You're worried about the wrong AI threat
Subscribe to The Signal: FinServ
The industry is too focused on agentic commerce.
I get it. It feels like this is all anyone's talking about right now, so there's a lot of pressure to respond.
Our team gets asked about it a lot. But when we turn the question around and ask what teams are actually seeing, the answer is usually the same: "Well, nothing really yet.”
I do believe that agentic fraud will be a real problem at some point. But it hasn't taken off just yet.
What is taking off right now is AI-enabled fraud. It’s making fraud faster, more efficient, and more scalable than anything we've seen before.
How AI changed the economics of fraud
AI has sharpened old fraud vectors like social engineering and synthetic identities, and opened up new ones like deepfakes.
But the area where we're seeing the biggest impact right now is automation and scale.
Before AI, if you wanted to open a bunch of fake accounts on a platform, you had to do it yourself. One account at a time. Upload a fake document, a fake selfie, go through the whole onboarding flow manually. It worked, but you were limited by how fast you could move.
The Fraud-as-a-Service ecosystem changed some of that. Virtual device farms let fraudsters run multiple phones at once. App cloners let them run multiple instances of the same app on each device. Ten devices running ten cloned apps gives you a hundred instances in parallel. The infrastructure to run fraud at scale already existed.
But AI has turbo charged the automation level.
With coding agents, fraudsters can now write programs that handle account creation across all those instances faster and with far less technical skill than before.
It also helps fraudsters find new ways in. AI tools can be used to tamper with app code and discover vulnerabilities in operating systems that would have taken much longer to find manually. These tools become especially dangerous in the hands of experienced fraudsters who already know what they're looking for.
We’re seeing this happen now
60,000 accounts in two days
We recently saw a single fraudster create 60,000 accounts on a platform in just two days.
They were running the exact playbook I described above: device farm, app cloners, AI automating the account creation across all of them.
Uptick in integrity issues
We’ve built approximately 20 integrity-related data features in the last ~60 days, driven by our anomaly detection systems and direct customer feedback.
A lot of our customers are dealing with app integrity-related issues right now. The surge started a few months after AI coding tools went mainstream, and the timing is hard to ignore.
We can't attribute all of it directly to AI. But the pattern suggests fraudsters are using AI tools to surface vulnerabilities and build attacks that would have taken longer before.
These integrity attacks are much more common than agentic commerce threats at this point.
Fraudsters have a structural advantage
AI doesn't just help fraudsters work faster. It helps them outpace the industry's ability to respond.
Fraudsters have always had structural advantages that institutions don’t have. They collaborate openly, share tools freely, and face no regulatory constraints. They're all stealing from financial institutions, not from each other, and there's plenty of money to go around.
Organizations don't work like that.
Regulatory limitations, legal requirements, internal oversight. Every rule change needs approval. Every new model needs testing. Every threshold adjustment goes through a process.
By the time a fix is shipped, fraudsters may have already moved on.
This was already hard to keep up with before AI. Now it's a different problem entirely.
Better detection alone won’t solve this
And when institutions do respond, the gut reaction is usually the same: add more detection. More models, more rules, tighter thresholds.
But many of the signals these systems rely on are disposable. Device IDs reset in seconds. IP addresses get spoofed. You block one device and another appears before you've finished writing the rule.
It doesn't matter how good your detection is if the things you're detecting can be replaced faster than you can block them.
The one signal that AI can’t fake at scale
The physical world is the one thing AI can't fake at scale.
Every fraudulent account still requires a physical device sitting somewhere in the real world. That doesn't change no matter how good the automation gets.
AI can spoof digital signals all day. It can't move a physical device to a new location.
That's why identity has to be grounded in physical behavior, how someone actually moves through the world. Emulating that is extremely difficult for AI because physical movement patterns are unique to each person and too complex to fake convincingly at scale.
But to actually use the physical world as an identity signal, you need location data that's precise enough. GPS can't tell you which apartment someone is in within a high-rise building. IP addresses are only accurate to the state level. Both are easy to spoof.
Precise location intelligence solves this. It combines multiple signals to locate a device with enough accuracy to distinguish between two users in different apartments within the same building. I covered how this works in more detail in Edition 3.
So when a fraudster automates 60,000+ account creations, it doesn't matter how many times the device resets or the IP changes. All those accounts still trace back to the same physical location. Block that location and the operation shuts down.
Focus on the immediate threat
Agentic fraud will be a big problem at some point. But the AI threat that needs your attention right now is already here, and it's scaling fast.
How is AI-enabled fraud showing up on your platform? Reply and let me know. I'm also curious whether anyone is actually seeing real agentic fraud threats yet, or if it's still mostly hypothetical.
