 image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "employer_id_hash":             employer_id_hash,
        "applicant_ref":                applicant_ref,
        "screening_session_id":         screening_session_id,
        "background_screening_context": context.value,
        "scan_id":                      result["scan_id"],
        "client_scan_id":               client_scan_id,
        "image_sha256":                 image_sha256,
        "score":                        result["score"],
        "flagged_region":               result.get("flagged_region"),
        "threshold":                    threshold,
        "action":                       "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_screening_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialBackgroundScreeningAIImageError(
            f"Background screening AI image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"employer={employer_id_hash} ref={applicant_ref}"
        )
    return result


async def write_screening_audit_record(record: dict) -> None:
    """Persist audit record to background screening compliance documentation store (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialBackgroundScreeningAIImageError(Exception):
    """Raised when a background screening AI image exceeds the adversarial injection threshold."""
    pass

Call scan_background_screening_ai_image() with BackgroundScreeningAIContext.CRIMINAL_BACKGROUND_CHECK_AI before forwarding HireRight AI, Sterling Check AI, or Checkr AI county court record scan images to criminal conviction indicator and sex offender registry classification AI — with applicant_ref linking the Glyphward scan to the background check order record for FCRA §1681e(b) maximum accuracy, EEOC April 2012 disparate impact guidance, and state ban-the-box statute compliance documentation. Call with BackgroundScreeningAIContext.EMPLOYMENT_HISTORY_AI for Equifax The Work Number AI or HireRight AI employment history document photograph images before employment falsification and termination-for-cause indicator classification, with employer_id_hash for FCRA §1681e(b) reasonable procedures, CFPB enforcement authority, and 18 USC §1001 false statements audit trail documentation. Call with BackgroundScreeningAIContext.IDENTITY_DOCUMENT_AI for IntelliCheck AI or Veriff AI identity document photograph images before authenticity classification and Form I-9 employment eligibility determination, with screening_session_id as the onboarding batch identifier for Form I-9 8 CFR §274a.2, E-Verify USCIS, and IRCA §1324a unlawful employment compliance documentation. Call with BackgroundScreeningAIContext.PROFESSIONAL_CREDENTIAL_AI for professional licence scan photographs, OIG exclusion database display images, or NPDB adverse action report display images before sanction and exclusion indicator classification, with applicant_ref for OIG §1320a-7 mandatory exclusion, NPDB §11131/§11137 adverse action reporting and query, and JCAHO credentialing standards compliance audit trail. Get early access

Coverage matrix

Control Criminal background check AI injection (HireRight AI, Sterling AI, Checkr AI) Employment history AI injection (Equifax The Work Number AI) Identity document AI injection (IntelliCheck AI, Veriff AI) Professional credential AI injection (OIG exclusion AI, NPDB AI)
Text-only PI scanners (Lakera, LLM Guard) No — adversarial pixel perturbations in county court criminal record scan photographs suppressing conviction indicator classification are invisible to text-based analysis No — employment history W-2 wage document photograph pixel manipulation suppressing falsification and termination-for-cause indicator classification is not caught by text-only scanning No — identity document photograph pixel perturbations suppressing document authenticity failure indicator classification are not detected by text analysis No — professional licence scan and OIG/NPDB display pixel manipulation suppressing sanction and exclusion indicator classification is not visible to text scanners
HR specialists, background screening investigators, and credentialing specialists HR specialists review AI-generated background check report summaries; do not inspect individual court record scan pixels for adversarial manipulation before AI conviction classifications govern adverse action workflow decisions Employment screening investigators review AI-generated employment verification report summaries; do not inspect individual employment document photograph pixels for adversarial manipulation before AI falsification classifications govern verification report conclusions HR specialists review AI-generated identity document authentication results; do not inspect individual identity document photograph pixels for adversarial manipulation before AI authenticity classifications govern Form I-9 completion and E-Verify submission decisions Credentialing specialists review AI-generated credential verification summaries; do not inspect individual professional licence scan and OIG/NPDB display pixels for adversarial manipulation before AI sanction classifications govern credentialing and privileging decisions
FCRA enforcement (CFPB, FTC), EEOC, DHS/USCIS E-Verify, and OIG/NPDB compliance CFPB and FTC investigators review aggregate FCRA accuracy complaint records; do not detect adversarial manipulation of HireRight/Sterling/Checkr AI court record scan inputs that suppressed individual conviction indicator classifications CFPB investigators review aggregate employment verification accuracy complaint records; do not detect adversarial manipulation of Equifax The Work Number AI employment document inputs that suppressed individual falsification indicators USCIS E-Verify programme auditors review aggregate I-9 and E-Verify completion compliance records; do not detect adversarial manipulation of IntelliCheck/Veriff AI identity document photograph inputs that suppressed individual authenticity failure indicators OIG and NPDB programme administrators review aggregate exclusion and adverse action compliance records; do not detect adversarial manipulation of credentialing AI professional credential display inputs that suppressed individual OIG exclusion or licence sanction indicators
Glyphward Yes — threshold 60; employer_id_hash and applicant_ref audit trail; blocks adversarially crafted court record scans before conviction classification AI for FCRA §1681e(b) maximum accuracy, EEOC April 2012 guidance, and state ban-the-box compliance documentation Yes — threshold 65; blocks adversarially crafted employment history document photographs before falsification classification AI, with employer_id_hash for FCRA §1681e(b) reasonable procedures, CFPB enforcement, and 18 USC §1001 compliance audit trail Yes — threshold 55; blocks adversarially crafted identity document photographs before authenticity classification AI, with screening_session_id for Form I-9 §274a.2, E-Verify USCIS, and IRCA §1324a unlawful employment compliance documentation Yes — threshold 65; blocks adversarially crafted professional licence and OIG/NPDB display images before sanction classification AI, with applicant_ref for OIG §1320a-7 mandatory exclusion, NPDB §11131/§11137, and JCAHO credentialing compliance audit trail

