TL;DR: At the RSA Conference 2026 (March 23-26, San Francisco), ESET cybersecurity advisor Jake Moore paired Meta Ray-Ban smart glasses with Corsight's commercial facial recognition system and identified people around him in real time. Names, social media profiles, personal details, all returned in seconds. He didn't hack anything. He used the hardware and software exactly as designed. In the same session, he also opened a real bank account using an AI-generated face and walked past a London train station's watchlist system undetected using face-swap software. His conclusion: "Seeing is no longer believing." Meanwhile, Meta blew past the April 6 deadline to answer three U.S. senators about its own facial recognition plans for these exact glasses. Four days of silence and counting.
The Demo That Proved Everyone Right
Jake Moore has spent 14 years in UK police digital forensics and cybercrime. Now he works as a global cybersecurity advisor for ESET. During RSAC 2026 at the Moscone Center in San Francisco, he stood in front of a packed room and did something that should terrify you.[1]
He put on a pair of Meta Ray-Ban smart glasses (the same ones you can buy for $299) and walked around. A colleague ran Corsight, a commercial facial recognition platform, on the other end. As Moore moved through the space, the system fed information back to him in real time: names, profiles, details about the people around him.[2]
Nobody he identified had agreed to be identified. Nobody knew it was happening.
The session was called "Facing Reality: Hacking Facial Recognition." But here's what makes it worse: Moore didn't hack anything. He used consumer hardware and enterprise software exactly as they're designed to work.[3]
"The market has adopted facial recognition technology a little bit too early."
That's underselling it. The market hasn't just adopted it too early. It's deployed it without guardrails, sold it without restrictions, and left the public to figure out they've lost their anonymity by reading the news.
Three Experiments. Three Failures.
Moore ran three distinct demonstrations, each targeting a different assumption about how facial recognition keeps us safe.[1][3]
Experiment 1: The Smart Glasses
Meta Ray-Bans + Corsight = real-time identification of strangers. Moore first used PimEyes, a facial search engine, to locate a lawyer friend's images online. Then he paired the glasses with Corsight's commercial system. The result: anyone wearing these glasses can identify people around them without their knowledge or consent.
The glasses don't look like surveillance equipment. They look like sunglasses. That's the point.
Experiment 2: The Fake Face
Moore created a completely fictitious face using AI image generation tools, all freely available online. He doctored an ID, injected AI-generated video to beat the bank's biometric liveness checks, and successfully opened a real bank account through the institution's facial recognition and eKYC onboarding system.[3]
He closed the account immediately and disclosed the vulnerability. But the question stands: how many banks can't tell the difference between a real person and a generated face?
Experiment 3: The Invisible Man
For this one, Moore worked with security at London's Waterloo Station. He added himself to the station's facial recognition watchlist, then walked through the monitored area while running face-swap software that overlaid a celebrity's face onto his own in real time.[1]
The system identified him as Tom Cruise.
Moore walked right past the cameras. The system that was specifically looking for him (on a watchlist it managed) failed to flag him.
"It is assumed that the camera feed is real. Systems trust what they see on the screen, and so does the software."
Meta's Four Days of Silence
While Moore was demonstrating how easily Meta's glasses can be weaponized for surveillance, Meta itself was busy ignoring Congress.
On March 5, 2026, Senators Ed Markey, Ron Wyden, and Jeff Merkley sent Meta CEO Mark Zuckerberg a letter demanding answers about facial recognition plans for Ray-Ban smart glasses. They gave Meta until April 6 to respond.[4]
April 6 came and went. As of April 10, Meta hasn't answered. No public response. No acknowledgment. Nothing.[5]
The senators asked straightforward questions:
- Is Meta actually building facial recognition into these glasses?
- Can users request deletion of their biometric data?
- What safeguards exist for people who are identified without consent?
- How will Meta prevent misuse by law enforcement?
Meta's silence is the answer. They can't defend what they're building, so they're not going to try.
The Leaked Memo Explains the Silence
In February 2026, the New York Times reported on an internal Meta memo about the facial recognition feature, internally called "Name Tag." The memo outlined a deliberate strategy: launch during what it called a "dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns."[6]
Translation: roll it out while everyone's distracted. Hope nobody notices.
64 civil society organizations noticed. They sent a joint letter calling Meta's facial recognition plan "dangerous and reckless."[7] The senators noticed. The EFF published a piece titled "Think Twice Before Buying Meta's Ray-Bans."
Meta's response to all of it has been silence.
It's Not Just Hackers.
Moore's demo showed what a curious security researcher can do with $299 glasses and off-the-shelf software. But it's not just researchers using these things.
The "Name Tag" feature doesn't require the glasses to be actively recording to identify people. The AI processes the visual feed continuously. You won't know you've been identified because there's nothing to see: no red light, no shutter sound, no indication whatsoever.
And Moore's RSAC demo just proved that even without Meta's official feature, anyone can build this capability today with existing tools.
The Facial Recognition Paradox
Moore's three experiments revealed something disturbing about the current state of facial recognition: it works too well for surveillance and too poorly for security.
Think about that.
Anyone with $299 glasses can identify strangers in public: facial recognition works for surveillance. But a watchlist system at a major train station can be beaten with face-swap software, so facial recognition fails for security. A bank can't tell a generated face from a real one, so facial recognition fails for identity verification.
The technology is being deployed in law enforcement, banking, border control, and airport security based on the assumption that it's reliable. Moore just demonstrated it isn't. But it's plenty reliable enough to identify you walking down the street.[1]
"Seeing is no longer believing, and identity systems must evolve fast."
His recommendation: multi-signal verification combining device trust, location, behavior, and hardware-backed credentials. Stop relying on cameras alone. Because cameras can be fooled, and they can also be weaponized.
What You Can Do
Scrub Your Face From Search Engines
Moore used PimEyes to find his target's photos. Opt out of PimEyes. Check Clearview AI's opt-out (if you're in a supported jurisdiction). Remove tagged photos from public social media profiles. The less your face is indexed, the harder real-time identification becomes.
Lock Down Social Media
Make profile photos private or use non-facial images. Disable facial recognition tagging on Facebook (Settings → Face Recognition → Off). Review who can see your photos and posts. These databases feed the systems Moore demonstrated.
Push for Smart Glasses Regulation
Contact your representatives. Support bills like the ICE Out of Our Faces Act and state-level facial recognition bans. The technology is legal in most jurisdictions because nobody has banned it yet.
Assume You're Being Identified
Moore's demo used off-the-shelf hardware anyone can buy. You won't know when someone wearing smart glasses is identifying you. In public spaces, act on the assumption that anonymity is gone. Protect sensitive activities (protests, medical visits, legal consultations) by leaving phones and recognizable patterns behind.
References
- Biometric Update - Cybersecurity pro demonstrates IAD importance for facial recognition at RSAC 2026 (April 2026)
- Yahoo Tech - RSAC 2026 Recap: Chatbots, Deepfakes, and Smart Glasses Highlight a Security World on Edge (April 2026)
- ID Tech - RSAC Talk Showed Working Exploits Against Live Facial Recognition Systems (April 2026)
- Senator Markey - Markey, Wyden, Merkley Demand Transparency from Meta on Facial Recognition in Smart Glasses (March 2026)
- Gizmodo - Calls to Regulate Smart Glasses Are Officially Deafening (April 2026)
- Futurism - Meta Adding Facial Recognition Hoping Public Is Too Distracted (February 2026)
- State of Surveillance - 64 Groups Oppose Meta Smart Glasses Facial Recognition (March 2026)
Published: April 10, 2026