For the first time in 25 years, the FBI broke out AI-related fraud as its own category. Every technique it describes is a form of brand impersonation with better tools.
When the FBI released its 2025 Internet Crime Report in April, one development mattered more than the headline numbers. For the first time in the IC3’s 25-year history, the bureau broke out artificial intelligence as a tracked fraud category: 22,364 complaints and $893 million in losses.
The techniques in the FBI’s new section read like a who’s who of brand impersonation methods: deepfake videos of public figures endorsing fraudulent investment platforms, voice clones of executives confirming wire transfer instructions, and AI-generated personas conducting fake job interviews to gain corporate network access. The FBI did not create an “AI hacking” category. It created an AI fraud category, and the fraud it describes is impersonation with better tools.
Why the FBI's AI fraud figure is almost certainly an undercount
The FBI’s $893 million AI fraud figure depends entirely on victims recognizing and reporting that AI was involved. Most cannot. Consider investment fraud, the largest subcategory: total losses reached $8.6 billion in 2025, but only 7% of complaints carried an AI tag. The rest were not classified as AI-free. They were classified by victims who had no way of knowing what they were looking at.
Guardio’s Q4 2025 analysis suggests the real involvement rate is far higher. The firm found that 76% of phishing sites now incorporate AI-generated content, from the copy on the page to the social engineering scripts that drive traffic to it. The FBI’s number is measuring what victims happened to notice, not the problem itself.
That gap has a practical implication for how institutions think about detection. If the impersonation is good enough that the victim cannot tell AI was involved, detection that depends on the victim recognizing what happened will miss the same attacks the FBI’s data is missing. The approaches that work regardless, examining what is on the page, how the site was built, and how it connects to known attack infrastructure, do not require the victim or the complaint form to identify what made the impersonation convincing.
What changes when AI fraud gets a federal category
The formal recognition matters for reasons that go beyond the number attached to it.
When the FBI tracks a fraud category, it gives institutional leaders a data point for conversations that have previously relied on anecdote. The argument that AI-enhanced brand impersonation requires detection investment is easier to make when the FBI has assigned it a number, even one that understates the reality. That figure, cited alongside the $3 billion BEC total and the $8.6 billion investment fraud total, provides scale context that board-level conversations require.
It also clarifies what kind of problem AI fraud actually is. Every technique in the FBI’s AI section, from synthetic profiles to cloned voices to generated conversations, is impersonation. AI does not create a new attack category. It makes an existing one dramatically harder to detect through traditional means. Institutions that have invested in vishing detection and email filtering but not in detecting AI-enhanced impersonation across web, social, and mobile channels are defending against the version of the threat the FBI’s own data suggests is already being overtaken.
The Bottom Line
The FBI tracked AI fraud as its own category for the first time and recorded $893 million in losses across 22,364 complaints. The bureau acknowledged the figure likely understates the true scope, and independent detection data showing AI-generated content in 76% of phishing sites supports that assessment. Every technique in the new category is a form of brand impersonation executed with better tools. The formal recognition does not change what is happening. It gives institutions a federal data point for a conversation many of them have not yet had.
Key Takeaways
The FBI’s IC3 recorded 22,364 AI-related complaints with $893 million in losses, the first time the bureau has tracked AI as a separate fraud category in its 25-year history. The FBI acknowledged the figure likely understates the true scope, since most victims do not realize AI was involved.
Investment fraud with AI involvement generated $632 million. Business email compromise with confirmed AI components caused more than $30 million in losses, using voice cloning to impersonate executives and confirm wire transfers. Employment fraud using deepfake interviews contributed $13 million.
AI is counted only when victims recognize and report it. Total investment fraud losses reached $8.6 billion, but only 7% carried an AI tag. Independent detection data from Guardio found that 76% of phishing sites now incorporate AI-generated content, suggesting the true involvement rate is far higher than what complaint data reflects.
Every technique in the FBI’s new AI fraud section involves impersonating a trusted identity: a financial advisor, a CEO, a public figure, or a job interviewer. AI does not create a new attack category. It makes the existing practice of borrowing someone else’s identity dramatically more effective and harder to detect.
If AI-enhanced impersonation is good enough that victims cannot identify AI involvement, detection that depends on victim recognition will miss the same attacks the FBI’s data is missing. Effective detection examines page content, site construction, and infrastructure connections regardless of whether the impersonation was AI-generated or handcrafted.
