AI-powered fraud is accelerating faster than many companies can respond, with new survey data showing 71 percent of U.S. organizations reporting an increase in attacks over the past year. The bad news is many finance teams are still leaning on manual defenses which are struggling to keep up with fraud attempts generated at scale.
The data comes from a new report by Trustpair, based on a survey of 250 CFOs and senior finance executives at U.S. enterprises. The research points to a widening gap between how quickly fraud tactics evolve and how slowly internal processes change.
SEE ALSO: How AI can supercharge fraud in the enterprise [Q&A]
More than half of respondents, 58 percent, said AI-enabled fraudsters are adapting faster than humans can respond. Despite that awareness, 48 percent of companies still rely primarily on manual validation methods such as callbacks or email checks to prevent fraud.
Losses are no longer hypothetical either. One in four companies reported six-figure losses tied to fraud incidents, while 45 percent said it took multiple days to respond to a single attack.
In 17 percent of cases, fraud-related mistakes led to employee terminations, adding internal disruption to financial damage.
The report, developed with corporate practitioners and experts from Kinexys by J.P.Morgan, found attacks are cheaper to launch, easier to personalize, and harder to spot using traditional review methods.
AI-powered fraud is growing
“AI has raised the baseline of fraud. The risk keeps increasing, but internal processes haven’t moved fast enough,” said Baptiste Collot, co-founder and CEO of Trustpair. “It’s not that companies don’t want to act. They often don’t know how to, or think it means changing everything at once. The reality is that manual callbacks and email checks simply cannot defend against attacks that are generated at scale.”
Business Email Compromise (BEC) remains the most common attack, affecting 62 percent of organizations. Fake websites and text message scams follow closely, showing how fraud now spans email, web, and mobile touchpoints rather than a single vector.
There are signs of movement away from purely manual approaches. The share of companies relying mainly on human validation fell from 69 percent to 48 percent year over year. That drop suggests growing recognition that people alone can’t handle the volume and speed of AI-driven attacks, although progress remains uneven.
Structural issues inside organizations continue to create openings for fraud. Vendor data is often spread across systems, checked infrequently, and allowed to go stale.
Only 32 percent of companies validate vendor bank account details continuously or in real time, leaving long gaps between onboarding and payment where changes can slip through.
Regulatory pressure adds another layer of urgency. Upcoming requirements from Nacha will mandate upfront account validation, reinforcing existing internal control expectations such as SOX. Even so, 45 percent of surveyed companies said they aren’t aware of these rules, and 13 percent reported having no vendor bank account validation process at all.
Half of companies increased fraud prevention spending in 2025, and adoption of automated account validation tools rose from 31 percent to 34 percent. Training still plays a role, although the data suggests awareness alone isn’t enough when attacks are automated and continuous.
Automation and ongoing validation are increasingly seen as ways to reduce human error without slowing payments or procurement. Embedding these checks into existing workflows appears to be the direction many finance teams are moving, although the pace varies widely across organizations.
What do you think about the gap between AI-driven fraud and manual defenses? Let us know in the comments.
Image credit: Rawpixelimages/Dreamstime.com
