Asylum claim evidence AI · Immigration petition document AI · Travel document AI · Immigration court hearing evidence AI

Prompt injection in immigration and asylum documentation AI

Immigration and asylum documentation AI has become the operational infrastructure for high-volume adjudication accuracy determinations, document authenticity assessments, credible fear eligibility classifications, identity verification decisions, and immigration court case management across asylum claim credibility review, family and employment immigration petition document verification, travel document biometric and security feature authenticity AI analysis, and immigration court hearing evidence classification — concentrating Immigration and Nationality Act §208 (8 USC §1158) asylum eligibility requirements, 8 CFR §208.13 asylum approval criteria requiring both credible fear and corroborating evidence assessments, UNHCR Handbook on Procedures and Criteria for Determining Refugee Status credibility assessment guidelines establishing the good faith credibility standard applicable to asylum adjudicators, INA §204 (8 USC §1154) immigration petition requirements applicable to Form I-130 family petitions and Form I-140 employment petitions for immigrant visa and adjustment of status eligibility, 18 USC §1001 false statements to government agencies creating criminal penalties of up to $500,000 fine and five years imprisonment for knowingly and wilfully making false statements in any matter within the jurisdiction of the executive branch, 18 USC §1543 forgery of passport creating criminal penalties of imprisonment up to 25 years for forgery or alteration of a US passport or passport card, 18 USC §1546 fraud and misuse of visas, permits, and other entry documents creating criminal penalties of imprisonment up to 10 years (or 25 years if the violation facilitates drug trafficking or terrorism) for fraud in connection with documents required under immigration laws, 8 CFR §1240.9 immigration judge hearing procedures applicable to EOIR immigration court removal proceedings under INA §240 (8 USC §1229a), and 1951 Refugee Convention Article 27 travel document obligations applicable to recognized refugees in AI systems that process country condition evidence document scan images, asylum applicant identification document images, persecution evidence photograph images, immigration petition Form I-130 birth certificate and marriage certificate scan images, Form I-140 educational credential and labor certification scan images, Form I-485 adjustment of status supporting evidence images, passport biographic page and visa stamp scan images at CBP ports of entry, refugee travel document images, and immigration court hearing corroborating evidence document images at United States Citizenship and Immigration Services, Department of Justice Executive Office for Immigration Review, and Department of Homeland Security Customs and Border Protection document processing volumes that make individual human adjudicator review of every AI-processed immigration document image impracticable across the agencies’ combined caseloads. USCIS ELIS (Electronic Immigration System) processes 8 million or more immigration applications per year across the $4.4 billion annual USCIS adjudication workload spanning family petitions, employment petitions, adjustment of status applications, naturalization applications, and humanitarian benefit applications including asylum, refugee resettlement, and Temporary Protected Status through AI-assisted document review and adjudication accuracy tools. EOIR Executive Office for Immigration Review manages 3.5 million or more pending immigration court cases across the immigration court system and Board of Immigration Appeals through AI-assisted case management and hearing evidence classification tools. NEC Corporation and Unisys CBP document AI perform biometric identity verification at 300 or more US ports of entry processing 1 million or more daily traveler screenings through AI-assisted travel document authenticity analysis and biometric identity matching tools. Tyler Technologies immigration case AI serves 20,000 or more government clients including county immigration courts and state court systems through AI-assisted immigration case management and evidence classification tools. LexisNexis immigration AI is used by 400,000 or more lawyers and legal professionals globally for asylum research, case prediction, and immigration document analysis through AI-assisted legal research and case management tools. Boundless AI has assisted 200,000 or more US immigration applications through AI document review and form completion tools that process supporting document scan images for USCIS submission. Each immigration and asylum documentation AI platform shares a structural adversarial image injection vulnerability creating exposure with direct INA §208 asylum adjudication integrity, 8 CFR §208.13 credibility assessment accuracy, UNHCR credibility guideline compliance, INA §204 petition document verification, 18 USC §1001 false statement prevention, 18 USC §1543 passport forgery detection, 18 USC §1546 immigration document fraud prevention, 8 CFR §1240.9 immigration court hearing evidence integrity, and INA §240(b)(4)(B) due process rights in removal proceedings consequences of substantial national security, refugee protection failure, and criminal prosecution severity.

TL;DR

Immigration and asylum documentation AI platforms — USCIS ELIS AI (8M+ applications/year), EOIR immigration court AI (3.5M+ pending cases), NEC/Unisys CBP document AI (1M+ daily traveler screenings at 300+ ports of entry), Tyler Technologies immigration case AI (20,000+ government clients), LexisNexis immigration AI (400,000+ legal professionals), and Boundless AI (200,000+ applications assisted) — process asylum claim country condition evidence and persecution photograph images, immigration petition Form I-130/I-140/I-485 supporting document scan images, passport biographic page and visa stamp scan images, and immigration court hearing corroborating evidence document scan images through AI-assisted credibility assessment, document authenticity verification, identity matching, and case management pipelines. Adversarially crafted images can suppress document fabrication markers in asylum evidence AI, conceal petition supporting document forgery signals in ELIS AI, mask biometric inconsistency and MRZ checksum anomaly signals in CBP travel document AI, and alter hearing evidence classification in EOIR case management AI — triggering INA §208/8 CFR §208.13 asylum adjudication integrity failures, INA §204/18 USC §1001 immigration petition fraud, 18 USC §1543 passport forgery detection failures, 18 USC §1546 immigration document fraud with up to 25-year imprisonment for terrorism nexus, and 8 CFR §1240.9 immigration court hearing evidence integrity violations. Glyphward scans each immigration and asylum documentation AI input image at the ingestion boundary with a threshold of ≥ 55 for asylum claim evidence AI and immigration petition document AI, ≥ 50 for travel document AI at CBP ports of entry, and ≥ 60 for immigration court hearing evidence AI. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in immigration and asylum documentation AI

