Read the full report: Merchant Underwriting in an Age of Bad Agents now.

Agentic payments are the hot topic today, but it’s agentic fraud that should be at the front of everyone’s mind. It represents a real and asymmetric threat that will have major impacts on the payments industry far before the earliest adopters are using agents to regularly make purchases. Failure to recognize and deal with the immediate problem of agentic fraud could not only help derail the success of the agentic payments everyone is distracted by, but it has the potential to usher in a golden era for payments fraudsters that could make ecommerce itself far less attractive to merchants and consumers.

In this article, I’ll examine the four key asymmetries that make agentic fraud so consequential for payments:

• Reliability asymmetry

• Cost asymmetry

• Information asymmetry

• Persistence asymmetry

I’ll also examine what an impending wave of complex, high-volume agentic attacks means for the future of fraud prevention in the industry.

In a game of ever-bigger walls vs ever-bigger ladders, every single aspect of agentic artificial intelligence currently favors the ladder builders. That’s going to have serious implications for the payments industry, because the threat and costs of agentic AI are immediate, whereas the potential payoff is many years down the road. At a minimum, the industry needs to move fast to make today’s best premium fraud prevention tools the baseline norm. At worst, a major victory for the bad guys may just be inevitable, even if temporarily.

Reliability Asymmetry: Bad Agents Can Fail Without Consequence, Good Ones Can’t

It’s hard to win when the playing field is tilted against you. The reality of security and fraud prevention is that bad actors don’t have to follow the same rules or meet the same standards that legitimate businesses do, and that gives them an advantage. Agentic AI takes that tilt in the playing field and pushes it to new extremes.

Today, the rollout of AI agents at companies is extremely limited. Recent research from Anthropic shows that the vast majority of agents on its public API only tackle low-risk, reversible tasks that fall well below the company’s own bar for “high autonomy.” Of all those agentic API calls, 73% still have a human in the loop and less than 1% involve an irreversible action.

The reason for this toe-dipping is simple: companies have regulatory, financial and reputational considerations that they must manage, and that creates limitations that they must adhere to. The agentic space is still the wild west, and agents, as they exist, represent serious risk. This is especially true in the payments space where questions of liability loom large. If an agent goes rogue or fails badly, it can have serious business consequences, so payments companies can’t just turn agents loose haphazardly and hope for the best.

Fraudsters face no such limitations.

While deployment of agents at scale represents a huge risk for companies, it involves effectively zero risk for fraudsters, who have no reputation to protect, no customers to keep happy, no compliance requirements and no laws to follow.

Operationally, agent failures are no concern for bad actors, because failure is the expectation anyway. Fraud is a numbers game in which perpetrators know that the vast majority of their financial gains will come from a very small sample of successful attacks. Agents represent a way for them to scale those attacks cheaply and easily, and even high rates of task failure or misalignment don’t really matter because attacks can just be run again, over and over. The potential ability of future agents to self-refine makes this an even bigger asymmetrical threat in favor of the bad guys.

Cost Asymmetry: Bad Agents Can Be Spun Up Far Cheaper Than AI-Powered Defenses

The cost of AI is currently a hot topic. GitHub Co-Pilot and Claude Code both recently moved to token-based billing that saw users’ costs increase anywhere from 20% to over 20x. We are currently in the phase of AI rollout where companies like OpenAI and Anthropic are getting ready to IPO and it’s time to face the music that, until now, everything we’ve done with AI has been heavily subsidized by VC money, and prices for access to top models are going to go up.

So, with subsidies running dry and things like token-based billing rolling out, how will bad actors be able to employ agents at scale without their costs ballooning out of control?

The answer lies in free, open source models. As previously explained, fraud and cybercrime are numbers games where all but a small percentage of attacks are expected to fail. That means bad actors don’t need cutting edge models to run persistent, agentic attacks – at least not for simpler schemes. Free frontier-class models like DeepSeek are more than powerful enough to drive agentic fraud. And, while proprietary frontier models like ChatGPT, Claude and DeepSeek have started to pull away again, open-source models that can be run locally are less than a year behind in capability – no issue when automated volume is the primary goal.

