beebright - stock.adobe.com
Agentic bots and synthetic identities fuel surge in fraud
LexisNexis Risk Solutions warns of a massive 450% rise in agentic traffic and an eight-fold increase in synthetic identity fraud as cyber criminals scale automation to bypass security controls
Global fraud attacks have grown by 8% over the past year, driven by the weaponisation of artificial intelligence (AI) and the rapid emergence of agentic bots capable of bypassing traditional behavioural detection tools.
According to the 2026 cybercrime report from LexisNexis Risk Solutions, which analysed over 116 billion online transactions globally in 2025, malicious actors are increasingly experimenting with the same advanced technologies that are transforming digital commerce.
A key finding from the research is a staggering 450% rise in traffic from AI agents between January and December 2025. Unlike traditional automated scripts, AI agents can impersonate people and mimic human actions, such as natural cursor movements across a login screen, with a high degree of credibility.
“Fraud continues to evolve at pace with digital innovation,” said Stephen Topliss, vice-president of fraud and identity at LexisNexis Risk Solutions. “While organisations are strengthening defences across channels, cybercriminal networks are scaling automation, shifting tactics and probing for any available weaknesses across the digital customer journey.”
Topliss added that attackers are increasingly relying on “advanced bots and AI-driven tools to mimic human behaviour and test defences with unprecedented speed and accuracy.” As a result, the volume of malicious bot attacks grew by 59% globally last year.
The rise of synthetic identities
Apart from the surge in automated and agent-driven attacks, the threat landscape is being reshaped by a rise in synthetic identity fraud.
The report noted an eight-fold global increase in the use of synthetic identities year-over-year, making it the fastest-growing fraud type worldwide. More than one in 10 frauds now involve a synthetic identity, where fraudsters stitch together new, fictitious profiles from various stolen identity attributes to commit financial crimes.
Because there is no immediate victim to raise the alarm, this tactic offers high potential returns. It has proved especially prevalent in Latin America, where synthetic identity fraud now accounts for 48.3% of the region’s fraud.
Despite the growing occurrences of identity fabrication, first-party fraud, where customers defraud organisations themselves, remains the leading source of fraud globally for the second consecutive year, accounting for 38.3% of all reported incidents. In the EMEA region, this figure jumped to over half (51.7%).
E-commerce and betting under siege
The retail and online betting sectors bore the brunt of the sophisticated bot attacks in 2025. The e-commerce fraud attack rate grew by 64%, while the attack rate at the login stage – where criminals attempt to execute account takeovers – skyrocketed by 216%.
Similarly, gaming and gambling platforms experienced a 76% rise in their global attack rate, driven by a growing digital customer base and the lucrative potential of compromising user accounts.
With the evolving fraud landscape, enterprise security and fraud teams will need to rethink their approach to digital intelligence, authentication, and bot mitigation.
“Cyber criminals are experimenting with the same technologies that are transforming digital commerce and organisations must prepare for a future where both legitimate users and malicious actors rely on automated agents to interact online,” said Topliss.
“Those that succeed must be able to confidently distinguish between humans, bots and agents as well as determining intent. We continue to see increasing collaboration between organisations with global digital intelligence, advanced analytics and strong cross-industry partnerships. Organisations that share risk intelligence are best positioned to protect consumers and build trust in the digital economy,” he added.
Reuben Koh, director of security technology and strategy at Akamai, noted that with the rise of bot and agent traffic, e-commerce businesses can no longer rely on blanket bans for automated traffic.
“Merchants have been so used to the old thinking that bots and automation are the enemy,” Koh told Computer Weekly. “Now, they are in a split-brain scenario – they can't block everything anymore because fewer humans are visiting their sites, but they also can't open the floodgates.”
To safely authenticate agentic transactions, the Akamai has teamed up with payment technology firm Visa to evaluate agent activity in real-time using behavioural intelligence and the trusted agent protocol (TAP).
Read more about cyber security in APAC
- Singapore mobilised over 100 cyber defenders to neutralise a sophisticated APT actor which infiltrated Singtel, StarHub, M1 and Simba networks in the country’s largest coordinated cyber incident response to date.
- Japan’s Nikkei has confirmed a major data breach that potentially exposed the personal information of more than 17,000 employees and business partners after hackers infiltrated its internal Slack messaging platform.
- Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high.
- Philippine bank BDO is shoring up its cyber security capabilities to protect its data and systems as it moves more services to the cloud and expands its physical presence into remote areas of the archipelago.
