Agentic AI is reshaping the future of fraud risk

Agentic AI is transforming fraud prevention and detection, according to Amazon Nova senior software development engineer Rohith Nama, who shares how he balances innovation with building safe, ethical large‑scale AI systems.

Agentic artificial intelligence (AI) is rapidly taking AI from a passive tool for prompts to systems that can plan, act and make decisions. This shift raises urgent questions, especially in risk and compliance enterprises, about reliability, control and what responsible deployment should look like.

To explore those questions, I interviewed Rohith Nama, a generative artificial intelligence (Gen AI) engineer and researcher for Amazon’s Nova frontier models. Nama focuses on what happens after an AI model is trained, deployed and expected to behave safely, predictably and usefully. His work spans inference‑time tooling (what occurs between the user’s prompt and the AI model’s response), observability, safety controls and benchmarking agentic behavior — areas that determine whether advanced AI systems can be trusted with complex workflows.

Nama works at the intersection of model development and responsible AI governance. As organizations begin experimenting with agentic systems that answer questions and act, his perspective clarifies what’s changing technically, where the real risks lie, and how enterprises can adopt agentic AI without surrendering oversight or accountability.

Walden: When people hear “general intelligence,” they might think of robots performing like humans. How do you define it, and where are we at today?

Nama: We’ve gone through a few phases. Early AI systems were narrow and task specific. Gen AI creates original content — text, images, video, audio or code — in response to user prompts. What we’re seeing now is the emergence of agentic capabilities, where systems can reason, plan and act in steps.

When I say, “general intelligence,” I’m not referring to full artificial general intelligence (AGI), with human-level reasoning. We’re not there yet. But we’re moving toward flexible, contextual and adaptive systems. An AGI system wouldn’t just analyze transactions or flag anomalies; it would interpret economic conditions, understand behavioral psychology, anticipate adversaries’ strategies and redesign defensive mechanisms, incorporating more data than we could comprehend. In a fraud context, that might mean systems capable of modeling attacker motivations, simulating “what-if” scenarios before they happen, and autonomously adjusting controls while understanding legal, ethical and operational constraints.

Long-context reasoning, an AI system’s ability to process, understand and reason with large amounts of data all at once, contributes to this shift. Depending on breakthroughs in reasoning and safety, we’re still several years away from AGI, but we’re close enough that organizations need to think seriously about long-term effects.

Walden: How are multimodal AI and other intelligence features across text, video, images and transactions improving results, and how can they apply to fraud examiners?

Nama: Multimodal AI processes multiple data types together: text from emails, images from documents, transactions from accounting systems, video from surveillance, logs from network activity and even speech from calls. Fraud doesn’t live in a single data stream; it’s also multimodal.

Fraud examinations may involve emails, documents, financial data, transaction logs, access records, phone calls, and sometimes video or images. Historically, the data is analyzed separately, which creates gaps and delays. Multimodal AI allows systems to reason across inputs to uncover hidden patterns, infer meaning and interpret intent across risk signals that might appear unrelated in isolation or when presented to the human eye. Instead of treating an email, document or transaction as an independent risk signal, the model can evaluate how they relate to one another, identifying inconsistencies, contextual anomalies or subtle behavioral changes that don’t trigger rule-based thresholds.

Synthesizing across modalities enhances understanding. Fraud often hides in relationships between multiple data points; multimodal systems find those relationships in ways traditional systems can’t. Think about the traditional pattern and link analysis tools for matching addresses between vendors and employees or shared bank accounts between colluding vendors. Now, multiply that power by 100, with the ability to reason.

Walden: As AI tools become more accessible, how do you see fraud evolving?

Nama: Technology never evolves in isolation. As AI becomes more accessible, fraud will shift from being manual and opportunistic to automated, adaptive and expandable. Instead of one‑off scams, attackers can deploy AI agents that continuously generate, test and refine fraudulent tactics without needing advanced coding skills. In 2025, Anthropic disclosed that a hacker used its Claude AI system’s code generator chatbot, Claude Code, to conduct a fully AI‑driven cybercrime campaign. The attacker identified vulnerable companies, building malware, stealing sensitive data and drafting extortion emails. At least 17 organizations were targeted. Government identification numbers, banking details and medical records were stolen. Determined attackers can now find ways around safeguards.

