Simon Glairy is a recognized expert in the fields of insurance and Insurtech, with a specialized focus on risk management and AI-driven risk assessment. His work frequently explores how emerging technologies are weaponized by threat actors to compromise corporate integrity and financial stability. In this discussion, we delve into a recent report involving 400 business leaders to understand the rapid shift toward autonomous fraud. We explore how agentic AI is compressing attack timelines and what organizations must do to maintain resilience in this high-speed, automated threat environment.
Traditional chatbots require constant human prompts, but agentic AI can operate autonomously across various platforms; how does this shift toward independent decision-making change the landscape of commercial fraud?
The move to agentic AI is a major step-change because these systems do not require constant prompts to move through a malicious lifecycle. According to a survey of 400 business leaders in IT and administration, this technology allows scammers to manage fraud activities across multiple platforms simultaneously. By acting autonomously, the AI can compress the timeline of a breach, making it much harder for traditional security teams to respond before the damage is done. It expands the capabilities of threat actors by allowing them to maintain long-term goals and make rapid decisions without manual human oversight at every turn.
The recent data suggests a significant rise in AI-related incidents; how are these autonomous tools specifically impacting sectors like finance and insurance?
Data shows that 29% of businesses in the U.S. have already faced at least one cyber incident where AI was part of the attack within the last year. Specifically, from 2021 to 2026, the finance-and-insurance sector is projected to account for 8% of all commercial espionage incidents. Scammers are leveraging agentic AI to perform high-stakes tasks like deepfake impersonation and advanced business email compromise at an unprecedented scale. These agents can use APIs to search through internal databases, allowing for tailored impersonation scams that mimic a legitimate employee’s behavior with frightening accuracy.
How does this technology make it easier for less experienced hackers to launch sophisticated attacks, and what specific capabilities are they exploiting?
Agentic AI significantly lowers the barrier for entry for attackers who lack deep technical expertise or years of coding experience. Instead of learning complex interfaces, these actors can use natural-language prompts to communicate their broad goals to the AI system. The AI then takes over, using existing attack pathways or even creating entirely new vectors to exploit system vulnerabilities and steal sensitive data. This allows a less sophisticated attacker to execute rapid, high-impact campaigns that would have previously required a large team of specialists to manage manually.
With threat actors moving at such high speeds, what kind of security approach should companies adopt to effectively mitigate these risks?
As Ian Walsh from QBE suggests, a “back-to-basics” layered security approach is essential, focusing on identification access management and behavioral monitoring. While the AI is fast, the human element remains a critical factor in identifying and stopping attacks at key decision points during a campaign. Companies should also integrate AI-enabled threat-detection tools to ensure their defenses can keep pace with the speed of autonomous threats. Combining these security basics with comprehensive coverage and proactive monitoring is the most effective way to build long-term organizational resilience.
What is your forecast for the future of commercial espionage?
I expect a shift toward more persistent forms of espionage where AI agents hide within networks for extended periods to gather intelligence. As these models become better at mimicking human behavior, the challenge will be distinguishing between legitimate workflows and malicious actors operating in the background. We will likely see a massive increase in the use of AI for real-time data theft, making continuous monitoring a mandatory standard for every modern business. The future of security belongs to those who successfully merge human intelligence with automated defensive systems to counter these evolving digital threats.
