The AI Fraud Gap: When Attacks Evolve Faster Than Corporate Defenses
A critical security gap is emerging across American enterprises. While fraudsters deploy artificial intelligence to launch attacks at unprecedented scale and speed, nearly half of U.S. companies still rely on manual validation processes designed for an analog era.
According to Trustpair’s newly released Fraud in the Cyber Era: 2026 Fraud Trends & Insights report, 71% of U.S. organizations have experienced increased AI-powered fraud attempts over the past year. Yet 48% continue depending on manual callbacks and email verification—methods fundamentally mismatched against machine-generated threats.
The study, developed with corporate practitioners and experts from Kinexys by J.P.Morgan, surveyed 250 CFOs and senior finance executives at U.S. enterprises. Its findings reveal a dangerous asymmetry: 58% of finance leaders believe fraudsters evolve faster than human defenders can respond, yet organizational processes remain largely unchanged.
Business Email Compromise Remains Primary Attack Vector
The threat landscape shows clear patterns. Business Email Compromise (BEC) remains the dominant fraud channel, affecting 62% of organizations. Fake websites follow at 48%, with text message scams impacting 45% of respondents. These attack methods share a common advantage—they exploit the gap between vendor onboarding and payment execution, a window where most companies lack continuous oversight.
Nearly half of finance executives (47%) now identify AI-generated fraud as one of their biggest prevention challenges. The financial and operational impact proves substantial: one in four companies reported six-figure fraud losses, while 45% spent multiple days responding to a single incident. Perhaps most troubling, 17% have terminated employees due to fraud-related mistakes—a human cost of inadequate systemic controls.
Structural Weaknesses Create Exploitable Vulnerabilities
Baptiste Collot, co-founder and CEO of Trustpair, emphasized the urgency: “AI has raised the baseline of fraud. The risk keeps increasing, but internal processes haven’t moved fast enough. It’s not that companies don’t want to act. They often don’t know how to, or think it means changing everything at once.”
The core vulnerability lies in how organizations manage vendor data. Information remains siloed across systems, validated sporadically, and quickly becomes outdated. Only 32% of companies validate vendor bank account details continuously or in real-time, leaving the majority exposed during the critical period between vendor setup and payment release.
This exposure coincides with intensifying regulatory pressure. Nacha’s March 2026 requirements will mandate upfront account validation, adding to existing compliance frameworks like SOX. Yet 45% of companies remain unaware of these upcoming rules, and 13% report having no vendor bank-account validation process whatsoever.
Automation Adoption Signals Industry Shift
Despite persistent challenges, the research identifies meaningful progress. Half of surveyed companies increased fraud prevention budgets in 2025, reflecting growing executive awareness. Adoption of automated account validation tools rose from 31% to 34%—a modest but significant shift indicating changing priorities.
The decline in manual-only validation approaches (from 69% to 48% year-over-year) represents substantial movement. Organizations increasingly recognize that training alone cannot counter automated attacks. Continuous validation embedded within existing finance and procurement workflows offers enhanced security without operational friction.
As AI capabilities democratize and fraud sophistication accelerates, the window for defensive modernization narrows. Enterprises that embed automated validation into core processes—rather than treating fraud prevention as a separate control layer—position themselves to meet both regulatory requirements and evolving threat landscapes. The question is no longer whether to modernize defenses, but how quickly organizations can close the gap between manual processes and machine-speed attacks.
About Methodology
Trustpair commissioned Dynata to conduct an online survey of 250 senior financial decision-makers at U.S. companies with annual revenues of $500 million or more. Respondents included C-suite executives and other senior leaders in accounting and finance functions with purchasing authority or influence. The survey was fielded in November 2025 with an estimated incidence rate of 30%.
About Trustpair
Created in 2017, Trustpair empowers large global companies to eliminate vendor payment fraud with a market-leading account validation platform. Trustpair serves over 500 corporate and enterprise customers, helping finance teams protect against fraud attacks. The company’s global presence includes offices in New York City, Paris, and London, with 100+ employees dedicated to payment security. Visit trustpair.com to learn more.