1. Asylum claim evidence image injection (INA §208, 8 CFR §208.13, UNHCR Credibility Guidelines)

Asylum claim evidence AI processes country condition evidence document scan images, asylum applicant identification document scan images, persecution evidence photograph images, country condition report page images from the State Department Country Reports on Human Rights Practices and the UNHCR country guidance documents, corroborating witness statement document images, documentary evidence of past harm or well-founded fear of future persecution images, and asylum applicant credibility-supporting biographical document images submitted through USCIS ELIS AI-assisted adjudication pipelines at 8 million or more immigration applications per year and the $4.4 billion annual USCIS adjudication workload; LexisNexis immigration AI at 400,000 or more legal professional users processing asylum research, case prediction, and country condition document analysis through AI-assisted legal research and credibility assessment tools; and Boundless AI at 200,000 or more immigration applications assisted through AI document review and form completion tools that process asylum supporting document scan images for USCIS credible fear determination and asylum petition credibility assessment input — extracting credible fear determination classifications and asylum petition credibility assessments from asylum claim country condition evidence and persecution evidence document image inputs in AI-assisted USCIS asylum adjudication pipelines at processing volumes that make individual human adjudicator examination of every AI-processed asylum evidence image impracticable across the USCIS asylum office and asylum interview preparation workloads.

The adversarial injection surface is the asylum claim evidence document scan or persecution evidence photograph image submission pathway: USCIS ELIS AI or LexisNexis immigration AI asylum evidence document image inputs submitted through AI-assisted credible fear determination and asylum petition credibility assessment tools for AI credibility classification record generation and USCIS asylum adjudication decision input. An adversarially crafted asylum evidence image — in which pixel perturbations applied to the document timestamp and date indicator display region of a persecution evidence photograph, the country condition document authenticity signal region of a supporting document image, or the identification document security feature and consistency indicator display in an asylum applicant identity document scan image cause the AI to classify fabricated persecution evidence as authentic corroborating evidence not meeting USCIS credibility challenge criteria when the actual document images evidence document fabrication indicators, timestamp inconsistencies, or security feature anomalies that would otherwise generate an asylum adjudicator credibility challenge referral — can suppress a document authenticity indicator that would otherwise generate an asylum claim denial recommendation, a credibility finding adverse to the applicant, and an asylum fraud referral record. In USCIS asylum office operations where ELIS AI processes asylum claim evidence document images to support asylum officer interview preparation and credibility assessment without individual human forensic examination of every AI-processed evidence image at the pixel level before the AI classification governs the adjudication recommendation, adversarial suppression of asylum evidence authenticity and fabrication indicators creates INA §208, 8 CFR §208.13, and 18 USC §1546 immigration document fraud dimensions of significant national security and refugee protection integrity severity.

The INA §208, 8 CFR §208.13, UNHCR credibility guideline, and 18 USC §1546 consequences of adversarially suppressed asylum evidence authenticity classification span INA §208 (8 USC §1158) asylum eligibility requirements establishing that an applicant who has been persecuted or has a well-founded fear of persecution on account of race, religion, nationality, membership in a particular social group, or political opinion may be granted asylum; 8 CFR §208.13 asylum approval criteria establishing that the burden of proof is on the applicant to establish eligibility for asylum by a preponderance of the evidence including corroborating evidence of past persecution or well-founded fear; UNHCR Handbook on Procedures and Criteria for Determining Refugee Status paragraphs 195–205 credibility assessment guidelines establishing that adjudicators should give the benefit of the doubt to applicants whose testimony is consistent and plausible even where individual documentary corroboration is incomplete; and 18 USC §1546 fraud and misuse of visas, permits, and other entry documents creating criminal penalties of imprisonment up to 10 years for any person who knowingly forges, counterfeits, alters, or falsely makes any document required under immigration laws or uses any such document knowing it to be forged, counterfeit, altered, or falsely made. Adversarial manipulation of asylum evidence AI that suppresses persecution photograph fabrication indicators or country condition document authenticity anomaly signals creates asylum adjudication integrity failures at both the national security dimension — enabling fraudulent asylum claims from applicants who are not genuine refugees — and the refugee protection failure dimension — potentially enabling adverse credibility findings against genuine refugees whose authentic evidence was corrupted by adversarial suppression of corroboration signals. Threshold: 55 for asylum claim evidence AI — a deliberately low threshold reflecting the dual consequences of false negatives in this context: national security and refugee protection failure.

2. Immigration petition document injection (INA §204, 18 USC §1001, 18 USC §1546)

Immigration petition document AI processes Form I-130 family petition supporting document scan images including birth certificate images, marriage certificate images, adoption decree images, and family relationship evidence photographs; Form I-140 employment-based immigrant petition supporting document scan images including foreign educational credential and transcript images, labor certification (PERM) application approval notice images, specialty occupation job offer letter images, and employer financial statement images; Form I-485 adjustment of status supporting evidence images including medical examination report images, civil document birth and marriage certificate images, prior immigration status documentation images, and financial sponsorship Form I-864 affidavit of support supporting document images — submitted through USCIS ELIS AI-assisted petition document review pipelines at 8 million or more annual application processing volumes and the $4.4 billion USCIS adjudication workload; Boundless AI at 200,000 or more immigration applications assisted through AI document completeness review and form preparation tools that process family petition and employment petition supporting document scan images for USCIS submission accuracy; and LexisNexis immigration AI at 400,000 or more legal professional users processing immigration petition document analysis and case management through AI-assisted legal research and document review tools — extracting petition document completeness, authenticity, and consistency assessments from Form I-130, I-140, and I-485 supporting document scan images in AI-assisted USCIS immigration petition adjudication pipelines.

