AI agents in fraud detection: are your controls keeping up?

TL;DR: AI agents are rapidly reshaping retail and banking traffic, with the source article saying more than 60% of online shop visitors are now bots, generative AI traffic to U.S. retail and banking sites has surged 2000% in the past year, and fraud losses could rise sharply if controls remain human-centric, according to Transmit Security. Human-designed fraud models now fail because the actor type has changed, not because the attack has become more sophisticated.

NHIMG editorial — based on content published by Transmit Security: AI agents are breaking human-centric fraud detection models

By the numbers:

• 60% of visitors to online shops and retailers, retailers are now bots, not humans.
• Generative AI sourced traffic to U.S. retail and banking sites has surged 2000% in just the last 12 months.
• More than 50% of consumers are comfortable letting AI agents shop and browse on their behalf.

Questions worth separating out

Q: How should security teams handle fraud detection when AI agents act on behalf of customers?

A: Security teams should treat AI agents as delegated actors, not as ordinary users or simple bots.

Q: Why do AI agents break traditional fraud detection models?

A: AI agents break traditional fraud detection because those models assume a human behind each session.

Q: What do fraud teams get wrong about bot detection in the age of AI agents?

A: Fraud teams often assume bot detection can separate good automation from bad automation.

Practitioner guidance

• Reclassify agent traffic as a delegated identity problem Map which customer-facing workflows now allow AI agents, then treat those sessions as delegated access paths with explicit scope, traceability, and approval rules.
• Reduce reliance on human-motor signals De-emphasise typing cadence, scrolling rhythm, and hesitation as primary trust factors when the session may be executed by an AI agent from cloud infrastructure.
• Add intent and purpose checks to risk scoring Score whether the action fits the user’s expected task, transaction history, and delegation scope instead of relying mainly on device or browser reputation.

What's in the full article

Transmit Security's full report covers the operational detail this post intentionally leaves for the source:

• The report breaks down how AI agents change fraud decisioning across shopping, banking, and account activity.
• It outlines why device fingerprinting, behavioural biometrics, and bot detection lose reliability in delegated agent sessions.
• It describes the move toward predictive AI models that score intent rather than only visible automation cues.
• It provides the broader market framing behind the claim that legacy fraud layers will be outmatched without a new control model.

👉 Read Transmit Security's analysis of how AI agents are changing fraud detection →

AI agents in fraud detection: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →