When AI agents start acting – the risks we can’t ignore

The next wave of AI is here. Large Language Models (LLMs) are no longer just answering questions – they’re starting to act on our behalf.

With the launch of ChatGPT’s agent-powered commerce, AI agents can now browse, buy, email, and execute tasks. It’s an exciting leap forward for productivity and ecommerce. But with this step comes a new category of risk – one that could reshape fraud and financial crime in ways we’re only beginning to understand.

‍

The risk: the “lethal trifecta”

Security experts have started warning about a dangerous combination that makes AI agents especially vulnerable. They call it the lethal trifecta:

1. Input you don’t control – AI agents often ingest outside sources such as emails, PDFs, or websites. Hidden instructions can be planted inside these inputs to manipulate behaviour.
2. Access to private data – If the model can see source code, card details, or customer records, that information becomes exposed.
3. Ability to act in the outside world – When the agent can send an email, make a purchase, or move money, those manipulations become real actions.

Each of these on its own is manageable. Together, they create a recipe for serious exploitation.

We haven’t yet seen a billion-dollar fraud driven by AI agents. But the building blocks are already here.

‍

Early warning signs

The industry has already had glimpses of what this could look like:

• Customer-service bots tricked into abusive responses
• AI assistants hacked by malicious PDFs
• Quiet patches rolled out by major providers to close unreported vulnerabilities

These incidents have been small. But they hint at the larger risks as AI agents become more powerful and more connected.

‍

Fortify’s approach: safety by design

AI agents hold huge potential in fraud and AML – spotting patterns faster, testing rules automatically, and cutting hours of manual work. But they can only deliver that value if they’re safe by design.

That’s why we’re building robust LLM systems with three core safeguards:

Guard against malicious input – validate and filter what goes in, so hidden instructions can’t hijack the model.

Protect the data – tightly scope what the model can access, and make inputs immutable wherever possible.

Control the outputs – put guardrails around external actions, and require explicit user consent for anything high-risk.

‍

The future of fraud prevention lies in balance: AI that amplifies human expertise without taking over the decisions that matter most.

LLMs are reshaping industries, and financial crime will be no exception. The organisations that thrive will be those that anticipate the risks – and build systems resilient enough to withstand them.

At Fortify, our mission is to bring the power of AI into fraud and AML responsibly – combining innovation with the safeguards that protect customers, institutions, and the financial system itself.

‍