Frequently asked questions

How does adversarial injection into HireRight/Sterling/Checkr criminal background check AI differ from ordinary expungement or court record errors, and why do FCRA adverse action and pre-adverse action notices not detect adversarially manipulated criminal record scan inputs?

Ordinary court record errors and expungement complications in criminal background check processing — examined through consumer dispute investigation procedures under FCRA 15 USC §1681i, court record sealing and expungement notification workflows, and background screening industry best practices for handling multi-jurisdictional criminal record database inaccuracies — operate at the data accuracy and completeness layer of the criminal record database and court record retrieval systems that consumer reporting agencies access to generate background check reports. Court record errors arise from courthouse data entry mistakes, case management system data quality failures, multi-jurisdiction record linkage errors, and expungement processing delays that result in background check reports disclosing records that should be sealed or expunged — errors that are addressable through FCRA §1681i consumer dispute procedures, court record correction requests, and background screening agency reinvestigation procedures. FCRA pre-adverse action and adverse action notice procedures under 15 USC §1681b(b)(3) and §1681m require consumer reporting agencies and employers using consumer reports to provide applicants with pre-adverse action notices and copies of their background check reports before taking adverse employment action; these procedures operate at the employer decision-making layer — giving applicants an opportunity to dispute inaccurate or outdated records — but operate after the AI-generated background check report has already been generated based on the AI’s processing of the county court record scan images. Neither the FCRA’s §1681i consumer dispute procedures nor the §1681m adverse action notice requirements examine the pixel-level integrity of the individual county court record scan images that HireRight AI, Sterling Check AI, or Checkr AI processed to generate the background check report that forms the basis for the adverse action notice — they operate on the report output, not on the image inputs that generated it.

Adversarial injection into HireRight AI, Sterling Check AI, or Checkr AI criminal background check document classification operates at the individual pixel manipulation layer of the specific county court record scan image that the AI processes to generate the criminal history indicator classification for a particular background check order — creating a vulnerability distinct from court record errors, which involve inaccurate data in the underlying court records, and from expungement complications, which involve records that should be removed from background check reports. Court record errors and expungement complications are discoverable through FCRA consumer dispute procedures and court record verification processes because they involve discrepancies between actual criminal history and reported criminal history that surface through comparison with authoritative court record sources; an applicant who disputes an inaccurate criminal record can submit court documentation demonstrating that the record is inaccurate or expunged. Adversarial injection creates a fundamentally different category of failure: the AI processes a county court record scan image containing adversarial pixel perturbations that suppress conviction indicator classifications — causing the AI to generate a background check report that omits conviction history that the actual court record scan documents — without creating any discrepancy between the AI-generated report and the court records that FCRA dispute resolution procedures would surface. An applicant whose background check AI processing was adversarially manipulated to suppress conviction indicators receives a clean background check report that accurately reflects what the AI classified — and FCRA pre-adverse action and adverse action notice procedures are not triggered because no adverse action was taken based on the adversarially suppressed background check. FCRA §1681i consumer dispute procedures are triggered when a consumer disputes the accuracy of information in their consumer report — they do not detect situations where accurate court record information was adversarially suppressed from the AI-generated report before the report was generated. Glyphward pre-scan at the HireRight AI, Sterling Check AI, or Checkr AI court record scan image ingestion boundary provides the only technical control that detects adversarial pixel manipulation of criminal record scan inputs before the AI generates background check reports, providing FCRA §1681e(b) reasonable procedures compliance documentation and forensic evidence for CFPB and FTC enforcement proceedings.

