By Vladimir Tsakanyan, PhD · Center for Cyber Diplomacy and International Security · cybercenter.space
Seventy-three percent of organisations were directly affected by cyber-enabled fraud in 2025. AI-enhanced fraud is 4.5 times more profitable than traditional cybercrime. Sophisticated fraud increased by 180 percent in a single year. And despite all of this, the gap between what CEOs consider their primary cyber threat and what CISOs are defending against has never been wider. The threat has moved. The defence has not.
In January 2024, a finance employee at a major engineering firm received a video call invitation from what appeared to be the company’s chief financial officer, accompanied by several senior colleagues. The meeting appeared entirely normal. The CFO explained an urgent and confidential financial transaction. The colleagues provided supporting context. The employee, seeing familiar faces and hearing familiar voices, authorised a transfer of twenty-five million dollars.
Every participant in that call was a deepfake, assembled from publicly available conference footage and company communications. The CFO had not made any call. The colleagues had not participated in any meeting. The entire interaction — the faces, the voices, the conversational context — had been synthetically generated. The twenty-five million dollars was gone.
This single incident is not the story. It is the data point that marks the moment AI-enabled financial fraud crossed from theoretical risk into documented operational reality at scale. The story is what has happened since: two years of acceleration that the World Economic Forum, INTERPOL, the FBI, and every major financial intelligence body have now documented with precision and that has produced a risk landscape whose most consequential feature has not yet been absorbed by the governance architecture designed to address it.
The Displacement of Ransomware
The WEF Global Cybersecurity Outlook 2026 identified a priority displacement at the top of the enterprise threat hierarchy that represents the most significant shift in executive risk perception in several years: cyber-enabled fraud has overtaken ransomware as the primary concern for CEOs, with 73 percent of organisations reporting direct impact from fraud-related incidents in 2025.
This displacement reflects a material change in the threat environment, not merely a shift in public attention. AI-enhanced fraud is, by INTERPOL’s most recent Financial Fraud Threat Assessment, 4.5 times more profitable than traditional cybercrime methods. Sophisticated fraud increased by 180 percent in 2025. Deepfake fraud grew by more than 700 percent year-over-year by the FTC’s measurement. AI-generated phishing campaigns now achieve click-through rates more than four times higher than their human-crafted equivalents. Business email compromise losses exceeded three billion dollars annually in the most recent FBI measurement period, and the trend line is upward.
The geography of the fraud surge is not uniform. Sub-Saharan Africa leads all regions with 82 percent of respondents reporting exposure to digital scams. North America follows at 79 percent. The global reach of AI-enabled fraud — its capacity to operate across jurisdictions, languages, and institutional contexts simultaneously, at a cost structure that requires minimal technical investment per operation — has made it a threat that no economy and no sector has been positioned to absorb without significant impact.
Analyst note
The CEO-CISO disconnect that the WEF data reveals is analytically significant beyond its immediate implication for enterprise risk management. CEOs, who interact primarily with the financial, reputational, and operational consequences of threats, have identified fraud as the most consequential threat. CISOs, who are responsible for the technical defence against those threats, have remained primarily focused on ransomware — reflecting their professional formation, their tool sets, and the regulatory frameworks and insurance products that have been built around the ransomware threat profile. This disconnect is not a failure of communication between functions. It is evidence that the threat landscape has shifted faster than the defensive infrastructure, the governance frameworks, and the professional disciplines that have been built to manage it. The mismatch is a structural condition, not a coordination problem.
The Commoditisation of Fraud Capability
The most consequential structural change in the fraud threat landscape is not the sophistication of any individual attack. It is the commoditisation of sophisticated attack capability through Fraud-as-a-Service platforms that have reached a level of maturity that mirrors legitimate software-as-a-service business models.
Contemporary Fraud-as-a-Service operations offer affiliate programmes with revenue sharing, technical support, documentation, and service-level agreements for operational reliability. A criminal actor seeking to conduct a deepfake-enabled business email compromise campaign does not need the technical expertise to build the underlying AI capability. They need access to a FaaS platform that provides the synthetic voice cloning, the video deepfake generation, the target research tooling, and the payment infrastructure for extracting the proceeds. The barrier to entry for sophisticated AI-enabled fraud has fallen to the price of a FaaS subscription and the targeting research required to personalise an attack.
This commoditisation has two compounding effects on the fraud threat landscape. The first is volume: as the cost of executing a sophisticated fraud attempt falls, the number of attempts increases proportionally. AI systems can generate personalised phishing campaigns, synthetic identity documents, and deepfake audio at a scale that human criminal operations could not previously achieve. The second is quality: FaaS platforms compete on the sophistication of their outputs, driving continuous improvement in the realism of synthetic media, the personalisation of social engineering content, and the evasion of detection systems through adversarial techniques specifically designed to defeat the fraud detection tools that financial institutions deploy.
