AI Catches Fraud While Creating It

Consumers lost more than $12.5 billion to fraud in 2024, according to FTC data cited in Experian's 2026 Future of Fraud Forecast. In the same period, nearly 60% of companies reported that their fraud losses increased year over year.

The agentic AI problem hitting financial services in 2026

The core finding in Experian's forecast is what they call machine-to-machine mayhem. Agentic AI systems, the kind banks are deploying to transact automatically on behalf of customers, are becoming indistinguishable from the bots fraudsters use to do the exact same thing. The system designed to defend you looks identical to the system designed to rob you. That is not a bug in deployment, it is a structural feature of the technology.

Experian says its fraud prevention tools helped clients avoid an estimated $19 billion in fraud losses globally in 2025. That number is impressive. It also tells you how much of the defense layer now depends entirely on AI keeping pace with AI-powered attacks. The moment one side gets a better model, the math shifts.

This is not a future scenario. It is the current operating condition for any financial institution running automated decisioning. The attack surface expanded the moment the industry automated customer-facing transactions. Fraudsters did not create this problem. The institutions did, by moving faster than their governance could follow.

Why AI fraud detection creates a confidence problem for legitimate users

The part of this that gets less attention is the collateral damage. When a fraud detection model flags a legitimate transaction, a real customer gets blocked, delayed, or asked to reverify. Do that enough times and you train your best customers to expect friction. Some of them leave.

Financial institutions are now caught between two failure modes. Too permissive and fraud gets through. Too aggressive and you reject real customers at scale. The Experian data puts a number on the fraud side, $12.5 billion lost by consumers. Nobody is publishing equally clean numbers on how much revenue financial institutions lose to false positives, but anyone who works close to these systems knows it is significant.

The EU AI Act is starting to formalize what responsible AI deployment looks like in high-stakes contexts like credit and fraud detection. That adds a compliance layer on top of an already complicated technical problem. Institutions now have to document model decisions, demonstrate fairness, and show that automated systems are not discriminating. Governance that used to be optional is becoming mandatory, and most organizations are not ready for that.

What business owners outside financial services should take from this

If you run an e-commerce store or a small business that processes payments, you are not insulated from this. The fraud tooling trickling down from financial services is the same tooling that will start appearing in payment processors, Shopify plugins, and buy-now-pay-later integrations. Stripe already uses ML models to flag suspicious transactions. So does PayPal. The machine-to-machine problem Experian describes at the enterprise level will arrive at the small business level on a slight delay.

The practical implication is straightforward. If you are building automations that touch payments, customer accounts, or any verification flow, you need to think about what those automations look like to a fraud detection model. An n8n workflow that processes bulk orders, updates customer records, or hits an API repeatedly at regular intervals can pattern-match as bot behavior. It probably will not get flagged today. It might in two years when the models get tighter. Building with that in mind now is cheaper than retrofitting later.

The other thing worth noting is that fraud defense at every level is becoming an AI procurement decision as much as a security decision. The quality of the model you use, or that your payment processor uses on your behalf, determines your exposure. That is a vendor relationship question, not just a technical one.

Experian is in an interesting position here. They sell fraud prevention and they publish the forecast warning about the problem. The conflict of interest is obvious, but the data is real. $12.5 billion in consumer losses is not a number they manufactured to sell software. The underlying dynamic, AI enabling fraud at the same speed it prevents it, is something anyone building automated systems is going to have to sit with.