Other trends include hyper-personalization scams using publicly available data, synthetic voices or deepfake videos to increase credibility, like the 2024 incident at British engineering firm Arup in which fraudsters deceived an employee into transferring about $25 million with AI-generated deepfake video and audio to impersonate the company’s senior executives. The scheme began with a suspicious email about a confidential transaction, but the fraudsters overcame the employee’s doubts by staging a realistic video call featuring lifelike digital copies of the chief financial officer and other colleagues. It highlights how sophisticated deepfake technology is escalating the risks of corporate fraud.

In addition, synthetic identity proliferation makes it easy to create believable fabricated personas. According to LexisNexis’ Cybercrime Report: Evolving Threats Beneath the Surface, 11% of all fraud globally now involves synthetic identity, representing an eight‑fold increase year over year and making it the fastest-growing fraud type worldwide.

Adaptive evasion is another trend in which attackers probe defenses in real time and adjust based on what gets blocked. In 2025, security researchers and telecom operators reported a wave of AI‑powered distributed denial-of-service (DDoS) attacks that continuously tested, learned from and adapted to controls during the attack. Rather than relying on a single traffic pattern, AI‑managed botnets experimented with multiple traffic signatures, monitored which ones were blocked, and automatically shifted tactics to bypass mitigations and exhaust bandwidth or system resources.

Over time, these technologies might enable fraud-as-a-service, where fraudsters sell tools packaged to allow even low-skilled actors to execute complex schemes. The economic impact could be massive. Mastercard estimates that global fraud losses could approach the multitrillion-dollar range by the end of the decade. Static, rule-based defenses aren’t sufficient to combat these trends; defense must evolve with the offense.

Walden: The industry is trending toward agentic AI. What is it, and how does it change how fraud detection systems operate?

Nama: At a high level, agentic AI encompasses systems that generate outputs, set goals, plan steps, act and adapt to outcomes. Traditional fraud monitoring systems are reactive, looking at historical patterns or trends in the data to spot anomalies. They wait for an event, score it and trigger an alert. Agentic systems operate over time. They decide what information to gather next, how to interpret it and determine next steps. They’re like personal digital assistants, trained with specific domain expertise for various functions. (See Figure 1.)

In fraud detection, this shifts systems from rule-based evaluation, “if-this-then-that” logic, to context-based reasoning. An agent might examine historical behavior, correlate multiple data sources, and converse with other agents about whether a pattern is risky or unusual.

The result is better detection and fewer false positives. Instead of overwhelming investigators with alerts, agentic systems prioritize and contextualize risk, allowing humans to focus on important cases. But these systems work best as supervised agents, supporting investigations and decision-making, not replacing human judgment.

Walden: What are some fraud risk use cases that new large language models (LLM) and agentic systems enable?

Nama: One is real‑time monitoring with intelligent escalation, where systems continuously assess activity and find only the most contextually significant risks. Another is deepfake and synthetic identity detection through multimodal analysis that cross‑checks documents, images and voice data. AI‑driven monitoring can also identify fake or synthetic documents by analyzing metadata, pixels and other information to flag bogus receipts, fake invoices or improper logo use, then quantify findings for human investigation. (See Figure 2.)

There’s also potential in automated evidence gathering and investigation summarization. Agents can pull relevant data from emails, logs and databases then organize it into a narrative for human review. Perhaps most interesting is proactive pattern discovery in which systems identify emerging fraud tactics before they spread, rather than relying on known fraud typologies.

Walden: With greater autonomy comes greater risk. What should fraud professionals be cautious about when deploying these systems?

Nama: Explainability and auditability come first. Agentic systems follow complex, multistep reasoning paths, and each step must be fully traceable under strong governance. In legal settings, agentic AI must meet the same evidentiary and procedural standards as existing fraud operations. Outputs, such as flagged transactions, anomaly scores or investigation summaries, should be treated as derived evidence, not final judgments. This requires a clear chain of custody, including the model used, the data inputs and the reasoning process. For courtroom admissibility, systems must produce explainable reasoning logs that nontechnical experts can present step-by-step. In investigations and audits, agentic AI should integrate with existing approval workflows, with human review required for every escalation.

