Organizations have begun to cede ground in the fight against AI-driven fraud, in part because bad actors have the freedom to experiment with and deploy artificial intelligence without the regulatory or organizational constraints that govern legitimate institutions.
This allows cybercriminals to rapidly adopt frontier AI—cutting-edge models that stretch the technology’s capabilities in areas such as reasoning and coding. These emerging systems are not only more powerful, but they can also significantly reduce the time, expense, and skill required to perpetrate sophisticated fraud campaigns.
IBM recently highlighted this trend with the launch of an enhanced set of cybersecurity capabilities. As cybercriminal operations increasingly rely on autonomous agents, the company noted that fraud defenses must adopt a similar playbook.
To this end, IBM will launch two cybersecurity tools. The first is an assessment solution designed to evaluate an organization’s defenses for vulnerabilities to agentic threats and other security gaps. The second is an agentic service that deploys multiple AI agents to automate fraud detection, enforce organizational policies, and address any cybersecurity deficiencies.
A Pressing Need
Unfortunately, there is a pressing need for stronger fraud defenses. The FBI’s annual Internet Crime Report found that both fraud losses and complaints reached all-time highs last year. For the first time, the bureau also measured the impact of artificial intelligence on fraud, finding that AI-related threats accounted for 22,364 complaints and nearly $893 million in losses.
Equally concerning, data from the Association of Certified Fraud Examiners and SAS indicates that bad actors are increasing their use of AI across nearly every stage of their operations. In particular, the study found that AI’s ability to generate highly convincing images, audio, and video has contributed to a rise in deepfake scams.
Devastating if Weaponized
More concerning still, the ACFE/SAS report suggests that some bad actors are already experimenting with quantum-enhanced AI. Quantum computing represents a significant leap beyond conventional systems, and integrating AI with quantum architectures could hypothetically make these models far more efficient. While this evolution could transform many industries for the better, it could also be highly destructive if weaponized.
For example, Google researchers have conducted quantum computing experiments suggesting that more advanced systems could potentially break widely used cryptographic methods underlying cryptocurrency security—systems long considered rock solid—far more quickly than previously estimated.
If quantum computing can compromise digital asset safeguards, it could pose serious risks to the broader financial services industry.
“We’re close to where quantum computing is going to break encryption,” Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, told PaymentsJournal. “This goes back to the whole risk that we see with the way we’re securing data today. Data is tokenized or encrypted; card numbers are tokenized as they’re transmitted as this is a requirement for PCI compliance.”
“If quantum computing is able to break that encryption, then we’re ultimately sending card data in the clear and it’s setting us back 20 years,” she said. “Tokenization will mean nothing.”
Finding Inventive Implementations
These trends carry significant implications for the financial services sector, where banks and credit unions operate under strict regulation and a strong mandate to protect customers. As a result, many institutions have been cautious about adopting new technologies that could introduce additional risk.
While this caution is understandable, resistance to technological innovation has also created cybersecurity gaps. Addressing these vulnerabilities will require not only greater adoption of emerging technologies, but also a fundamental rethinking of cybersecurity strategies across the industry.
“Bad actors can adopt those technologies quickly, and they’re incredibly creative,” said Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, in a recent PaymentsJournal podcast. “I don’t want to give them applause for that, but they’re incredibly inventive in the way that they take risks to use new technology. It’s difficult for FIs to keep pace when it comes to the adoption of any innovation.”
“It’s no surprise that AI is a problem for criminal manipulation,” she said. “But we also know that it’s a huge asset for financial services that they could make great use of in terms of automating certain aspects of the customer experience. Or even the employee experience, for things that maybe used to be a manual review of transactions, or typical tasks that were completed during fraud investigations.”
