Back to Feed
AI SecurityJul 6, 2026

AI Can Forge Documents in Minutes – “Looks Right” Is No Longer Enough

Generative AI enables rapid, undetectable document fraud, increasing financial losses and regulatory scrutiny.

Summary

Generative AI tools are dramatically accelerating document fraud, making traditional detection methods obsolete. Reports indicate a significant rise in synthetic identity and deepfake fraud attempts, with AI-generated documents now accounting for a substantial portion of identity verification failures. This surge is projected to lead to billions in financial losses and has prompted regulatory bodies to issue alerts and levy substantial penalties for weak controls.

Full text

Artificial Intelligence Scams and Fraud TechnologyAI Can Forge Documents in Minutes – “Looks Right” Is No Longer Enough Generative AI is making document fraud faster and harder to spot, pushing security teams to verify provenance, signatures and file integrity at intake securely. byOwais SultanJuly 6, 20266 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening For years, catching a fake document meant hunting for tells: a wrong font, a smudged logo, metadata that did not match the claimed date. Generative AI has ended that game. The old tells are gone, and the people producing fakes are no longer specialists. They are anyone with a chatbot and a few minutes. The numbers describe a step change, not a trend. Sumsub reported that synthetic identity-document fraud rose more than 300% in 2025, climbing 311% in North America against the first quarter of 2024, while deepfake fraud attempts jumped by an order of magnitude. Researchers generated a synthetic passport with GPT-4o in under five minutes, visually indistinguishable from a genuine one. More than one in ten companies now report encountering deepfake or AI-generated documents in fraud attempts, and deepfakes already account for roughly one in twenty identity-verification failures. The growth curve is the part that should worry a security team. Analysts tracking identity fraud have reported AI-generated attempts rising several hundred percent year on year, with iProov recording a 783% jump in digital-injection attacks in 2024 and Jumio reporting a further 88% rise into 2025. These are not linear increases. Each improvement in generative models lowers the cost and raises the quality of the next wave of fakes, which is why the attempts keep multiplying rather than levelling off. The projected losses track the same slope. Deloitte has estimated that generative AI could push US fraud losses tied to this kind of activity toward $40 billion by 2027, up from $12.3 billion in 2023. That is a threefold rise in four years, driven not by more fraudsters but by each one becoming dramatically more productive. When the tool that makes a convincing fake is free and fast, the limiting factor on fraud stops being skill and becomes intent. Regulators have noticed, and they are pricing the risk. FinCEN issued an alert on deepfake media in financial fraud in late 2024, the FBI’s Internet Crime Complaint Center logged (PDF) more than 22,000 complaints referencing AI in 2025 with associated losses above $893 million, and in the first half of 2025 alone regulators levied over $1.23 billion in penalties tied to weak controls, a sharp jump on the year before. “The document looked right” is no longer a defence a supervised institution can offer. Signed PDFs sit right in the blast radius. A signature that renders as valid inside one viewer proves very little if the underlying file can be regenerated, re-signed, or quietly edited downstream. This is why PDF signature verification is shifting from a visual check to a cryptographic one. The question a security team should be able to answer is not “does the document open and show a checkmark,” but “can we prove this is the exact file that was signed, on the date claimed, by the party named?” Answering that reliably means the proof cannot live only inside the sender’s copy or a single vendor’s software. Robust verification ties the proof to the signing event itself and lets any party check it independently. Approaches that hash each signature to a public, timestamped record do exactly this: anyone holding the document can confirm its integrity without trusting the sender and without logging into a particular platform. The check becomes a property of the document rather than a feature of one application. The reason detection alone keeps losing is structural. Fraud teams report that a growing share of the fakes they catch are now made with mainstream generative tools, and any detector is trained on yesterday’s forgeries while the generators improve every month. It is an arms race in which the defender is always a step behind, because the same models that write the detection also write the next fake. Looking harder at the artefact cannot win when the artefact is designed to pass the look. It helps to be concrete about how the attack works, because the old defences quietly stopped applying. An attacker no longer needs to alter a file in place and risk leaving traces. They can regenerate a document from scratch with the values they want, produce a fresh signature on it, or take a legitimately signed file and edit it after the fact before passing it on. Metadata, the thing fraud teams once leaned on, is the easiest part to fake or strip. Inspecting the artefact tells you less every quarter; only proof tied to the original signing event holds up. That is why the useful place to apply verification is the point of entry, not the post-mortem. KYC onboarding, vendor and supplier intake, lending applications, and contract execution are all moments where a document crosses from outside the business to inside it, and where a forged file does its damage if it gets through. Checking provenance at intake, automatically, turns verification from an investigation that happens after a loss into a gate that runs before one. The cost difference between the two is the entire fraud. Picture a single account opening. The applicant submits a selfie, a photo of an ID, and a proof of address. Every one of those can now be synthesised: the face from a deepfake, the ID from a generative model, the utility bill from a template edited in seconds. Each artefact passes a look-test because each was built to. What no attacker can fake is a chain of custody that ties a document back to a legitimate issuer or a real signing event, which is why the defence has to shift from judging the artefact to verifying its origin. The shape of the loss makes the case on its own. A finance team approves a payment against a supplier invoice that was regenerated with new bank details. An underwriter funds a loan on income documents that never existed. A procurement lead signs off on a counterparty whose certificate of insurance was edited after issue. In each case, the document looked right, opened cleanly, and showed whatever badge the viewer expected. The failure was not detection at the desk; it was the absence of any way to prove the file was the one legitimately issued, before money or trust moved on it. Provenance wins where detection cannot because it is deterministic rather than probabilistic. A detector gives a confidence score that erodes as fakes improve. A verifiable signing record gives a yes or no that does not care how good the forgery is: a regenerated file simply will not match the hash of the one that was actually signed, no matter how flawless it looks. That property does not degrade with the next model release, which is exactly what a control needs to do in an arms race. There is also a practical reason to prefer verification that anyone can run. A control locked inside one vendor’s platform only helps the parties who use that platform, while a bank checking a customer’s document, a regulator reviewing a file, or a counterparty validating a contract each has to be able to confirm it on their own. Any of them can check provenance anchored to an open, public record without an account, a licence, or a support ticket. In a fraud environment where documents move between institutions constantly, verification that stops at a company boundary is a control with a hole in exactly the place attackers look for one. What replaces “looks right” is provenance that both a machine and a court will accept. A verification that a system can run automatically at scale, and that an investigator or a judge can later reproduce independently, is worth more than any visual inspection because it does not depend on the skill of the person looking or the qu

Indicators of Compromise

  • malware — deepfake

Entities

GPT-4o (product)Sumsub (vendor)iProov (vendor)Jumio (vendor)Deloitte (vendor)Generative AI (technology)