The adversarial injection surface is the Form I-130 birth certificate or marriage certificate scan image submission pathway, or the Form I-140 foreign educational credential or PERM labor certification scan image submission pathway: USCIS ELIS AI or Boundless AI immigration petition supporting document scan images submitted through AI-assisted petition document authenticity and completeness review tools for AI petition document accuracy classification record generation and USCIS adjudication officer review input. An adversarially crafted Form I-130 birth certificate scan image or Form I-140 foreign educational credential image — in which pixel perturbations applied to the document stamp authenticity indicator display region of a birth certificate or educational credential image, the font consistency and date format compliance visual marker of a marriage certificate scan, or the labor certification approval notice security feature indicator in a PERM application document image cause the AI to classify a forged or altered supporting document as an authentic document passing USCIS petition document authenticity review criteria when the actual document evidences stamp inconsistencies, font irregularities, date format violations, or security feature anomalies that would otherwise generate a USCIS Request for Evidence (RFE) referral, a petition denial for lack of credible evidence, and a document fraud investigation referral — can suppress a petition document forgery indicator that would generate a material evidence integrity challenge. In USCIS petition adjudication operations where ELIS AI processes thousands of Form I-130, I-140, and I-485 supporting document scan images per day without individual human adjudicator pixel-level forensic examination of every AI-processed petition document before the AI classification governs the petition acceptance or RFE issuance decision, adversarial suppression of petition supporting document authenticity indicators creates INA §204, 18 USC §1001, and 18 USC §1546 immigration petition fraud dimensions.

The INA §204, 18 USC §1001, 18 USC §1546, and USCIS document fraud enforcement consequences of adversarially suppressed immigration petition document authenticity classification span INA §204 (8 USC §1154) petition requirements establishing the evidentiary standards for family-based and employment-based immigrant visa petitions; 18 USC §1001 false statements to government agencies creating criminal penalties of up to $500,000 fine and five years imprisonment (eight years if the offense involves terrorism) for knowingly and wilfully making any materially false, fictitious, or fraudulent statement or representation in any matter within the jurisdiction of the executive branch of the government of the United States including USCIS petition proceedings; 18 USC §1546(a) fraud and misuse of visas creating criminal penalties of imprisonment up to 10 years for any person who knowingly makes any false statement with respect to a material fact in any application, affidavit, or other document required by the immigration laws or regulations; and USCIS administrative document fraud enforcement authority under INA §274C (8 USC §1324c) creating civil penalties of $250 to $2,000 per fraudulent document for first violations and $2,000 to $5,000 per document for subsequent violations, with referral authority to the Department of Justice for criminal prosecution of egregious or systematic petition document fraud patterns. Threshold: 55 for immigration petition document AI — reflecting INA §204 petition integrity requirements, 18 USC §1001 false statements criminal penalties, 18 USC §1546 immigration document fraud imprisonment, and USCIS §274C civil penalty dimensions.

3. Travel document image injection (1951 Refugee Convention, INA §101(a)(42), 18 USC §1546)

Travel document AI processes passport biographic page scan images including MRZ (machine-readable zone) data strip images, biographical data page security feature images, and laser-engraved personalization layer images; visa stamp document scan images including consular visa sticker images and visa validity indicator images; I-94 arrival and departure record images processed at CBP ports of entry; refugee travel document scan images issued under 1951 Refugee Convention Article 27 obligations to recognized refugees; advance parole travel document images; and border crossing card biometric and document authentication images — processed by NEC Corporation and Unisys CBP document AI at 300 or more US ports of entry screening 1 million or more daily international travelers through AI-assisted travel document authenticity analysis and biometric identity verification tools that compare live biometric capture with stored biometric data in CBP IDENT and DHS HART biometric identity systems; Tyler Technologies immigration case AI at 20,000 or more government clients including county immigration courts and state justice system operations processing travel document scan images through AI-assisted immigration case management tools; and USCIS ELIS AI at admission status verification and adjustment of status proceedings processing lawful admission documentation images for Form I-485 immigration benefit eligibility assessment.

The adversarial injection surface is the passport biographic page scan image or visa stamp document scan image submission pathway at CBP automated passport control kiosks and officer workstations: NEC/Unisys CBP document AI passport biographic page scan images and visa stamp document images submitted through AI-assisted travel document authenticity and biometric identity matching tools for AI travel document acceptance or referral classification record generation and CBP officer secondary inspection decision input. An adversarially crafted passport biographic page scan image or visa stamp document image — in which pixel perturbations applied to the MRZ checksum indicator display region of a machine-readable passport page image, the holographic security overlay consistency visual marker of a visa sticker scan image, or the biometric chip data integrity indicator in a biometric passport document image cause the AI to classify a counterfeit or altered travel document as a genuine document not meeting CBP referral for secondary inspection criteria when the actual travel document scan evidences MRZ checksum anomaly, security feature absence, or biometric data inconsistency indicators that would otherwise generate a CBP secondary inspection referral, an inadmissibility determination, and a document fraud seizure and referral record — can suppress a travel document forgery indicator that would otherwise generate a border security response. In CBP automated passport control operations at major international airports and land border crossings where NEC/Unisys CBP document AI processes over 1 million daily traveler document images without individual human CBP officer pixel-level forensic examination of every AI-processed travel document before the AI classification governs the traveler processing recommendation, adversarial suppression of passport and visa document security feature and biometric consistency indicators creates 18 USC §1543, 18 USC §1546, and INA §212(a)(6)(C) inadmissibility ground dimensions of significant border security severity.