In contrast, there is huge pressure on companies to use frontier models. That requires absorbing the cost increases coming down the pipe as labs like OpenAI and Anthropic go public and face pressure to stop losing billions of dollars every year.

(Note: the recent SpaceX IPO prospectus laid these losses bare, showing the xAI division took $2.47 billion in losses on $818 million in revenue in Q1 2026 alone.)

For the payments industry, this represents a second huge asymmetrical disadvantage. Stakeholders will expect anti-fraud tools, and AI tools in general, to be running on cutting-edge AI, which will come at increasingly steep costs. At the same time, the bad guys will be more than happy to get by spooling up armies of agents using tools like OpenClaw and free models like DeepSeek or Qwen3.

Information Asymmetry: In the War Against Payments Fraud, Fog Favors Bad Guys

The AI industry as a whole is still very much a black box. Upcoming IPOs of pure-play AI companies may help shed some light on where the technology actually stands. But, today, there are far more questions than answers.

Where are the lines between real future capabilities, hype, marketing and downright deception? Who is liable for damage resulting from actions taken by autonomous AI systems? When will lawmakers around the world begin to regulate AI in earnest? What is the appropriate balance of regulation that achieves societal good without kneecapping advancement? Are LLMs a dead end on the path to theoretical AGI and what does that mean for business outcomes? What does the term “agent” even mean?

Today, we have no answers to (or even general agreement on) any of these questions. That puts companies in the extremely difficult position of trying to invest in AI to avoid being left behind without having any real idea of what tomorrow is going to look like technologically or legally. This creates the third asymmetry that tilts the fraud battlefield in favor of bad actors: there is a fog of war that really only impacts one side.

Companies must make critical decisions about how and where to direct their AI investments in an extremely dynamic, low-information environment. The stakes of this are low when it comes to adopting LLMs for simple tasks like summarizing meeting notes or drafting emails. They go up when it comes to critical operational tasks like adopting copilots. But they go way up when it comes to building and employing autonomous agentic systems. At best, getting it wrong means falling behind, but at worst, heavy investment without clear direction could be financially catastrophic.

Fraudsters, on the other hand, have no need for better information or strategic caution because they don’t care where the technology or the regulatory landscape goes tomorrow. They can employ the tools available today with reckless abandon, without worrying about things like accruing technical debt or disruptions to their operations if the rules change. The fog is not a hindrance to them, it’s cover. That allows fraudsters to be first movers, barreling forward at speed while the organizations on defense are leaned in, squinting, just trying to see the landscape a few feet ahead.

Persistence Asymmetry: It’s Easy for Fraudsters to be Persistent and Hard for Defenders

Advanced persistent threats (APTs) are highly sophisticated cyberattacks that are designed to constantly probe and chip away at security over a long period. They use techniques like polymorphism to re-disguise themselves continuously and adapt tactics as they build a picture of defense systems. If a DDOS attack is shock and awe, APTs are a siege.

Until recently, running APTs was so complex and costly that it was mostly a tool employed by state intelligence services. Anthropic reports that these actors have already been documented using Claude Code to streamline the process. But widespread access to cheap agents is going to change the barriers to entry entirely.

Agents are tools designed specifically for low-cost, repetitive action at speeds and scales humans can’t match, and that makes them ideal tools for APTs. But with open source models and agent management systems, anyone with the right technical knowledge can theoretically spool up home-brew attacks that closely resemble APTs.

Even without technical knowledge, Fraud-as-a-Service (FaaS) is already exploding. For example, in 2025, data from Recorded Future showed a 4x increase in scam merchant accounts over the prior year. This is directly attributable to FaaS and AI-powered boosts in everything from phishing to synthetic identity creation and beyond. Agentic FaaS is going to democratize APTs and make it possible for anyone with the desire to run complex, long-lasting, recursively improving attacks.

On the opposite side, AI-powered anti-fraud measures are fairly well equipped to handle the siege, but it’s still going to result in tighter screening, and a higher rate of “customer insult” – when false positives incorrectly deny or quarantine a legitimate customer’s payment. But processes like merchant underwriting are much less prepared for siege-style fraud, and this is where the persistence asymmetry really comes into play.

