The fraud problem just got an AI upgrade. So did your defense.

At the Chief Ethics & Compliance Officer Forum in Chicago this June, the conversation opened where these conversations usually open. AI is reshaping ethics and compliance programs: faster case triage, less manual data entry, shorter investigations. All true.

Then someone asked the harder question. What happens when the people trying to defraud your company start using the same tools you do?

The room got quieter. It is the right question, and most programs do not have a confident answer yet.

Fraud got a software upgrade

Fake invoices and fabricated receipts are not new. What changed is the effort required to make one: close to zero. A generative model produces a convincing supplier invoice, with a logo, payment terms, and realistic line items, in seconds, and the person submitting it needs no technical skill. Before 2024, faking a convincing invoice meant editing a PDF or stealing a template; tools like GPT-4o changed that economics so a single prompt now produces a polished document deepfake.

The volume goes up and the quality goes up at the same time. In ACFE survey data, 75% of anti-fraud professionals reported a slight-to-significant increase in generative AI document fraud over the prior two years. One screening provider estimates about 1 in 50 financial documents is now reused or AI-generated. The losses are real money: an FBI figure reported by the New York Times put damages from AI-linked cybercrime at $893 million in a single year.

For your program, this rarely arrives as a dramatic breach. It shows up inside ordinary work: an invoice in accounts payable, a receipt on an expense claim, supporting evidence in a conflict-of-interest declaration, a document in an open case. Each one looks routine. That is the point.

Why your current checks miss it

The old red flags are gone. Poor printing, odd fonts, and spelling mistakes used to be the tell. In 2026, AI removes those red flags, so fraud passes surface checks that rely on a quick visual scan. Metadata can be scrubbed, and even standard three-way matching can fall short when the fraud is an impersonation rather than just a fake file.

The real attack often lives in the identity and communication layer around the document: business email compromise, supplier impersonation, a spoofed request to change bank details. A fabricated invoice is easy to miss in isolation but easier to spot as one row in a larger dataset. The lesson: the test is not whether a document looks real. It is whether the transaction trail around it holds up.

Do not count on the fraudster's AI to refuse

There is a comforting idea going around: that the leading models now refuse to generate fraudulent documents, so the guardrails tighten on their own. It is half true, and the wrong half matters.

Frontier, closed models do refuse many of these requests. But that is not the whole market. A Financial Times investigation in May 2026 showed that the safety guardrails on widely used open-weight models can be stripped in minutes with a free tool, after which the models answer prompts they were built to refuse. Treat model refusal as a tailwind for defenders, not a control you can put in your risk register. Plan as if the fraudster's tools will cooperate with them.

The turn: AI verifies what AI creates

Here is the part that should change the mood in the room. AI created this problem, and it also detects it.

Verification now runs AI checks on incoming AI. Screening systems examine each document hundreds of ways, looking for the textures, structural patterns, editing artifacts, and reused templates that generators leave behind, and they keep learning as new methods appear. That is a scale and sensitivity no manual reviewer can match.

The organizations getting ahead are not the ones slowing AI adoption. They are the ones using AI to verify what lands in the inbox. Your team can screen every document that enters a workflow, not only the ones that happen to look off. That is the difference between hoping you caught the bad one and knowing you checked them all.

The second layer: controls on the inside, and a new seat at the table

Detection is half the job. The control environment is the other half. Agentic AI, systems that do not just analyze but act, sharpens the controls many programs already rely on: multi-factor authentication, behavioral anomaly detection, real-time access controls, and continuous monitoring of approval chains.

The same autonomy cuts both ways. PwC's Digital Trust Insights found organizations using autonomous security agents saw a 43% rise in unexpected AI-driven incidents in 2025, from over-permissioned agents to silent prompt manipulation. And approval workflows built for people do not automatically apply to agents. An employee filing an expense report goes through multi-step approval; that employee's AI agent, told to "manage my expenses," could submit, approve, and record a reimbursement on its own if it holds approver access. The fix is not to ban the agents. It is to govern them: least privilege, distinct agent identities so you can trace who did what, and a human as the final decision-maker on anything that moves money or changes access.

This is why the CISO now belongs in the ethics-and-compliance conversation, not as the person who says no, but as the one building the defensive layer. Analysts increasingly describe fraud, AML, and compliance as a single capability rather than a patchwork of separate tools and teams. If your security lead is not in the room when you review how documents and disclosures get verified, that is a gap worth closing this quarter.

What this means for your program

Most synthetic documents will never appear in a fraud dashboard. They arrive inside normal work, mixed into routine approvals and reports. Two things protect you, and they reinforce each other.

First, verification that assumes a document could be synthetic and checks the trail around it. Strong disclosure and approval workflows give your first line of defense somewhere to act. Second, a culture where the people who notice something off have an easy way to say so. A trusted anonymous reporting channel turns a quiet suspicion into a documented case before the money moves.

Technology screens the documents at scale. People still catch what a model was never trained to flag: the supplier no one recognizes, the approval that skipped a step. Bringing both together on one connected platform is the practical version of "doing right, made easy." Make the safe action the easy action, for the systems and the people both.

The question worth asking this quarter

The fraudsters have the tools. Volume is up, quality is up, and the skill barrier is gone. The window to close the gap between their capabilities and your verification process is shorter than it looks.

Your team can move faster than ever. So can the people trying to get past it. The question to put on the agenda is simple: has your verification kept pace with both?

Sources

1. Invoice Data Extraction, "AI-generated invoice fraud: detection and AP controls" (citing ACFE survey data)
2. Resistant AI, "Document fraud detection"
3. WebProNews, "Google's June 2026 fraud alert" (citing an FBI figure reported by The New York Times)
4. IoT For All, "AI-driven fraud detection: how to spot fake documents in 2026"
5. Akerman LLP, "Open-weight AI models: safety guardrails can be removed in minutes" (reporting a May 2026 Financial Times investigation)
6. Cyble, "CISO 3.0: the role of security leaders in 2026's agentic era" (citing PwC Digital Trust Insights)
7. Aona AI, "Agentic AI security risks: the 2026 CISO guide"
8. Security Boulevard, "From agentic attacks to real-time risk and regulatory asymmetry"
9. DeNexus, "AI agents in cybersecurity and cyber risk management: 5 trends for 2026"