The 1951 Refugee Convention Article 27, INA §101(a)(42), 18 USC §1543, 18 USC §1546, and CBP enforcement consequences of adversarially suppressed travel document authenticity classification span 1951 Refugee Convention Article 27 travel document obligations requiring contracting states to issue travel documents to recognized refugees lawfully residing in their territory who do not possess a valid national passport; INA §101(a)(42) (8 USC §1101(a)(42)) refugee definition establishing persecution-based refugee eligibility applicable to refugee travel document holders processed at CBP ports of entry; 18 USC §1543 forgery of passports and alteration of passports creating criminal penalties of imprisonment up to 25 years for forgery, counterfeiting, alteration, or false making of any passport or passport card, with an enhanced 25-year maximum for offenses committed in furtherance of drug trafficking or terrorism under 18 USC §1543(b); 18 USC §1546 fraud and misuse of visas creating criminal penalties of imprisonment up to 10 years for any person who knowingly uses any visa, permit, border crossing card, alien registration receipt card, or other document required for entry into the United States knowing the document to be forged, counterfeit, altered, or falsely made, with an enhanced 25-year maximum for terrorism-related offenses; and CBP administrative enforcement authority under INA §212(a)(6)(C) (8 USC §1182(a)(6)(C)) creating inadmissibility grounds for any alien who procures or attempts to procure admission by fraud or willful misrepresentation. Threshold: 50 for travel document AI at CBP ports of entry — the most conservative threshold in the immigration context, reflecting 18 USC §1543 forgery 25-year imprisonment, 18 USC §1546 terrorism nexus 25-year imprisonment, CBP port-of-entry border security criticality, and the irreversibility of a failed detection at an international border crossing.

4. Immigration court hearing evidence injection (8 CFR §1240.9, EOIR evidence rules)

Immigration court hearing evidence AI processes hearing evidence document scan images submitted in EOIR removal proceedings under INA §240, country condition report page images from State Department Country Reports and UNHCR country guidance documents submitted as corroborating evidence, expert witness report document scan images submitted to support asylum, withholding of removal, and Convention Against Torture (CAT) claims, corroborating evidence document scan images including medical records, police reports, news articles, and affidavit statement images, and legal brief and motion document images submitted by immigration counsel — processed by EOIR immigration court AI across 3.5 million or more pending immigration court cases through AI-assisted case management and hearing evidence classification tools; Tyler Technologies immigration case AI at 20,000 or more government clients including county immigration courts processing hearing evidence images through AI-assisted case management tools; and LexisNexis immigration AI at 400,000 or more legal professionals globally processing immigration court hearing evidence analysis and case strategy through AI-assisted legal research and document review tools that inform hearing evidence submission strategy and evidence classification for immigration judge review. The volume of pending EOIR cases — exceeding 3.5 million as of 2026 — means that AI-assisted case management and evidence classification tools are processing hearing evidence document images at volumes that create AI pre-classification dependency across many immigration court hearing preparation workflows.

The adversarial injection surface is the hearing evidence document scan image or country condition report page image submission pathway: EOIR immigration court AI or Tyler Technologies case management AI hearing evidence document images submitted through AI-assisted evidence classification and case management tools for AI hearing evidence categorization record generation and immigration judge review preparation input. An adversarially crafted hearing evidence document scan image — in which pixel perturbations applied to the documentary corroboration consistency indicator display region of a country condition report page image, the expert witness report credential and authority visual marker of an expert declaration scan image, or the medical evidence and physical harm documentation indicator display in a medical record scan image submitted to support a CAT claim cause the AI to alter the evidence classification, suppress adverse evidence relevance signals, or cause AI case management tools to incorrectly categorize submitted hearing evidence documents — can cause the AI-assisted evidence summary presented to immigration court hearing officers to misrepresent the quality, consistency, or classification of submitted hearing evidence at a level of abstraction that influences immigration judge review and hearing outcome. In EOIR immigration court case management operations where AI tools process hearing evidence document images across the 3.5 million or more pending case docket without individual human immigration judge pixel-level examination of every AI-processed evidence document before the AI classification influences the hearing preparation and evidence summary presented for judicial review, adversarial manipulation of hearing evidence AI classification creates 8 CFR §1240.9 immigration court hearing procedure integrity and INA §240(b)(4)(B) due process dimensions.

