Can Clothes Make You Invisible to Facial Recognition?

CYBER RISK DATA PRIVACY CYBERSECURITY OPERATIONS PHYSICAL SECURITY NEWS Can Clothes Make You Invisible to Facial Recognition? Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. Nate Nelson,Contributing Writer June 29, 2026 5 Min Read SOURCE: BILL SWEARINGEN VIA NORECOGNITION.ORG About 10 years ago, an app developer named Hoan Ton-That scraped your social media photos. You didn't know it at the time, but he added your photos to a database, and used it to build a facial recognition platform called "Clearview AI." Your face has been in his database ever since. In the years since, Clearview has only collected billions more photos, attracted investment from plutocrats, and been rewarded with multimillion-dollar contracts from law enforcement agencies across America like Immigration and Customs Enforcement (ICE). First in cautionary science fiction, and then in our timeline, facial recognition has almost always been trained and imposed on regular citizens without their consent. Clearview AI tacitly understood that, and today it's official US government policy. In an analysis of ICE's other facial recognition toy, "Fortify," the Department of Homeland Security (DHS) acknowledged that "ICE does not provide the opportunity for individuals to decline or consent to the collection and use of biometric data/photograph collection." Related:Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk "The surveillance state has overreached," says Bill Swearingen, aka @hevnsnt. "You never opted into this, and there's no way to opt out. That's why I'm trying to give power back to the people a little bit."  At Black Hat USA 2026 next month, Swearingen will debut his proposed solution for our totalitarian nightmare: clothing. Graphic hoodies, shirts, scarfs, etc., with patterns that demonstrably confuse or outright break current facial recognition artificial intelligence (AI). The Weak Point in Facial Recognition In the gestalt, facial recognition is an unseen fabric pervading all public spaces. The first step in beating it is making it a smaller, knowable thing. Any given facial recognition flow can be simplified into a handful of straightforward steps: Image capture (the camera feed) Human body detection Face identification Feature extraction — converting the visual feed into data for… A matching engine, running on a back-end database If any of these steps are corrupted, the whole system just doesn't work. So, as a hacker, what is the weak link? If you're dealing with just one camera, it's step one. Stick a piece of tape over the lens. Hackers can attack step five. Since Swearingen is limited by the law, and there isn't enough tape to go around, his clothing primarily focuses on steps two. There's a weakness built into step two: it's often executed on cameras themselves, not their heftier back-end servers. That means the neural networks have to prioritize real-time speed at some cost to accuracy, and they're limited by a camera's hardware. So they're a little dumb — less Claude than Siri. Related:More Malicious OpenClaw Skills Threaten AI Supply Chain Now, instead of an immeasurable concept of facial recognition in general, the opponents are relatively basic neural networks. How Clothes Can Fool AI A facial recognition algorithm is just a parser, Swearingen says, "so as an attacker, if I can get control of the input that's going into that parser, then maybe I can control the output." Swearingen conducted his experiment by extracting 11 AI models from actual hardware. In situations where he wasn't able to get his hands on the equipment, like with Clearview, he improvised. "I'm reading SBOMs and just kind of reading between the lines," he says. "I can estimate what they're using and how they're using it. Then I'm basically virtualizing a camera inside of my GPUs and testing against it." With his own copies of the models, Swearingen started testing different clothing designs: t-shirts with a bunch of faces printed on them, scarves with malicious code or swear words. The text inputs had no effect. The faces did, but they introduced a different problem: Who wants to wear a shirt with 40 faces on it? The happy middle, in the end, was shirts and sweatshirts with geometric patterns: noisy graphic designs that might be confused for digital noise or psychedelic art. Related:SocGholish Takedown Highlights Malicious TDS Threats It works, Swearingen says, because while each model is different, "fundamentally their network has learned thousands of tiny pattern-detectors for edges, textures, and the basic layout of eyes, nose, and mouth, and it stacks those together to make a decision very quickly. The line between 'person' and 'not a person' can be crossed by tiny changes to an image that a human might never notice. That is why a high-frequency pattern can be so effective." Put another way, he is doing for the body what computer vision dazzle (CV dazzle) does for the face. CV dazzle is makeup that obscures the distinguishing marks of a face, in effect reducing an algorithm's ability to make out that it's looking at a face. Swearingen's clothes might obscure the contours of a body, or introduce otherwise confusing data that reduces a model's confidence that it's looking at a person at all. Down the line, Swearingen also hopes to have hacks for the actual facial recognition part of facial recognition, not just the body part. It'll inevitably involve garments closer to the face: hoods, tall collars, etc. His aim, he says, is that "some of these patterns are encoding a different identity, and worn up near the face they make the system match the wearer to someone else instead of just losing them." Does Anti-Surveillance Clothing Actually Work? Over time, Swearingen has been testing and iterating on the best designs that come out of the experiments. "I generate a pattern, run it past every model, and measure exactly how much each model's confidence drops (or how far a face's identity moves). The patterns that work best get kept and refined, the ones that do not get thrown out, and the system tries again. Over millions of rounds, that search is finding designs that reliably cause detection failures across multiple models," he explains. The models aren't uniform, so there's no hard and fast rule for creating patterns that confuse the AI universally. That limits Swearingen experiments to trial and error, and, to some degree, it limits his own understanding of why his patterns work. He will also face practical limitations in turning his experiment into a business. A two-dimensional image of clothing, tested against a virtualized camera, could well yield different results than real fabric in a physical environment. And though from a privacy standpoint his value proposition is compelling, the designs themselves won't meet everyone's definition of style. Then there's the reality that for any hack, there's a mitigation. "If I were to sell a thousand t-shirts that are exactly the same, they would work exactly the same for all those people, until the model upgraded," Swearingen admits. "And then I could release another pattern that would do the same thing." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media. He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify. He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The State of Cloud Security: The Latest Challenges The total economic impact™ of Snyk How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Access More Research Webinars Practical Zero Trust Implementation on a Budget in the Age of Mythos Building a Risk Based Vulnerability Management Program Threat Hunting That Gets Big Results Despite Small Budgets Say Yes to AI: Securing Innovation Without Compromise Zero Trust Identity: Beyond Traditional Authentication More Webinars Editor's Choice CYBERSECURITY OPERATIONS Do CISOs Need a Code of Ethics? byDark Reading Editorial Team JUN 24, 2026 CYBERSECURITY OPERATIONS 2026 FIFA World Cup Faces Surge in Cyber Threats byAlexander Culafi JUN 24, 2026 3 MIN READ CYBERSECURITY OPERATIONS EU Gets a Head Start in Developing 6G Network Security byNate Nelson JUN 18, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE AUG 1-6 | MANDALAY BAY, LAS VEGAS USE CODE: DARKREADING & SAVE $200 ON A BRIEFINGS PASS OR $100 ON A BUSINESS PASS The premier cybersecurity event returns. GET YOUR PASS