This French AI Can Copy Your House Key From a 2-Second Phone Photo, And That Has Security Experts Nervous

A French startup says it can identify a mechanical key from a couple of smartphone photos, then trigger a duplicate to be made and shipped without you ever handing over the original.

It’s the kind of friction-free convenience Americans have come to expect from apps. But it also targets one of the most sensitive objects most people carry: the thing that opens a home, an apartment building, a storage unit, or sometimes a car. That collision of maximum convenience and maximum perceived risk is why the technology is drawing fresh scrutiny heading into 2026.

An AI trained on 15,000 key types aims to turn duplication into a phone-based errand

The company, called SecurClés, is pitching a simple workflow: keep your key in your pocket, snap front-and-back photos in its app, confirm the match, pay, and wait for delivery. The firm says it can ship across mainland France and the island of Corsica, an approach that mirrors how Americans order everything from prescriptions to groceries, but applied to physical access.

The technical hook is computer vision and deep learning, tools that can pick out tiny differences in a key’s head shape, blade geometry, tooth spacing, and manufacturer markings. SecurClés and similar players argue that’s necessary because the market is sprawling: they put the universe of mechanical key models at more than 15,000.

In practice, the app compares user photos against a database of known models. Once it identifies the type, a matching blank can be cut and shipped. The company’s bet is that the smartphone can replace the old routine, drive to a hardware store, hand over the key, wait at the counter, by turning the key into a visual “pattern” the system can recognize.

Convenience is the selling point, until you ask who gets to order a copy

SecurClés frames the service as a time-saver and a backup plan: replace a lost spare, manage keys for a family or roommates, or help a property manager duplicate sets without “immobilizing” the original. That’s a real pain point in any country where rentals, short-term stays, and multi-tenant buildings are common.

But making duplication easier also makes it more tempting, and potentially easier to abuse. The central question quickly becomes less about whether the AI can recognize a key and more about what stops the wrong person from ordering one.

How reliable is “key recognition” from photos?

Key recognition isn’t as straightforward as it sounds. Many keys look nearly identical at a glance, and the differences that matter can be subtle. SecurClés and others say they’ve tested their systems with thousands of photos taken under messy real-world conditions, bad lighting, odd angles, worn key heads, to reduce misidentification.

Still, the limitations are obvious: the AI is only as good as the images it receives. A French cybersecurity specialist quoted in the original reporting summed it up bluntly: if the photo is poor, the chance of an error goes up. And for customers, the outcome is binary, either the key opens the lock or it doesn’t.

Some services also claim they can infer cutting depth to produce a faithful duplicate, which raises the stakes. Translating a 2D image into precise measurements is where convenience starts to brush up against the realities of manufacturing tolerances, and the security implications of getting it right.

Restricted keys and building fobs complicate the “copy it from your phone” promise

The key business has changed dramatically since the 1990s. Many buildings now rely on restricted or patented key systems designed to limit duplication, and apartment complexes increasingly use electronic badges or fobs for entry to lobbies, bike rooms, garages, and shared spaces.

SecurClés says it can handle some of those scenarios, including keys tied to “property cards” (proof-of-authorization cards used in parts of Europe) and certain building access badges. The company also emphasizes manufacturing through official channels, describing production via the original manufacturer’s factory as a way to ensure compatibility and compliance.

That claim is meant to reassure customers that this isn’t a shady back-alley copy. But it also highlights the tension: traditional duplication often includes an informal human checkpoint at a counter. When the transaction moves online, any “filter” has to be procedural and technical, and critics argue that filter needs to be stronger, not weaker, as the process gets easier.

Car keys aren’t just cut, they’re paired, and that adds a barrier

Modern car keys are typically electronic, meaning a physical cut is only part of the job. Many require programming or pairing with the vehicle. For that segment, SecurClés reportedly uses partner garages to complete activation, so the phone can start the process, but a final in-person step remains.

That hybrid model is a reminder that not everything can be fully digitized. It also adds a layer of security: a physical location, a professional, and equipment that can serve as a checkpoint. The tradeoff is customer expectations, people may assume “100% remote,” then discover there’s still a required visit.

The biggest debate: anonymity vs. accountability

SecurClés says its process is designed to be “secure” and “anonymous,” claiming it doesn’t require identity details like a name, address, or phone number, and that delivery can be anonymized. The pitch is privacy: if a customer database is breached, it shouldn’t become a roadmap of who has access to which doors.

But anonymity cuts both ways. Security professionals warn that the less a service knows about who placed an order, the harder it becomes to investigate misuse. And anonymity doesn’t solve the most basic threat model: someone who briefly gets access to your key, long enough to photograph it, may be able to order a duplicate.

The broader issue goes beyond one app. It’s what happens when a traditionally hands-on, locally controlled service becomes a digital pipeline. If AI-driven key duplication takes off, pressure will grow for clearer rules on verification, audit trails, and what protections exist for restricted keys, building access systems, and high-value targets like vehicles.