The 8 CFR §1240.9, EOIR Practice Manual, INA §240(b)(4)(B), and due process consequences of adversarially manipulated immigration court hearing evidence classification span 8 CFR §1240.9 immigration judge hearing procedures establishing the procedural framework for evidence submission, record of proceeding management, and evidence authentication in EOIR removal proceedings; EOIR Practice Manual §3.1 evidence submission requirements establishing the standards for documentary evidence authentication, translation, and submission timing in immigration court proceedings; INA §240(b)(4)(B) (8 USC §1229a(b)(4)(B)) statutory right to present evidence in removal proceedings establishing that the alien shall have a reasonable opportunity to examine the evidence against the alien, to present evidence on the alien’s own behalf, and to cross-examine witnesses presented by the government; and the Fifth Amendment due process requirements applicable to EOIR removal proceedings established by the Supreme Court in Mathews v. Eldridge and its immigration-specific applications requiring that removal proceedings satisfy procedural due process standards. Adversarial manipulation of hearing evidence AI that alters the classification or suppresses the relevance signals of asylum corroborating evidence, CAT medical evidence, or withholding of removal country condition evidence in EOIR case management AI creates the conditions for due process violations in removal proceedings where AI-generated evidence summaries influence the completeness and accuracy of the hearing record presented for immigration judge review. Threshold: 60 for immigration court hearing evidence AI — reflecting 8 CFR §1240.9 hearing procedure integrity, EOIR Practice Manual evidence submission requirements, INA §240(b)(4)(B) due process rights in removal proceedings, and the irreversibility of wrongful removal orders as a consequence of adversarially corrupted hearing evidence classification.

Integration: immigration and asylum documentation AI image ingestion with Glyphward pre-scan

Immigration and asylum documentation AI image ingestion flows from USCIS ELIS AI asylum claim evidence document scan and persecution photograph image channels, ELIS AI and Boundless AI immigration petition Form I-130/I-140/I-485 supporting document scan ingestion interfaces, NEC/Unisys CBP document AI passport biographic page and visa stamp scan image processing systems at US ports of entry, and EOIR AI and Tyler Technologies case management AI immigration court hearing evidence document scan processing platforms into asylum claim credibility assessment AI, immigration petition document authenticity verification AI, travel document security feature and biometric consistency verification AI, and immigration court hearing evidence classification AI pipelines. Insert Glyphward’s pre-scan at the ingestion boundary before AI-generated output is committed to USCIS asylum adjudication records, immigration petition acceptance or RFE determination records, CBP port-of-entry processing determinations, or EOIR hearing evidence classification records:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Immigration & asylum documentation AI — INA §208, 8 CFR §208.13, UNHCR credibility guidelines;
# INA §204, 18 USC §1001 ($500k/5yr), 18 USC §1546 document fraud (10yr/25yr terrorism nexus);
# 18 USC §1543 passport forgery (25yr), CBP port-of-entry biometric identity;
# 8 CFR §1240.9 EOIR hearing procedures, INA §240(b)(4)(B) due process removal proceedings.
THRESHOLD_ASYLUM_CLAIM_EVIDENCE_AI        = 55  # ELIS/LexisNexis; INA §208; §208.13; §1546 10yr
THRESHOLD_IMMIGRATION_PETITION_DOCUMENT_AI = 55  # ELIS/Boundless; INA §204; §1001 $500k/5yr; §1546
THRESHOLD_TRAVEL_DOCUMENT_AI              = 50  # NEC/Unisys CBP; §1543 25yr; §1546 terrorism 25yr
THRESHOLD_IMMIGRATION_COURT_EVIDENCE_AI   = 60  # EOIR/Tyler Tech; 8 CFR §1240.9; §240(b)(4)(B)


class ImmigrationAsylumDocumentationAIContext(str, Enum):
    ASYLUM_CLAIM_EVIDENCE_AI         = "asylum_claim_evidence_ai"          # ELIS, LexisNexis, Boundless
    IMMIGRATION_PETITION_DOCUMENT_AI = "immigration_petition_document_ai"  # ELIS, Boundless, LexisNexis
    TRAVEL_DOCUMENT_AI               = "travel_document_ai"                # NEC/Unisys CBP, ELIS APC
    IMMIGRATION_COURT_EVIDENCE_AI    = "immigration_court_evidence_ai"     # EOIR, Tyler Technologies


def threshold_for(context: ImmigrationAsylumDocumentationAIContext) -> int:
    mapping = {
        ImmigrationAsylumDocumentationAIContext.ASYLUM_CLAIM_EVIDENCE_AI:         THRESHOLD_ASYLUM_CLAIM_EVIDENCE_AI,
        ImmigrationAsylumDocumentationAIContext.IMMIGRATION_PETITION_DOCUMENT_AI: THRESHOLD_IMMIGRATION_PETITION_DOCUMENT_AI,
        ImmigrationAsylumDocumentationAIContext.TRAVEL_DOCUMENT_AI:               THRESHOLD_TRAVEL_DOCUMENT_AI,
        ImmigrationAsylumDocumentationAIContext.IMMIGRATION_COURT_EVIDENCE_AI:    THRESHOLD_IMMIGRATION_COURT_EVIDENCE_AI,
    }
    return mapping[context]


async def scan_immigration_asylum_documentation_ai_image(
    image_path: str | Path,
    context: ImmigrationAsylumDocumentationAIContext,
    case_ref_hash: str,       # SHA-256 of A-number, receipt number, case ID, or hearing docket number
    document_ref: str,        # e.g. "ELIS-I130-2026-44821", "CBP-POE-JFK-2026-0041", "EOIR-2026-8819"
    adjudication_session_id: str,  # USCIS interview session, CBP processing session, or EOIR docket
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan an immigration or asylum documentation AI image for adversarial injection payloads
    before forwarding to asylum claim credibility assessment, immigration petition document
    authenticity verification, travel document security feature and biometric identity
    verification, or immigration court hearing evidence classification AI.

