AI fraud will grow 153% in five years: the arms race companies cannot afford to lose

By Momentum IA · June 29, 2026.

The figures put forward by Juniper Research, cited by Banco General Costa Rica in a statement this week, are emphatic enough to demand attention beyond the corporate bulletin: global losses associated with AI-driven banking fraud could rise from $23 billion in 2025 to $58.3 billion in 2030. An increase of 153% in barely five years. In the Central American and Caribbean region, the jump is already underway: fraud based on synthetic content—AI-generated voices, images and videos—grew more than 1,000% between 2024 and 2025. That is not a pace of technological adoption; it is an explosion.

The statement is, in essence, a public relations piece by Banco General Costa Rica, signed by its VP of Cybersecurity, Eddy Fortoul. It is worth reading through that filter: the bank has an interest in positioning itself as an ally against fraud. But the underlying data and the threat taxonomy it describes are real and deserve analysis of their own.

The AI fraud ecosystem is structured today around three main vectors. First, executive deepfakes: videos or audio that imitate executives or bank officials with enough fidelity to convince an employee to authorize a transfer or hand over credentials. Second, synthetic identities: profiles built by combining real data from different people to create a fictitious entity capable of passing standard KYC (Know Your Customer) checks. Third, hyper-personalized phishing: messages generated by language models that no longer contain the grammatical errors that once served as a warning sign, and that precisely replicate the tone, branding and context of real institutions.

What makes this convergence especially dangerous is the scale and the cost of entry. Until a few years ago, setting up a sophisticated fraud operation required specialized technical knowledge and significant resources. Today, voice, video and image generation tools are available by monthly subscription. The average criminal need not be an engineer: they need internet access and the patience to fine-tune the right prompt. Companies, by contrast, continue investing in cybersecurity at a linear pace while the threat grows exponentially.

The bank's recommendations—verification through a second channel, multifactor authentication with liveness detection, ongoing staff training and real-time transaction monitoring—are correct and necessary, but they reflect an uncomfortable reality: most organizations in the region still do not apply them systematically. Second-channel verification, for example, is a simple practice with almost no cost, but it clashes with a culture of urgency: attackers specifically manufacture time-pressure scenarios to short-circuit that step.

Our reading is that we are facing the first phase of an asymmetric arms race. Attackers innovate in weeks; corporate compliance systems evolve in quarters or years. That asymmetry is the real structural problem. AI-based detection tools—biometric behavior analysis, video artifact detection, real-time transaction scoring models—exist and are improving rapidly, but their mass deployment in small and medium-sized enterprises in Latin America remains marginal. It is the large corporations and banks that access these defenses first; smaller companies, paradoxically the most vulnerable, remain exposed for longer.

In the long run, AI itself will be the most powerful solution to the threats it creates today. AI-based fraud detection systems are improving steadily, and the trend is for their capacity to expand. But the long run does not help the mid-sized company that tomorrow receives a deepfake of its CEO requesting an urgent transfer. The transition—that period in which offensive tools are democratized but defensive ones are not yet—is exactly where we find ourselves, and it is the most dangerous moment.

The headline's question—could your company detect a fraud created with AI?—is not rhetorical. For most, honestly, the answer is still no.