How AI fraud Is evolving faster than AP & procurement defenses

Opinion
By published

AI fraud attacks evolving faster than corporate defenses

A profile of a human brain against a digital background.
Image credit: geralt on Pixabay (Image credit: Pixabay)

For years, spotting a scam was easy. A strange sender address, a spelling mistake, a clumsy turn of phrase—it was enough to set off alarm bells.

Unfortunately, those days of “easy spotting” are over. In 2025, fraudsters are working with tools as advanced as the systems designed to stop them and the practice of good cyber hygiene is becoming a continuous imperative.

AI voice cloning can now replicate an executive’s tone, cadence, and background noise with uncanny accuracy. Deepfake invoices arrive that don’t just mimic a vendor’s logo—they mirror their formatting, payment history, and even metadata.

These attacks aren’t one-off phishing attempts. They’re calculated campaigns designed to blend into legitimate workflows until it’s too late.

William McNeill

VP of Market Intelligence at apexanalytix.

The numbers behind the threat

The Association of Certified Fraud Examiners reports that organizations lose 5% of annual revenue to fraud, on average. In accounts payable, that can mean seven- or eight-figure losses from a single breach. And the trendline is headed in the wrong direction—fraud cases are getting faster, cleaner, and harder to detect.

We’ve already seen the cost of falling behind. Last year, a multinational in Hong Kong lost $25 million after employees joined what they thought was a legitimate video call with their CFO—only to find out later the entire meeting was a deepfake. In the U.S., the FTC logged 845,000 imposter scams in 2024, with voice cloning playing an increasing role.

Why the old playbook doesn’t work

Traditional fraud defenses were built for a world where bad actors made mistakes—misspelled words, mismatched fonts, clumsy requests. AI has erased those tells.

Today’s fraud attempts don’t just look legitimate because they are legitimate in structure. They pass basic validation checks, mimic past transactions, and use real supplier data scraped or stolen from previous interactions.

If your AP department is still relying on manual checks or rules-based systems alone, you’re essentially playing chess while your opponent is playing speed chess with an engine running in the background.

Fighting fire with fire

The only way to keep up is to match the speed and precision of the attackers, and that’s where AI-powered fraud detection is changing the game.

Machine learning models can now flag subtle anomalies in payment behavior that would slip past a human reviewer, detect duplicate invoices before the payment is processed, even if they’ve been altered just enough to fool a rules-based system, and cross-reference vendor bank account changes against trusted databases in real time.

Fortunately, these aren’t just theoretical capabilities as they can stop fraud in live environments. Imagine, for example, a global manufacturer facing a synthetic invoice ring that infiltrates multiple suppliers’ systems.

On the surface, every invoice looks legitimate—matching past formatting, language, and amounts. But an AI model flags something no human would likely catch: an unusual sequence of routing numbers that doesn’t align with historical payment patterns.

That single anomaly becomes the lead that exposes the entire scheme before any money leaves the business.

Building a modern defense

Finance leaders don’t have the luxury of waiting for annual process reviews. Threats are evolving all the time. To ensure you’re staying one step ahead, here’s what should be in your playbook right now:

  1. Continuous vendor verification Treat any bank account change as a potential breach until verified through a secondary channel.
  2. Deepfake awareness training Your AP and procurement teams need to know these threats exist and how convincing they can be.
  3. AI-powered anomaly detection Use models trained on your payment history, not just generic fraud datasets.
  4. Zero-trust payment protocols No single individual should be able to approve and execute large payments without additional validation steps.
  5. Cross-functional collaboration Fraud isn’t just a finance problem—IT, legal, and operations should be in the room when response plans are built.

The risk in the wait

Fraud today is a technology arms race. The attackers are fast, creative, and unencumbered by rules. But the companies that are winning understand that if you wait until a breach to modernize your defenses, you’re already behind.

The most well-prepared leaders I speak with know that fighting fraud in 2025 isn’t about closing the door after the fact—it’s about locking it, monitoring it, and making sure you know exactly who’s on the other side before it ever opens.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS
William McNeill

William McNeill is VP of Market Intelligence at apexanalytix.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.