    Raises AdversarialImmigrationAsylumDocumentationAIImageError if score meets threshold:
      - ASYLUM_CLAIM_EVIDENCE_AI:         threshold 55; INA §208; 8 CFR §208.13; 18 USC §1546 10yr
      - IMMIGRATION_PETITION_DOCUMENT_AI: threshold 55; INA §204; 18 USC §1001 $500k/5yr; §1546
      - TRAVEL_DOCUMENT_AI:               threshold 50; 18 USC §1543 forgery 25yr; §1546 terrorism 25yr
      - IMMIGRATION_COURT_EVIDENCE_AI:    threshold 60; 8 CFR §1240.9; INA §240(b)(4)(B) due process
    """
    image_bytes          = Path(image_path).read_bytes()
    image_b64            = base64.b64encode(image_bytes).decode()
    image_sha256         = hashlib.sha256(image_bytes).hexdigest()
    client_scan_id       = str(uuid.uuid4())
    threshold            = threshold_for(context)

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "immigration_asylum_context": context.value,
                "case_ref_hash":             case_ref_hash,
                "document_ref":              document_ref,
                "adjudication_session_id":   adjudication_session_id,
                "client_scan_id":            client_scan_id,
                "image_sha256":              image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "case_ref_hash":             case_ref_hash,
        "document_ref":              document_ref,
        "adjudication_session_id":   adjudication_session_id,
        "immigration_asylum_context": context.value,
        "scan_id":                   result["scan_id"],
        "client_scan_id":            client_scan_id,
        "image_sha256":              image_sha256,
        "score":                     result["score"],
        "flagged_region":            result.get("flagged_region"),
        "threshold":                 threshold,
        "action":                    "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_immigration_asylum_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialImmigrationAsylumDocumentationAIImageError(
            f"Immigration asylum documentation AI image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"case={case_ref_hash} doc={document_ref}"
        )
    return result


async def write_immigration_asylum_audit_record(record: dict) -> None:
    """Persist audit record to immigration adjudication regulatory documentation store (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialImmigrationAsylumDocumentationAIImageError(Exception):
    """Raised when an immigration or asylum documentation AI image exceeds the adversarial injection threshold."""
    pass

Call scan_immigration_asylum_documentation_ai_image() with ImmigrationAsylumDocumentationAIContext.ASYLUM_CLAIM_EVIDENCE_AI before forwarding USCIS ELIS AI or LexisNexis immigration AI asylum claim country condition evidence document images, persecution evidence photographs, and asylum applicant identification document scans to credible fear determination and asylum petition credibility assessment AI — with case_ref_hash as the SHA-256 of the USCIS A-number or receipt number for INA §208 asylum adjudication integrity, 8 CFR §208.13 credibility assessment accuracy, UNHCR credibility guideline compliance, and 18 USC §1546 immigration document fraud prevention audit trail documentation. Call with ImmigrationAsylumDocumentationAIContext.IMMIGRATION_PETITION_DOCUMENT_AI for USCIS ELIS AI or Boundless AI Form I-130 birth certificate and marriage certificate scan images, Form I-140 educational credential and PERM labor certification scan images, and Form I-485 supporting evidence scan images before petition document authenticity verification AI, with document_ref as the USCIS receipt number for INA §204 petition integrity, 18 USC §1001 false statement criminal penalty compliance, 18 USC §1546 immigration document fraud prevention, and USCIS §274C civil penalty audit trail. Call with ImmigrationAsylumDocumentationAIContext.TRAVEL_DOCUMENT_AI for NEC/Unisys CBP document AI passport biographic page scan images, visa stamp document images, and refugee travel document images at US ports of entry before travel document authenticity and biometric identity verification AI — with threshold 50, the lowest threshold in this product reflecting 18 USC §1543 passport forgery 25-year imprisonment and 18 USC §1546 terrorism nexus 25-year imprisonment at 300+ US ports of entry screening 1 million or more daily travelers. Call with ImmigrationAsylumDocumentationAIContext.IMMIGRATION_COURT_EVIDENCE_AI for EOIR AI or Tyler Technologies case management AI hearing evidence document scan images, country condition report page images, and expert witness report images before immigration court evidence classification AI, with adjudication_session_id for 8 CFR §1240.9 hearing procedure integrity, EOIR Practice Manual §3.1 evidence submission compliance, and INA §240(b)(4)(B) due process rights in removal proceedings audit trail documentation. Get early access

Coverage matrix

Control	Detects adversarial image injection in asylum evidence (INA §208, 8 CFR §208.13)	Detects petition document payload (INA §204, 18 USC §1001, §1546)	Detects travel document injection (18 USC §1543, §1546, CBP POE)	Detects hearing evidence manipulation (8 CFR §1240.9, INA §240(b)(4)(B))
Lakera Guard	No (text only)	No (text only)	No (text only)	Text channel only
LLM Guard	No (text only)	No (text only)	No (text only)	Text channel only
Azure Prompt Shields	No (text only)	No (text only)	No (text only)	Text only, Azure-gated
USCIS ELIS native document review	Processes document images without pixel-level adversarial manipulation detection; ELIS document review operates at the adjudication accuracy layer, not the AI input adversarial integrity layer	No — ELIS petition document authenticity review classifies documents based on AI feature extraction; does not detect adversarial pixel perturbation of document scan inputs before AI feature extraction	No — ELIS admission status verification processes travel document scan images; does not detect adversarial pixel manipulation of MRZ checksum and security feature indicator display regions	No per-request PI evidence or adversarial scan audit trail for EOIR case management AI inputs
Glyphward	Yes — pixel-level; threshold 55; blocks adversarially crafted asylum evidence images before credibility assessment AI; scan_id audit trail for INA §208 adjudication integrity	Yes — pixel-level; threshold 55; blocks adversarially crafted petition document scans before document authenticity AI; case_ref_hash audit trail for 18 USC §1546 compliance	Yes — pixel-level; threshold 50 (most conservative); blocks adversarially crafted passport and visa scans before CBP biometric identity AI at ports of entry; scan_id per request	Yes — pixel-level; threshold 60; blocks adversarially crafted hearing evidence images before EOIR case management AI; adjudication_session_id audit trail for §1240.9 compliance

Related questions

Does 18 USC §1546 create liability for AI systems that process fraudulent immigration documents?

