Because the attack now adapts in real time. GenAI can localise language, mirror tone, and create convincing visual or audio personas, which reduces the usefulness of static keyword filters and one-off review. Controls that only inspect a single message or a single channel miss the broader behavioural pattern that exposes the scam.
Why This Matters for Security Teams
GenAI-powered scams reduce the value of traditional fraud controls because the attacker can change language, format, and persona faster than a ruleset can be tuned. Static keyword blocks, canned challenge questions, and single-message review assume the scam looks the same long enough to classify it. That assumption breaks when a model can localise content, imitate a known sender, and maintain a believable thread across email, chat, voice, and image channels. NIST’s NIST AI 600-1 GenAI Profile is useful here because it frames AI risk as an ongoing governance problem, not a one-time filter problem.
For fraud teams, the issue is not only false positives or false negatives. It is that the scam now behaves like an adaptive campaign, not a fixed lure. A single suspicious phrase may disappear on the next attempt, while the intent stays constant. That means controls built around exact strings, one-time anomalies, or isolated channel checks will miss the broader pattern. NHIMG’s research on DeepSeek breach shows how AI-driven exposure can scale quickly once trust boundaries are crossed. In practice, many security teams encounter the fraud pattern only after the impersonation has already moved to a second channel, rather than through intentional detection design.
How It Works in Practice
Traditional fraud controls were built for relatively stable abuse: known scam phrases, repeated device fingerprints, fixed sender domains, and manual review queues. GenAI changes the attacker’s economics. A scammer can generate hundreds of variants, test which version gets a response, then immediately shift tone, language, or visual style. That makes pattern-based detection weaker unless it is paired with behavioural analysis, session correlation, and identity verification that looks beyond one message.
Current best practice is evolving toward layered controls:
- Monitor cross-channel behaviour, not just a single email or chat thread.
- Score intent signals such as urgency, payment redirection, and identity switching.
- Use step-up verification for high-risk requests, especially first-time payees or changed bank details.
- Correlate device, account, and message history to detect coordinated manipulation.
- Apply policy checks continuously, rather than only at the point of message ingestion.
This is where emerging guidance matters. The Ultimate Guide to NHIs — Standards is relevant because many fraud workflows now intersect with non-human identities, API-driven approvals, and automated communications. If a scam uses compromised automation, the fraud signal may be hidden inside legitimate machine-to-machine traffic. NIST’s GenAI Profile also supports a risk-based approach that treats AI-enabled deception as a dynamic threat surface, not a static content problem.
These controls tend to break down when organisations rely on one-channel review, because the scam can preserve intent while constantly changing wording, media, and timing.
Common Variations and Edge Cases
Tighter fraud controls often increase friction, requiring organisations to balance user convenience against the need to stop highly adaptive scams. That tradeoff becomes sharper in customer service, treasury approval, and executive communications, where legitimate urgency is common and overblocking can slow real work.
There is no universal standard for this yet, but current guidance suggests the highest-risk cases are those involving social engineering plus AI-generated voice or image content. Deepfake-assisted fraud does not always depend on perfect realism; it only needs enough credibility to bypass a rushed decision. In multilingual environments, GenAI can also reduce the signal value of grammar errors that older controls depended on. That means teams should avoid assuming that “poor language” is still a reliable scam indicator.
Operationally, fraud teams should expect edge cases where automation is legitimate but indistinguishable from abuse at first glance, such as customer notifications, bot-assisted collections, or agentic support workflows. In those settings, the better control is not harsher blocking alone, but stronger proof of who is requesting the action and why. NHIMG’s research on DeepSeek breach underscores how quickly trust can be undermined once AI content or infrastructure is exposed to adversaries. The practical limit is high-volume environments where humans cannot review enough context fast enough, so automation must carry more of the decision burden.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A03 | GenAI scams exploit adaptive content generation and social engineering. |
| CSA MAESTRO | T1 | Covers trust and identity risks in AI-driven workflows and interactions. |
| NIST AI RMF | AI RMF addresses adaptive risk and governance for GenAI-enabled abuse. |
Use AI RMF govern and manage functions to continuously reassess scam detection against changing model behaviour.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
