AI agent adoption is breaking human-centric fraud detection

At a glance

What this is: This is an analysis of how AI agents are undermining fraud detection models built around human behaviour and device signals.

Why it matters: It matters because identity and fraud teams must decide how to classify, score, and govern agent-driven activity without breaking customer flows or missing abuse across human, NHI, and autonomous programmes.

By the numbers:

• 60% of visitors to online shops and retailers, retailers are now bots, not humans.
• Generative AI sourced traffic to U.S. retail and banking sites has surged 2000% in just the last 12 months.
• More than 50% of consumers are comfortable letting AI agents shop and browse on their behalf.
• U.S. financial-services industry fraud losses could hit $40B by 2027, up from $12.3B in 2023.

👉 Read Transmit Security's analysis of how AI agents are changing fraud detection

Context

AI agents are software entities that can act on behalf of users inside the same websites and apps humans use. That changes fraud detection because many controls still assume a person is behind each session, each device, and each transaction.

The identity governance problem is not simply more automation. It is that legitimate agent traffic, malicious automation, and human activity now overlap in ways that make device signals, behavioural biometrics, and bot checks less reliable unless teams redesign fraud decisioning around the actual actor type.

Key questions

Q: How should security teams handle fraud detection when AI agents act on behalf of customers?

A: Security teams should treat AI agents as delegated actors, not as ordinary users or simple bots. That means separating authorised agent activity from hostile automation using transaction intent, delegation scope, and account context. Device signals and behavioural biometrics still matter, but they cannot be the primary proof of legitimacy when the actor is no longer human.

Q: Why do AI agents break traditional fraud detection models?

A: AI agents break traditional fraud detection because those models assume a human behind each session. Agents decouple identity from device, do not show human hesitation or typing patterns, and can look identical to malicious automation. Once that assumption fails, device fingerprinting and behavioural scoring lose much of their discriminatory value.

Q: What do fraud teams get wrong about bot detection in the age of AI agents?

A: Fraud teams often assume bot detection can separate good automation from bad automation. In practice, AI agents can be legitimate and still look bot-like, so a single bot score creates too many false positives and false negatives. The better approach is to combine intent, scope, and traceability with the detection layer.

Q: Who is accountable when an authorised AI agent causes fraud or abuse?

A: Accountability should sit with the organisation that allowed the delegated automation, not with the detection system alone. Fraud, IAM, and compliance teams need a shared control model that records which agent was authorised, for what purpose, and under what limits. That audit trail is what supports incident review and regulatory response.

Technical breakdown

Why device fingerprinting breaks for AI agents

Device fingerprinting works when user identity and device identity move together. AI agents often run from cloud infrastructure, orchestration services, or remote execution environments, so the transaction originates from one place while the customer identity belongs somewhere else. That separation weakens the value of IP reputation, browser artefacts, and hardware-linked signals. It also means a legitimate agent can look indistinguishable from a scripted attacker using the same infrastructure pattern. In practice, fraud teams need to treat the session as a delegated identity event, not a personal device event.

Practical implication: re-baseline device trust models around delegated sessions rather than assuming device identity proves human presence.

Why behavioural biometrics lose signal quality

Behavioural biometrics depend on human friction points such as hesitation, cursor drift, scrolling rhythm, and typing cadence. AI agents do not exhibit those traits in the same way, which makes their activity appear either too perfect or too machine-like. The result is not just false negatives for malicious automation. It is also false positives against legitimate agent activity that follows the same smooth interaction pattern as abuse. Fraud models need to separate behavioural intent from human motor behaviour if they are going to remain useful.

Practical implication: stop using human-motor cues as the primary proof of legitimacy when the actor may be an agent.

How agent-aware fraud scoring changes the trust model

Agent-aware fraud scoring shifts from asking whether the interaction looks human to asking what the actor is trying to do, whether it is authorised, and whether the transaction fits the expected purpose. That requires richer context across session history, delegation scope, transaction intent, and account behaviour. In identity terms, this is a governance problem as much as a detection problem: the system must understand which non-human identities are allowed to act, under what constraints, and with what traceability. Without that, fraud controls are left reacting to symptoms rather than actor behaviour.

Practical implication: add delegated-actor context to risk scoring so authorised agent activity is not mixed up with hostile automation.

Threat narrative

Attacker objective: The attacker wants to hide fraudulent activity inside legitimate agent traffic so the transaction is scored as normal rather than abusive.

1. Entry occurs when a legitimate AI agent is allowed to interact with retail or banking applications on behalf of a user, giving the attacker a believable transaction path.
2. Escalation occurs when fraudsters use that same agent-mediated flow to bypass device-based and behaviour-based checks that were designed for humans.
3. Impact occurs when malicious activity blends into normal agent traffic, allowing fraudulent purchases, account abuse, or payment misuse to pass through detection layers.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Human-centric fraud detection is no longer the default baseline. The article shows that the actor behind a transaction is now often a delegated software agent, not a person with a stable device and human motor patterns. Controls built for human identity are being asked to classify non-human behaviour without first understanding the delegation chain. The practical conclusion is that fraud governance now overlaps directly with identity governance.