What are employers’ OIG exclusion list 42 USC §1320a-7 and NPDB 42 USC §11131 compliance obligations when adversarial injection into credential verification AI suppresses professional licence sanction indicators for healthcare workers?

An employer’s OIG HHS exclusion list compliance obligations under 42 USC §1320a-7 when adversarial injection into credential verification AI suppresses OIG exclusion indicators for healthcare workers operate under the OIG’s mandatory exclusion authority, its permissive exclusion authority, and the federal healthcare programme overpayment and civil monetary penalty framework that applies when healthcare employers retain OIG-excluded individuals in programme-affecting positions. 42 USC §1320a-7 mandates exclusion from Medicare, Medicaid, and other federal healthcare programme participation for healthcare providers convicted of programme-related crimes, patient abuse or neglect, felony health care fraud, or felony drug-related offences — OIG’s exclusion authority extends to healthcare organisations, and OIG maintains the List of Excluded Individuals/Entities (LEIE) as the authoritative database of excluded persons. Healthcare employers are responsible for screening employees, contractors, and vendors against the LEIE before hiring and on a periodic basis — OIG’s compliance guidance recommends monthly LEIE screening for all programme-relevant positions. Adversarial manipulation of credential verification AI that suppresses OIG exclusion indicators in LEIE database display images creates employer federal healthcare programme compliance failures when the adversarially corrupted AI classification causes employers to retain OIG-excluded individuals in positions that furnish items or services to Medicare and Medicaid beneficiaries; the employer bears federal healthcare programme overpayment repayment obligations and OIG civil monetary penalty exposure up to $10,000 per day per item or service furnished by the excluded individual under 42 USC §1320a-7a(a)(6), with additional programme exclusion consequences for the employing organisation.

NPDB 42 USC §11131 and §11132 require hospitals and other healthcare entities to report to the NPDB adverse privilege actions — including clinical privilege revocations, suspensions, reductions, or non-renewals related to professional competence or conduct — and 42 USC §11137 requires hospitals and other eligible entities to query the NPDB when appointing or granting clinical privileges and when renewing appointments and privileges at least every 2 years; healthcare malpractice insurers and state medical boards also report to the NPDB. Adversarial manipulation of NPDB adverse action report display classification that suppresses adverse privilege action indicators — for example, adversarially manipulating a Veritone IDentify AI or credentialing AI display of an NPDB adverse action report to cause the AI to fail to classify a prior hospital privilege revocation — creates §11137 query result accuracy failures when a hospital relies on adversarially corrupted AI credentialing tool outputs to conclude that an NPDB query returned no adverse actions for a practitioner with a prior reportable adverse action history. 42 USC §11137(c) provides that hospitals that fail to request NPDB information as required, or fail to report as required, may not claim as a defence to civil liability that they did not have certain information — this “deemed to know” provision means that hospitals whose NPDB query workflows incorporate adversarially corrupted AI display classification tools that suppress adverse action indicators cannot use the adversarial manipulation as a complete defence to negligent credentialing civil liability when a credentialed practitioner with a suppressed adverse action history causes patient harm. JCAHO credentialing standards require Joint Commission-accredited healthcare organisations to implement systematic primary source verification of practitioner credentials, including OIG LEIE screening, NPDB querying, and state medical board licence verification; adversarially corrupted AI tools that suppress sanction and exclusion indicators create JCAHO standards compliance failure dimensions that affect accreditation status and CMS Conditions of Participation compliance for hospitals receiving Medicare and Medicaid reimbursement. Glyphward pre-scan audit records documenting adversarially flagged professional credential display images provide forensic documentation that OIG exclusion and NPDB adverse action query result compliance failures resulted from adversarially manipulated AI inputs rather than employer negligent failure to query required databases, supporting OIG Civil Monetary Penalty settlement negotiations and JCAHO corrective action plan documentation.

Further reading