Financial institutions are deploying the same AI tools that fraudsters are weaponising against them, creating a machine-versus-machine escalation that the industry is not yet prepared to govern.
Consumer fraud losses in the United States surpassed $12.5 billion in 2024, according to Federal Trade Commission data, and nearly 60 percent of companies reported those losses climbing further into 2025. Experian, which helped clients avoid an estimated $19 billion in global fraud losses last year through its own detection systems, has laid out a troubling trajectory in its 2026 Future of Fraud Forecast. The core tension is straightforward: the artificial intelligence capabilities that banks and fintechs are racing to adopt are the same capabilities making fraud more scalable, more convincing, and harder to trace.
What makes this cycle different from previous waves of financial crime is the autonomy involved. Agentic AI systems, designed to make independent decisions and execute transactions without direct human oversight, are entering mainstream commerce. Financial institutions want these agents handling customer service, processing loan applications, and managing routine transactions at speed. But fraudsters are deploying their own autonomous agents for the same reasons, running high-volume digital fraud operations that no human team could sustain manually. Experian describes this dynamic as machine-to-machine mayhem, and it raises a question the industry has not answered: when an autonomous AI agent initiates a transaction that turns out to be fraudulent, who bears the liability?
The distinction between a legitimate AI agent acting on behalf of a customer and a fraudulent bot executing a scam is becoming vanishingly thin. Both operate at machine speed. Both interact with financial infrastructure through APIs and digital interfaces. Neither carries the identifiable behavioural signatures that traditional fraud detection relies on. Kathleen Peters, chief innovation officer for Fraud and Identity at Experian North America, noted that technology is accelerating the evolution of fraud in ways that make it more sophisticated and harder to detect, and that businesses need to combine differentiated data with advanced analytics to stay ahead. The practical reality is that defence now depends on AI systems that can match the speed and autonomy of the attacks themselves.
Some major platforms are already drawing hard lines. Amazon has stated it blocks third-party AI agents from browsing and transacting on its platform, citing security and privacy concerns. That pre-emptive stance signals a broader tension that will intensify in 2026: the tension between enabling innovation and maintaining control over who, or what, is interacting with your systems.
Beyond autonomous agents
Experian's forecast identifies several additional threats that are moving from theoretical to operational. Deepfake candidates are infiltrating remote workforces. Generative AI tools can now produce tailored CVs and real-time deepfake video convincing enough to pass job interviews. The FBI and Department of Justice issued multiple warnings in 2025 about documented instances of North Korean operatives using exactly this approach to gain employment at US companies, granting bad actors access to internal corporate systems from the inside.
Website cloning has also evolved. AI tools make it faster and cheaper to create convincing replicas of legitimate financial sites, and those spoofed domains keep resurfacing even after takedown requests are actioned, trapping fraud teams in reactive loops. Separately, generative AI is enabling emotionally intelligent scam bots that can conduct complex romance fraud and impersonation scams over extended periods without any human operator involved. These bots respond convincingly, build trust, and are increasingly difficult to distinguish from genuine human interaction.
The connected home presents another growing attack surface. Virtual assistants, smart locks, and connected appliances are creating new entry points for fraudsters to harvest personal data and monitor household activity, precisely as these devices become more intertwined with everyday financial behaviour.
What this means for startups and incumbents
For startups building in fraud detection, identity verification, and cybersecurity, this landscape is both an opportunity and a responsibility. The market for AI-driven fraud prevention is expanding rapidly, but the solutions being built need to account for adversaries who have access to the same foundational models and tools. Competitive advantage will not come from having better AI alone; it will come from proprietary data assets, layered detection strategies, and the ability to operate at the same speed as autonomous threats.
For financial institutions, the governance gap is the most immediate concern. Liability frameworks for agentic AI transactions do not yet exist in any meaningful regulatory form. Experian predicts that 2026 will force substantive industry conversations around this issue, but companies that wait for regulatory clarity before acting will be exposed. The institutions that start stress-testing their AI governance frameworks now, building clear ownership structures for autonomous transactions, and investing in detection systems that can identify machine-to-machine fraud in real time will be the ones that weather this shift. The ones that treat agentic AI as purely an efficiency gain will find out quickly that it is also a liability multiplier.