18 USC §1546 creates criminal liability for individuals who knowingly forge, counterfeit, alter, or falsely make documents required under immigration laws, or who use such documents knowing them to be fraudulent. The statute does not directly create liability for AI systems as such — AI systems are not legal persons capable of criminal prosecution — but §1546 creates downstream liability consequences for organizations that deploy immigration document AI in ways that fail to detect fraudulent documents. The primary liability chain runs from the individual who submits a fraudulent immigration document knowing it to be fraudulent (criminal prosecution under §1546), to the organization that operates the AI processing the document (potential civil liability under INA §274C, regulatory consequences from USCIS, DHS, or DOJ, and reputational dimensions of operating an AI that systematically passes fraudulent immigration documents), to the AI vendor whose product demonstrably fails to provide the document authenticity detection capabilities marketed to government immigration agencies.

The more direct §1546 liability connection for immigration document AI operators arises from the use dimension of §1546(b), which makes it a crime for any person to use any immigration document knowing it to be forged, counterfeited, unlawfully obtained, or falsely altered. If an organization operating an immigration AI tool uses adversarially corrupted AI outputs — where the AI was processing fraudulent documents that the organization failed to detect — and those outputs influence USCIS petition filings, CBP entry determinations, or EOIR hearing submissions that the organization knows or should know are based on fraudulent underlying documents, §1546 criminal exposure dimensions arise at the organizational participant level. The USCIS civil penalty framework under INA §274C (8 USC §1324c) provides an alternative enforcement pathway: §274C imposes civil penalties of $250 to $2,000 per fraudulent document for first violations and $2,000 to $5,000 per fraudulent document for subsequent violations on any person who uses, accepts, or creates a fraudulent immigration document — creating per-document civil penalty dimensions that compound rapidly when an immigration AI system fails to detect adversarially crafted fraudulent documents submitted in high-volume petition processing workflows. Glyphward pre-scan at the immigration document AI ingestion boundary, with document_ref linking each scan to the USCIS receipt number or CBP processing record, provides the technical audit trail documentation supporting §1546 criminal prevention compliance, §274C civil penalty avoidance, and USCIS document fraud investigation cooperation requirements.

What is the UNHCR credibility assessment standard, and how does AI change the adversarial surface?

The UNHCR credibility assessment standard is established in the UNHCR Handbook on Procedures and Criteria for Determining Refugee Status (2019 reissued edition), paragraphs 195 through 205, which establish the “benefit of the doubt” principle applicable to asylum credibility determinations: where an applicant’s account is consistent with the general facts known about the country of origin and is not contradicted by other available information, the adjudicator should give the applicant the benefit of the doubt even in the absence of complete documentary corroboration of every claim element. UNHCR’s Beyond Proof: Credibility Assessment in EU Asylum Systems (2013) and the EASO Practical Guide on Credibility Assessment (2018, now EUAA) elaborate the credibility assessment framework across internal consistency, external consistency with country condition information, detail and specificity sufficiency, plausibility assessment, and corroborating documentary evidence quality dimensions that asylum adjudicators apply in credibility determinations.

AI changes the adversarial surface of credibility assessment in immigration and asylum documentation in two directions. First, AI credibility assessment tools that process asylum claim evidence images — country condition documents, persecution evidence photographs, identity documents — create an adversarial attack surface at the image ingestion boundary where an attacker can influence the AI’s credibility classification by adversarially manipulating the input image before the AI extracts the visual features it uses to form its credibility-relevant output. A genuine refugee whose authentic persecution evidence photographs are adversarially manipulated by a third party to suppress corroboration signals — altering the AI’s feature extraction to misclassify authentic evidence as inconsistent or implausible — faces a credibility finding adverse to their legitimate asylum claim. Second, an applicant submitting fraudulent asylum evidence can attempt to adversarially manipulate persecution document images to suppress the fabrication indicators that would otherwise cause AI document analysis to recommend a credibility challenge. The UNHCR benefit of the doubt standard is calibrated for human adjudicators operating without AI intermediary image analysis; introducing AI pre-processing of asylum evidence images without adversarial injection controls creates a credibility assessment pipeline that is both more consistent and more manipulable than the human adjudicator standard envisioned in the UNHCR framework. Glyphward pre-scan addresses the adversarial manipulation dimension by scanning asylum claim evidence images for injection payloads at the ingestion boundary before USCIS ELIS AI or LexisNexis immigration AI feature extraction and credibility classification, producing a scan_id audit record for each evidence image that documents the adversarial integrity of the credibility assessment input for USCIS asylum adjudication compliance.

How does NEC/Unisys CBP document AI process passport images — what is the injection vector?