As Recorded Future’s data shows, more fraudulent accounts will slip through the cracks, which means re-underwriting will have to happen far more frequently, if not constantly, in order to catch bad sellers and long-term fraud like bust-out schemes. Automated underwriting systems can help with that, but it still costs money to run scans, especially if databases are being queried. That makes it much harder and more expensive for payments companies to run persistent defense than it is for bad guys to play persistent offense.

What Does Agentic Asymmetry Mean for the Future of Payments Fraud Prevention?

1. Fraud Defense Must Become Universally Persistent and Highly Adaptable

Agentic fraud will be both persistent and recursively adaptable, and in this case, the only way to fight fire is with fire. AI-powered anti-fraud tools, which today are still considered a premium value-added service (VAS), not only need to get better, but they must also become the baseline norm in all aspects of payments.

Every merchant will need to be on the most advanced real-time risk scoring and decisioning tools or they will see both successful fraud and false positives spike. Every merchant will need the most advanced dispute management systems or they risk getting buried in chargebacks. Payment providers themselves will need highly automated, persistent underwriting systems to stop the tidal wave of merchant account fraud that is already building. These tools will no longer be a question of efficiency or optimization; they will need to be the baseline layer if the industry has any hope of keeping up with the unparalleled volume and sophistication of agent-driven fraud that is years away at most.

2. Investment in Fraud Prevention Needs to Go Way Up at a Time When Merchants are Starting to Tighten Their Belts

In its 2026 Global eCommerce Payments and Fraud Report, the Merchant Risk Council found that merchants are starting to prioritize cost-minimization in their fraud management over improvements in outcome, including reducing attacks and improving the customer experience. The MRC data shows that, while over half of merchants still intend to spend more on anti-fraud tools over the next two years, the number is down seven percentage points over the prior year, and planned spending on staff/talent is way down.

Faced with rises in the cost of everything, merchants are starting to pull back from the fight against fraud at the exact time they need to be upgrading their defenses. This signals a wider cost problem and it means that providers looking to get better tools into the hands of merchants need to do one of two things: invest in making AI/ML-powered fraud prevention more affordable, or accept thinner or zero margins on advanced anti-fraud VAS.

3. There May be a Brief, But Unavoidable Golden Age for Fraudsters

There is a real possibility that the proliferation of asymmetric agentic fraud will, at least for a time, simply overwhelm the ability of merchants and payment providers to fight back. That could result in either a golden age or dark age of payments fraud, depending on which side of the line you’re on, with big impacts on the behavior of both consumers and merchants.

We already know that younger consumers are drifting back to brick-and-mortar, preferring the experiential aspects of in-store shopping. If the ecommerce fraud arena gets hostile enough, things like elevated risk of data breaches and transaction decline rates could result in a big migration away from ecommerce toward in-store environments perceived as less risky. On the merchant side, if the costs of fraud losses and the battle against them gets too high, it’s not difficult to imagine omnichannel sellers starting to deprioritize or even disincentivize web sales.

4. Companies Should Carefully Consider the Role of Consumer and Merchant Trust in Future Tech

Proliferation of agent-powered fraud will push both merchants and consumers towards payment methods they perceive as high-trust and high-safety. That could create an additional barrier to the adoption of agentic commerce. In addition to the issue of asymmetric reliability mentioned above, agentic commerce is currently in a low-to-no trust zone, with the complete absence of any guidance or regulation on questions like how consumers will be protected and who is liable for glitches and misaligned or rogue transactions.

Payment companies, up to and including the big card networks like Visa and Mastercard, understandably don’t want to get left behind if agentic commerce changes the way we shop to the same degree that ecommerce did. But, in a world where agents are going to benefit fraud and cybercrime far faster and far more extensively than they will consumers, trust could be at an even bigger premium and agents themselves may turn out to have a branding problem. Companies should consider this when forecasting how near agentic commerce adoption really is, because big investments that are too early can have the same consequences as big investments that are wrong.