AI Wrote the Perfect Scam and Now Fights It

By  |  May 4, 2026
 | 
AI-scams-cybersecurity-fraud

Internet crime losses hit $20.9 billion in 2025, the FBI reported. Most of the damage didn’t come from malware or data breaches. It came from emails, calls and profiles that simply looked right.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The Attack Got Cheaper

    Artificial intelligence has lowered the cost of running a convincing fraud campaign to near zero. Automated tools let criminals generate personalized phishing messages, impersonate executives, localize content for any market and run multiple schemes in parallel without specialist skills. The FBI’s Internet Crime Complaint Center received 22,364 complaints referencing AI in 2025, the first year the agency tracked AI-related crimes as a separate category, PYMNTS reported in April. Total internet crime losses reached $20.9 billion, up from $16.6 billion the year before.

    The most damaging attacks didn’t rely on technical exploits. They relied on persuasion. AI-powered impersonation attacks blended into normal business operations, looking right enough to approve invoices, reset credentials and reroute shipments, according to PYMNTS. Attackers didn’t breach enterprises directly. They compromised a vendor first, then used that trust relationship to walk in.

    The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that 38% of invoice fraud cases and 43% of phishing attacks in 2025 stemmed from compromised vendors. AI-assisted reconnaissance compressed attack cycles from weeks to hours.

    Cyber-enabled fraud overtook ransomware as the top concern for CEOs heading into 2026, according to the World Economic Forum, drawing on chief information security officers and public-sector leaders across 92 countries. The organization found that 73% of CEOs said they or someone in their network was personally affected by fraud in 2025. Ransomware, which topped CEO concerns the year before, dropped out of the top three entirely.

    The Defense Responds in Kind

    A white paper published by the WEF this month revealed that 77% of organizations reported using AI in cybersecurity, and 88% of security teams said it delivers time savings and greater capacity for proactive defense. Organizations using AI extensively in security shortened breach times by approximately 80 days and cut average breach costs by $1.9 million.

    Advertisement: Scroll to Continue

    The operational results were documented across industries. IBM’s agentic AI system ATOM automates more than 850 analyst hours per month and reduced investigation time by 37%, the white paper found.

    At Accenture, an AI agent cut site analysis time from 15 minutes to less than one minute across 100,000 internet-facing properties, a 93% reduction in manual effort, per the paper. PETRONAS achieved a 30% to 40% reduction in incident response times within three months of deploying AI into its security operations center.

    The paper found that 52% of organizations use AI for phishing detection, 46% for intrusion and anomaly detection and 40% for user behavior analytics. Meanwhile, 88% of enterprises are actively investing in AI agents, and 92% of technology executives said AI agent management will be a non-negotiable skill for the cybersecurity workforce within five years.

    The Gap That Widens

    Deployment is closely tied to organizational size and resources. Larger enterprises deploy more, deeper and faster. The WEF’s white paper revealed that 54% of organizations cited talent shortages as the primary barrier to broader AI adoption in security. It also showed that 76% of security professionals reported exhaustion in 2025, 55% of teams were understaffed and 53% were underfunded.

    Outside Europe and North America, more than half of CEOs admitted to lacking the skills to meet current cybersecurity goals, the WEF found.

    The identity layer is where much of the pressure lands. Attackers are now deploying fake faces, synthetic voices and mimicked behavioral signals simultaneously across multiple checkpoints in a single flow, PYMNTS reported in March. Security stacks built as disconnected layers, one vendor for document verification, another for bot detection, another for behavioral analytics, struggle to respond coherently when adversaries operate across all of them at once.

    “Fraud will look to exploit the gaps between onboarding, login and transaction monitoring,” Trulioo Chief Product Officer Zac Cohen told PYMNTS.

    Capital is moving to close it. In April, ServiceNow completed its acquisition of cyber risk management firm Armis for approximately $7.75 billion.

    For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.


    Recommended

    AI-scams-cybersecurity-fraud

    AI Wrote the Perfect Scam and Now Fights It

    figures moving into machine

    Product Search Dominates as 31% Use AI for Links

    customer service, AI, Sierra

    OpenAI Veteran Raises $950 Million for AI Customer Service Agents

    tokenization on stock chart

    DTCC Targets October Launch for Tokenization Service

    See More In: , , , , , ,