AI-Enabled Financial Fraud and the Shift to Network Intelligence Defenses
Threat actors are increasingly using generative AI to industrialize crypto-enabled fraud, turning scams into high-volume, rapidly iterated campaigns that leverage automation, personalization, and synthetic identities. TRM Labs reported illicit crypto transaction volume of $158B in 2025 (up ~145% YoY) and estimated ~$30B in scam-related activity, noting an observed ~500% increase in AI-enabled scam activity over the past year; cited tactics include AI-assisted phishing/impersonation and automation that can accelerate laundering workflows. Despite the speed and scale gains for criminals, TRM emphasized that blockchain transparency still provides defenders an advantage because on-chain activity remains observable for clustering, anomaly detection, and forensic investigation when paired with defensive analytics.
Financial institutions are also adjusting fraud detection strategies to better address cross-entity, fast-moving fraud—especially in instant payments, where decision windows can be seconds. BankInfoSecurity described a shift from single-institution anomaly detection toward shared network intelligence that correlates relationships among accounts, devices, and identities across organizations to identify mule networks and risky counterparties that may appear “new” at one bank but are already flagged elsewhere. The approach is positioned as a new detection surface that complements machine learning by focusing on connections and ecosystem visibility, reducing attackers’ ability to exploit intelligence gaps between institutions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Banks increasingly shift toward cross-institution 'network intelligence' for fraud defense
Industry experts describe banks and fraud teams as moving beyond institution-specific anomaly detection toward shared, cross-bank network intelligence that links risky accounts, devices, identities, and counterparties. The shift is driven in part by instant payments, which compress fraud decision windows and make pre-built shared risk histories more valuable.
TRM reports AI-enabled scam activity rose about 500% over the past year
TRM Labs reports an approximately 500% increase in AI-enabled scam activity over the prior year, driven by adoption of LLMs, deepfakes, translation tools, and automation in phishing, impersonation, and laundering workflows. The finding reflects a major escalation in the scale and speed of crypto-enabled fraud.
TRM estimates illicit crypto activity hit a record $158 billion in 2025
TRM Labs says illicit crypto activity reached an estimated USD 158 billion in 2025, representing nearly 145% year-over-year growth. It estimates scam-related activity accounted for about USD 30 billion, though the true figure is likely higher due to underreporting.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
How AI is Changing the Scale and Speed of Crypto Fraud | TRM Blog
trmlabs.com
Open sourceMoving From Anomalies to Connections in Fraud Defense
bankinfosecurity.com
Open sourceMoving From Anomalies to Connections in Fraud Defense
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Financial Fraud and Phishing Campaigns Targeting Financial Services
Financial services organizations are facing a surge in sophisticated fraud attempts enabled by artificial intelligence, as threat actors leverage AI tools to automate and scale their attacks. Recent reports highlight that AI is being used to craft highly convincing phishing emails and social engineering campaigns, making it increasingly difficult for traditional security measures to detect malicious activity. Attackers are utilizing generative AI to personalize messages, mimic legitimate communications, and evade standard email filters, thereby increasing the success rate of phishing attempts. In response, financial institutions are adopting advanced AI-powered security solutions designed to identify and block these next-generation threats. These defensive tools analyze behavioral patterns, detect anomalies, and adapt to evolving attack techniques, providing a dynamic shield against AI-driven fraud. The deployment of agentic AI systems allows organizations to automate threat detection and response, reducing the window of opportunity for attackers. Security teams are also leveraging machine learning to monitor transaction patterns and flag suspicious activities in real time, helping to prevent unauthorized transfers and account takeovers. The integration of AI into both offensive and defensive cyber operations marks a significant escalation in the financial fraud landscape. Experts warn that as AI technology becomes more accessible, the volume and complexity of attacks will continue to rise, necessitating ongoing investment in AI-based defenses. Training and awareness programs are being updated to educate employees about the risks posed by AI-generated phishing and social engineering. Regulatory bodies are also beginning to issue guidance on the ethical use of AI in financial services, emphasizing the need for transparency and accountability. Collaboration between industry stakeholders is increasing, with information sharing initiatives aimed at identifying emerging AI-driven threats. The rapid evolution of AI capabilities underscores the importance of proactive security strategies and continuous monitoring. Financial organizations are urged to assess their current defenses and consider the adoption of agentic AI tools to stay ahead of adversaries. The convergence of AI in both attack and defense highlights a new era in cybersecurity, where automation and intelligence are central to both risk and resilience. As the threat landscape evolves, the ability to rapidly detect and respond to AI-enabled fraud will be a key differentiator for secure financial operations.
Mar 21, 2026
AI-Enabled Fraud Scams Industrialized by Transnational Criminal Networks
**Transnational criminal networks** are increasingly industrializing online fraud with **AI-enabled social engineering**, according to reporting on scam compounds in Southeast Asia, an Interpol assessment, and policy commentary tied to a new US executive order. Fraud operations linked to *pig-butchering* and romance scams are using generative AI to improve language quality, deepfakes to impersonate trusted people, and low-cost "deepfake-as-a-service" offerings to scale deception. Interpol said AI-assisted fraud is **4.5 times more profitable** than non-AI schemes, while broader reporting describes these operations as structured, multinational enterprises that function like businesses and increasingly rely on automation, synthetic identities, and persuasive impersonation at scale. Reporting from Cambodia and the wider region shows scam operators are now recruiting "**AI face models**" to appear on high-volume deepfake video calls, including applicants from multiple countries seeking work in compounds associated with trafficking-linked fraud operations. The same ecosystem has been described as part of a broader organized-crime model involving forced labor, cryptocurrency investment scams, romance fraud, and impersonation schemes targeting victims globally. One reference on calculating AI ROI in enterprise cybersecurity is **not about this fraud campaign ecosystem**, and an EU sanctions announcement concerns separate state-linked cyber incidents rather than financially motivated AI-enabled fraud.
Apr 15, 2026
AI-Driven Cyber Threats and the Evolution of Fraud and Defense Tactics
Cybercriminals are increasingly leveraging artificial intelligence, automation, and stolen credentials to conduct large-scale, sophisticated attacks across multiple sectors. The 2025 holiday season is seeing a surge in fraud campaigns that begin earlier than ever, with attackers using AI to mimic legitimate consumer behavior, automate credential stuffing, and bypass traditional detection systems. Underground marketplaces now efficiently trade automation kits and malicious configurations, making fraud a continuous, data-driven threat rather than one limited to peak shopping periods. Security experts warn that organizations relying solely on heightened monitoring during traditional high-risk windows are at greater risk, as adversaries pre-position and refine their attack infrastructure well in advance. To counter these evolving threats, cybersecurity leaders emphasize the need for predictive and adaptive defense systems powered by AI. Rather than relying on reactive measures, organizations are urged to operationalize threat intelligence by integrating machine learning, behavioral analytics, and automation into their security operations. This approach enables real-time detection, contextual analysis, and rapid response, bridging the gap between intelligence collection and incident containment. However, experts caution that AI must be paired with human oversight and strong governance to ensure trust, transparency, and effective decision-making in the face of increasingly polymorphic and evasive attacks.
Mar 21, 2026