The detection evasion dimension has a specific and underexamined form: data poisoning. Criminal actors who have accessed the training data of AI-powered fraud detection systems can introduce deliberately mislabelled examples that corrupt the model’s ability to identify fraudulent patterns it has been trained to detect. A fraud detection system trained on poisoned data becomes progressively less effective against the specific fraud typologies that the poisoning was designed to conceal — a degradation that is difficult to detect through standard model monitoring and that has no analogue in the human-review fraud detection systems it has replaced.
The Architecture of AI-Enabled Financial Crime
The taxonomy of AI-enabled financial crime has expanded beyond the deepfake executive impersonation that the Arup incident made famous into a broader ecosystem of attack typologies, each exploiting a different dimension of AI capability.
Voice cloning attacks — in which a synthetic replica of a known individual’s voice is used to impersonate that individual in telephone or voice call contexts — have reached a quality threshold at which voice-based verification systems and human recognition are both unreliable detection mechanisms. A synthetic voice model trained on publicly available audio recordings of a senior executive can produce, in real time, conversational responses to prompts that were not anticipated in the training data — enabling interactive deception rather than merely pre-recorded impersonation. Vishing attacks using cloned voices can convince targets they are speaking with someone they know personally, turning the familiarity relationship itself into the attack vector.
Synthetic identity fraud deploys AI-generated identity documents — passports, driving licences, utility bills — alongside synthetic personal data and AI-generated facial photographs to create entirely fabricated identities that pass automated Know Your Customer verification systems. The combination of generative AI for document and image creation with data brokers’ ability to provide plausible personal history data has enabled the construction of synthetic identities with sufficient depth to pass the verification processes that financial institutions use for account opening, credit applications, and high-value transaction authorisation.
Hyper-personalised phishing — the generation of fraudulent communications calibrated to the specific knowledge, relationships, and concerns of individual targets — exploits the publicly available data that individuals and organisations share across professional networks, company websites, and social media to produce communications that bear none of the generic features that traditional phishing awareness training identifies. A phishing email written by an AI system that has analysed a target’s public professional communications, their organisation’s recent news, and the communication style of their known contacts is not detectable through the grammatical and logical inconsistency signals that have been the primary content-based detection heuristic.
Analyst note
The risk perception reversal documented in the WEF data — GenAI data leaks (34% of executive concern in 2026) now outranking adversarial AI capabilities (29%), a complete reversal from 2025 when adversarial AI topped the list at 47% — reflects the maturation of the fraud threat into operational experience rather than theoretical concern. In 2025, the primary worry was what AI-enabled attackers might be able to do. By 2026, the primary worry has shifted to what organisations are doing to themselves: the data their own AI systems are handling, sharing, and exposing. The shift reflects both the increasing reality of AI-enabled fraud as a documented operational experience and the increasing recognition of the data governance risks created by the rapid internal adoption of AI tools. Both concerns are well-founded. Their relative weighting in executive risk perception reflects which has been felt more directly by the organisations reporting.
The Insurance Architecture and Its Gaps
The governance gap created by AI-enabled fraud’s displacement of ransomware as the primary threat operates with particular acuity in the insurance architecture designed to provide financial resilience against cyber-related losses.
Cyber insurance policies were developed and priced around a ransomware-dominant threat model. Their coverage structures, sublimit architectures, and exclusion clauses were calibrated to the ransomware incident: malware deployment, data encryption, extortion demand, recovery and restoration costs. The evolution of AI-enabled fraud into the primary financial loss vector for many organisations has created a category of loss that sits at the intersection of cyber insurance and crime insurance — and that the coverage architecture of both products was not designed to manage cleanly.
A deepfake-enabled business email compromise incident may be covered under a social engineering endorsement in a cyber policy, a crime policy’s impersonation coverage, or not covered at all, depending on the specific policy language and the specific mechanism of the fraud. Claims teams, as the WEF assessment noted, are required to navigate social engineering terms, sublimits, and exclusions that were drafted before AI-enabled voice and video impersonation were operational realities — producing coverage disputes whose resolution is measured in months at precisely the moments when organisational liquidity pressure from a major fraud loss is most acute.
The gap between the fraud exposure that 73 percent of organisations experienced in 2025 and the insurance architecture that was designed before AI-enabled fraud reached its current operational scale represents one of the most significant and least publicised financial resilience failures in the current risk environment. It mirrors, in a different domain, the war exclusion gaps in cyber insurance that the 2026 incident record has documented: insurance products retreating from exactly the risk categories that have become most operationally relevant.
Defensive Architecture in an AI-Fraud Environment
The defensive architecture required to address AI-enabled fraud departs from the network and endpoint security frameworks that have defined enterprise cybersecurity practice for the past decade. AI-enabled fraud attacks the trust relationships and verification processes through which consequential decisions are made — and a defence that addresses network perimeters without addressing the integrity of the decision-making processes those networks support is a defence calibrated to a different threat model.