NEC Corporation and Unisys CBP document AI perform biometric identity verification and travel document authenticity analysis at US Automated Passport Control (APC) kiosks, CBP officer workstations, and Global Entry enrollment stations at 300 or more US ports of entry processing over 1 million daily traveler screenings. The document processing pipeline captures passport biographic page scan images through optical document readers (ODR) integrated into APC kiosks and CBP officer workstations, extracts MRZ (machine-readable zone) data from the visual inspection zone (VIZ) and MRZ strip of the passport biographic page, performs biometric facial recognition matching between the live facial capture at the kiosk or workstation and the facial image stored in the passport chip or the CBP IDENT/DHS HART biometric identity database, and classifies the travel document as authentic or requiring referral based on AI analysis of the optical document scan image, MRZ data integrity, chip data consistency, and biometric match score.

The adversarial injection vector is the optical document reader scan image of the passport biographic page or visa sticker at the moment of submission to the CBP AI analysis pipeline. An adversarially prepared travel document — in which physical pixel-level perturbations have been applied to the security features, holographic overlay region, or MRZ checksum display area of the passport biographic page — generates a scan image that causes the NEC/Unisys CBP AI to misclassify the document as genuine when optical and MRZ analysis would otherwise flag the document for secondary inspection referral. This physical adversarial preparation differs from digital image manipulation post-capture: the adversary must prepare the physical travel document with pixel-level perturbations that survive the ODR scan capture process and produce adversarially effective image representations in the NEC/Unisys CBP AI processing pipeline. A complementary attack vector operates at the digital image submission layer in CBP officer workstation workflows where travel document scan images are submitted digitally from airline electronic check-in systems, pre-clearance airport systems, or border preclearance facilities — creating a digital pre-capture adversarial manipulation opportunity before the scan image reaches the NEC/Unisys CBP AI analysis pipeline. Glyphward’s threshold 50 for TRAVEL_DOCUMENT_AI is the lowest threshold in the immigration context precisely because NEC/Unisys CBP document AI operates at US port-of-entry border security boundaries where false negative consequences include undetected counterfeit passport admission and terrorism-related §1546 exposure with 25-year imprisonment dimensions.

Can Glyphward scan MRZ (machine-readable zone) document images?

Yes. MRZ scanning refers to the analysis of the machine-readable zone strip at the bottom of ICAO 9303-compliant travel document biographic pages — the two-line (TD3 passports) or three-line (TD1 ID cards) standardized alphanumeric data strips encoding surname, given names, document number, nationality, date of birth, sex, expiry date, and optional data, with check digit characters that provide a built-in integrity verification mechanism. Glyphward scans the document image submitted to immigration document AI pipelines for adversarial injection payloads at the pixel level before the downstream AI performs MRZ optical character recognition, check digit validation, and biometric chip data consistency verification. The Glyphward scan detects adversarial pixel perturbations that have been applied to the MRZ check digit display region, the MRZ alphanumeric character display region, or the biographic page security feature display region of a passport image — perturbations designed to cause the downstream CBP document AI’s MRZ integrity validation or biometric matching to misclassify a counterfeit or altered document as genuine.

Glyphward operates at the pre-AI ingestion layer: POST https://glyphward.com/v1/scan with the base64-encoded passport biographic page image, source: "travel_document_ai", and the CBP processing metadata. The Glyphward scan result includes a per-image scan_id and adversarial score that the CBP document processing workflow can use to gate MRZ OCR and biometric matching AI processing — blocking adversarially crafted travel document images before they reach the NEC/Unisys CBP AI MRZ validation and biometric identity matching pipeline. The flagged_region field in the Glyphward scan result identifies the image region with the highest adversarial perturbation concentration, which for MRZ injection attacks typically corresponds to the check digit region or the security feature overlay region of the passport biographic page image. Threshold 50 is appropriate for travel document AI at CBP ports of entry, as documented in the Python integration code above: it reflects 18 USC §1543 passport forgery 25-year imprisonment consequences and the national security criticality of border identity verification that makes even a low-probability adversarial manipulation detection miss unacceptable in high-volume international port-of-entry screening operations.

What threshold is appropriate for refugee travel document AI at US ports of entry?

Threshold 50 is the appropriate Glyphward adversarial injection detection threshold for refugee travel document AI at US ports of entry. This is the most conservative — lowest — threshold in the entire Glyphward immigration and asylum documentation context, and one of the lowest thresholds recommended anywhere in the product. The threshold rationale is a combination of five factors. First, consequence severity: 18 USC §1543 passport forgery carries a maximum imprisonment term of 25 years, and 18 USC §1546 fraud in immigration documents used in furtherance of terrorism carries a maximum imprisonment term of 25 years — the highest penalty levels in the immigration criminal framework and among the highest in any document fraud context. Second, irreversibility: a failed travel document authenticity detection at a CBP port of entry results in an inadmissible alien gaining entry to the United States, a consequence that cannot be reversed after admission occurs. Third, processing volume: NEC/Unisys CBP document AI screens over 1 million daily travelers at 300 or more US ports of entry, creating a processing context where even a small per-document false negative rate compounds to significant numbers of missed adversarial manipulation events per day. Fourth, refugee protection stakes: 1951 Refugee Convention Article 27 travel documents are issued to genuine refugees who may have no alternative travel documentation; adversarial manipulation of refugee travel document AI creates a dual risk of fraudulent refugee travel document holders gaining admission and genuine refugees being incorrectly flagged through manipulation of authentic refugee travel document images. Fifth, terrorism nexus: the 25-year §1546 terrorism enhancement is specifically applicable to travel document fraud contexts, and CBP port-of-entry biometric identity verification is a primary national security border control mechanism — making the adversarial injection threat model for travel document AI directly relevant to national security use cases where threshold conservatism is most warranted.