Hallucination and overconfidence are also concerns. LLMs can produce responses that sound confident but are incorrect, requiring architectural safeguards. Retrieval-augmented generation (RAG) improves accuracy by grounding outputs in authoritative external sources. A more constrained approach, context-anchored generation (CAG) ensures that outputs rely on verified internal data rather than unconstrained inference. CAG is an AI engineering technique in which an LLM gets specific, structured, relevant information (the anchor) alongside a prompt so the generated output is accurate, relevant, and consistent with a particular domain, project or persona. In high‑stakes areas like fraud, grounding and validation layers aren’t optional; they’re essential system components. (See Figure 3.)

Third is adversarial robustness, or the AI-based fraud detection system’s ability to maintain accuracy and reliability even when it’s fed deceptive, manipulated or adversarial data to bypass security. Fraudsters are increasingly using AI tools to probe defenses, craft prompt injections, generate synthetic artifacts or test evasion tactics. What once required sophisticated skill can now be automated or rented. This creates a feedback loop in which defensive systems must anticipate adversaries augmented by AI and could become a defining challenge of the next decade.

Finally, there’s understandable concern that automation could displace roles, but with fraud, human judgment is necessary. Fraud investigations often intersect with legal interpretation, regulatory obligations and ethical nuances. Freezing assets, escalating cases or labeling behavior as fraudulent have real-world consequences. Human involvement ensures accountability. AI can manage analysis, but responsibility and liability remain human.

Walden: How do you see agentic AI reshaping risk management over the next few years?

Nama: I think risk management will become more proactive and goal oriented. We’ll see multiagent systems that specialize in specific roles. One agent detects anomalies, another gathers context, and another assesses impact, all working together under defined constraints. With proper memory and feedback loops, these systems can learn from past cases and reduce repeat issues. (See Figure 1.) However, challenges remain for controllability, cost, latency and long-term context management. Adoption depends less on raw capability and more on governance maturity using a repeatable, enforceable structure regarding how AI systems are developed, deployed, monitored and retired. Clear ownership, documented decision boundaries, audit trails, bias reviews and defined human escalation paths will be critical. It’s like internal controls maturity (COSO or the Sarbanes-Oxley Act) applied to model behavior instead of financial transactions.

Walden: Regulation often lags technology. How should fraud teams approach compliance in the meantime?

Nama: In the European Union, fraud detection systems are likely to be classified as high-risk under upcoming AI regulations, requiring transparency and documentation. In the U.S., the National Institute of Standards and Technology (NIST) AI Risk Management Framework is increasingly influential. The framework provides guidance that organizations can adapt to identify, assess and manage AI-associated risks. It supports the development and use of trustworthy AI systems, meaning they’re safe, secure, transparent, fair and accountable. In 2024, NIST released a profile of generative AI risks and recommended mitigation actions.

Organizations shouldn’t wait for regulations to catch up. Fraud and compliance teams effectively become AI risk owners, and they should be documenting systems as if they’ll be audited, running bias reviews to ensure that agents don’t make their own decisions without human guidance. Being proactive builds trust with regulators and internal teams, as well.

Walden: Do you have any final thoughts for anti-fraud professionals?

Nama: Generative AI or agentic AI isn’t a silver bullet, but it’s a fundamental shift. The move from rule-based systems to context-aware, goal-oriented intelligence will reshape how fraud risk is managed. The organizations that benefit most will be those that invest early in governance, understand how these systems reason and deploy them thoughtfully as partners to human expertise. Data doesn’t have to be perfect the first time but neither do the model outputs. That’s why humans are in the loop. It’s a journey, not a destination. I encourage fraud risk professionals to innovate responsibly, but don’t be afraid to experiment. AI can scale analysis, but accountability remains human.

Vincent M. Walden, CFE, CPA, is the CEO of Kona AI, a Covasant Company. Contact him at vwalden@konaai.com.

Rohith Nama is a senior software engineer and researcher at Amazon General Intelligence. The views expressed in this article are his own and do not reflect the views of Amazon or any affiliated organization. Contact him for more information on Gen AI, intelligent systems, use cases and more on Substack and LinkedIn.