The most effective controls identified in current operational practice are verification architecture changes rather than technical security tools. Dual-approval financial controls — requiring two independent authorisations for transactions above defined thresholds — reduce the fraud potential of any single channel’s compromise. Out-of-band verification — confirming a financial instruction received through one channel through a different and independent channel before executing it — addresses the deepfake video call scenario by creating a verification step that the deepfake cannot replicate without also compromising the verification channel. Pre-shared code phrases — agreed between known parties before any interaction, functioning as a lightweight authentication mechanism for high-risk transactions — provide a verification layer that is effective regardless of how convincingly an attacker can replicate voice, appearance, or communication style.
Behavioural biometrics — the continuous monitoring of interaction patterns (typing rhythm, navigation behaviour, transaction timing) rather than static identity credentials — provides a fraud detection layer that is more resistant to synthetic identity construction than verification systems based on documents or static biometrics that can be replicated by generative AI. Real-time AI fraud detection calibrated to transactional patterns rather than identity verification provides detection capability against transaction-level fraud even when identity verification has been successfully circumvented.
The governance dimension of the defensive response requires equal attention. Organisations that have not updated their financial authorisation policies to reflect AI-enabled impersonation as a realistic threat vector are operating with approval processes whose trust assumptions were calibrated for a pre-deepfake environment. Employee awareness programmes that have not been updated to reflect the 700 percent growth in deepfake fraud and the specific typologies of AI-enabled social engineering are programmes whose training content does not correspond to the threat their participants will encounter.
The Regulatory and International Dimension
The regulatory response to AI-enabled financial crime is developing more slowly than the threat whose governance it is intended to provide. The EU AI Act’s high-risk category classifications address AI systems used in consequential decisions about individuals — credit assessments, employment decisions, biometric identification — but do not directly address the deployment of AI capabilities for fraud. The Great American Artificial Intelligence Act’s criminal penalty provisions cover AI-assisted financial crimes, but as a discussion draft whose enactment timeline is not established.
The INTERPOL response — the Global Financial Fraud Threat Assessment, the operational collaboration across member jurisdictions, the enhanced mechanisms for rapid financial intelligence sharing — represents the most developed international institutional response to the fraud threat. Its effectiveness is constrained by the same jurisdictional complexity that has historically limited international financial crime enforcement: the operations generating fraud losses in North America and Europe frequently operate from jurisdictions whose law enforcement cooperation with affected countries is limited, whose digital infrastructure enables the rapid movement of proceeds across multiple financial systems, and whose own domestic regulatory capacity for digital financial crime is less developed than in the countries bearing the fraud losses.
The combination of AI-enabled fraud’s global reach, its low operational cost structure, its commodity service delivery model, and the jurisdictional fragmentation of the enforcement response creates conditions in which the fraud economy can absorb enforcement actions against individual actors or platforms without material reduction in aggregate fraudulent activity. FaaS platforms that are disrupted migrate to alternative infrastructure. Criminal actors who are prosecuted are replaced by new affiliates. The commoditisation of capability means that any disruption of specific operators produces a rapid competitive response from the market structures that have developed around them.
Bottom Line Assessment
AI-enabled financial crime has become the defining cyber-economic threat of 2026 by the measure that matters most: direct organisational impact, at scale, across geographies and sectors, with a loss trajectory whose direction is upward and whose primary drivers — commoditised AI capability, Fraud-as-a-Service delivery models, and the systematic circumvention of detection architectures through data poisoning and adversarial techniques — are structural rather than contingent.
The CEO-CISO disconnect that the WEF data documents is a governance signal rather than a communication failure. It reflects the reality that the financial and reputational consequences of AI-enabled fraud have reached the visibility threshold of senior leadership before the technical defence and governance architecture designed to address those consequences has been updated to reflect the current threat model.
The defensive architecture for AI-enabled fraud — dual-approval processes, out-of-band verification, behavioural biometrics, real-time transactional monitoring — is available and documented. Its deployment at the scale the threat exposure warrants requires organisational policy updates, employee training revision, and insurance coverage reassessment that most organisations have not yet completed.
The AI-enhanced fraud capability that criminal actors and their FaaS platforms are deploying in 2026 was, two years ago, the exclusive province of well-resourced state actors and the most sophisticated criminal organisations. Its commoditisation into subscription-priced services available through dark web markets has produced a threat landscape in which every organisation with any digital financial exposure faces adversaries whose capabilities have increased by 700 percent in a single year and whose operational costs have fallen to near zero.
The governance architecture — regulatory, insurance, and operational — has not kept pace with that trajectory. Closing that gap is not a future consideration. It is a present requirement.
AI Fraud · Deepfakes · Business Email Compromise · Ransomware · CEO-CISO Gap · Fraud-as-a-Service · WEF · INTERPOL · Financial Crime · Cybersecurity Governance · Vladimir Tsakanyan
Leave a comment