Delegated AI activity creates an identity trust problem, not just a fraud problem. When a user authorises an agent to browse or buy, the system must distinguish between permitted automation and hostile abuse of the same interaction model. That distinction cannot rely on device fingerprints alone, because cloud-hosted agents decouple session identity from endpoint identity. Practitioners should treat this as a governance boundary issue across human, NHI, and autonomous programmes.

Agent-aware detection will become a control plane requirement for digital commerce. The article’s core finding is that legacy bot controls and behavioural scoring are collapsing under mixed traffic conditions. That does not mean every agent is malicious; it means detection must understand actor type, intent, and delegation scope. Teams that do not build that control plane will continue to mistake legitimate automation for abuse and abuse for legitimacy.

Intent is the named concept fraud teams now need. The useful distinction is no longer human versus bot, but expected versus unexpected action within an authorised delegation context. That reframes fraud analytics as a problem of purpose, scope, and accountability rather than surface behaviour. Practitioners should redesign decisioning so the question becomes whether the transaction matches the permitted task.

Fraud operations and identity governance are converging around machine-permitted access. The article suggests that as AI agents become mainstream, the programme boundary between IAM and fraud prevention gets thinner. Teams need shared visibility into which agents are authorised, what data they can touch, and how their actions are audited. Without that linkage, false confidence will grow even as automated abuse becomes easier to hide.

From our research:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
• Only 80% of organisations report their AI agents have already performed actions beyond their intended scope, including access to unauthorised systems, sensitive data sharing, and revealing credentials.
• For the broader control picture, see OWASP Agentic AI Top 10 for the identity and privilege risks that show up when agents operate beyond expected boundaries.

What this signals

Delegated identity will become the decisive design pattern for fraud prevention. As AI agents take over shopping and banking workflows, teams will need to decide whether a session represents a person, an approved agent, or an abuse attempt. The most resilient programmes will pair intent-based scoring with governance records for who authorised the agent and what it may do.

With 98% of companies planning to deploy more AI agents in the next 12 months, per AI Agents: The New Attack Surface report, fraud operations cannot remain a separate island from IAM. The control conversation will move toward shared policy, shared auditability, and shared actor classification.

Agent-aware commerce is becoming a policy question, not just a detection question. Teams should prepare for customer journeys where the buyer is not the actor and the actor is not always malicious. That means updating fraud playbooks, customer authentication choices, and risk exceptions so approved automation can be distinguished from hostile automation without breaking legitimate commerce.

For practitioners

• Reclassify agent traffic as a delegated identity problem Map which customer-facing workflows now allow AI agents, then treat those sessions as delegated access paths with explicit scope, traceability, and approval rules.
• Reduce reliance on human-motor signals De-emphasise typing cadence, scrolling rhythm, and hesitation as primary trust factors when the session may be executed by an AI agent from cloud infrastructure.
• Add intent and purpose checks to risk scoring Score whether the action fits the user’s expected task, transaction history, and delegation scope instead of relying mainly on device or browser reputation.
• Create separate policy paths for authorised automation and abuse Define which agent-driven actions are acceptable, which require step-up review, and which must be blocked so fraud controls do not collapse into a single bot score.

Key takeaways

• AI agents undermine fraud models that depend on human behaviour, human devices, and human pacing.
• The source article’s figures show the scale shift is already material, with bot traffic and AI-driven traffic both rising sharply.
• Practitioners need delegated-actor governance, not just better bot scores, if they want fraud controls to stay effective.

Key terms

• Delegated Identity: A delegated identity is an account or session acting on behalf of another principal with a bounded scope of authority. In AI-agent contexts, the key issue is not just authentication, but what actions the delegate is allowed to perform, how those actions are traced, and when the delegation must be revoked.
• Intent-Based Fraud Scoring: Intent-based fraud scoring evaluates whether an action matches the expected purpose of the session, account, or transaction. It goes beyond looking for human-like or bot-like behaviour and instead weighs context, delegation, and historical patterns to judge whether the activity is authorised and consistent.
• Behavioural Biometrics: Behavioural biometrics use human interaction patterns such as typing rhythm, mouse movement, and scrolling cadence to identify users or detect anomalies. These signals are useful when a human is truly operating the session, but they lose value when the actor is an AI agent or another non-human identity.
• Device Fingerprinting: Device fingerprinting identifies a session by the properties of the endpoint or browser used to connect. It is an indirect trust signal, and its reliability drops when the same user experience is executed by cloud-hosted AI agents, shared infrastructure, or other non-human actors that decouple user and device.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Transmit Security: AI agents are breaking human-centric fraud detection models. Read the original.