In January 2024, a finance employee in the Hong Kong office of Arup, the London-based engineering firm behind the Sydney Opera House, received an email that appeared to come from the company's United Kingdom-based chief financial officer. The message described a confidential transaction requiring his discreet assistance. He suspected phishing—exactly as his training had taught him to. So the attackers escalated. They invited him to a video conference, and on that call he saw and heard the chief financial officer, along with colleagues he recognized. Reassured by the faces and voices of people he knew, he executed fifteen wire transfers totaling HK$200 million, approximately $25 million, into five local bank accounts.¹
Every participant on that call, other than the employee himself, was a fabrication—an artificial-intelligence-generated likeness assembled from publicly available video and audio of Arup's executives.² The fraud surfaced only when the employee followed up with the company's actual headquarters, which had authorized no such transaction and held no such meeting.²
What makes the Arup case instructive is what did not happen. No system was penetrated. No malware was deployed. No data was stolen. Arup's chief information officer later described the episode as "technology-enhanced social engineering"—a crime committed entirely against human perception, using the ordinary machinery of corporate life: an email, a meeting invitation, a familiar face on a screen.³
This publication has examined artificial intelligence from two directions. We have analyzed AI as a subject of financial reporting—the depreciation schedules, circular financing arrangements, and unconsolidated vehicles through which the build-out is being capitalized. Separately, our examination of AI washing treated it as a subject of misrepresentation—an emerging category of securities fraud.⁴ This article addresses a third and, in our assessment, more consequential development: artificial intelligence as an instrument of fraud—specifically, its capacity to corrupt the evidentiary layer on which the entire financial reporting system rests.
Financial statements are abstractions built on artifacts. Beneath every revenue line sit invoices, contracts, shipping documents, and confirmations. Beneath every cash balance sit bank statements and reconciliations. Beneath every disbursement sits an authorization—a signature, an approval workflow, a voice on a call. The reliability of the entire edifice depends on an assumption so foundational that it is rarely stated aloud: that these artifacts are, in the ordinary course, what they appear to be. That assumption is written directly into the world's auditing standards. Generative artificial intelligence has now destroyed the economic premise on which it rested. And the standard-setters, in a development that has received remarkably little attention from the investing public, have quietly begun to repeal it.
Auditing has never promised authentication. The professional standards governing audits in the United States and internationally have long contained an explicit permission that most investors have never read. Under the AICPA's auditing standards, unless conditions cause the auditor to believe otherwise, the auditor "may accept records and documents as genuine"—a presumption mirrored for two decades in paragraph 14 of the extant international fraud standard, ISA 240.⁵ The PCAOB's fraud standard is even more direct about the limitation. AS 2401 acknowledges that fraud may be concealed through falsified documentation, including forgery, and then states that an audit conducted under PCAOB standards "rarely involves the authentication of such documentation"—adding that auditors are neither trained as, nor expected to be, experts in such authentication.⁶
For most of the profession's history, this presumption was defensible. Forgery was expensive. Producing a convincing counterfeit invoice, bank statement, or executed contract required skill, equipment, access, and time. A fraudster who wished to deceive an auditor had to invest real resources in each fabricated artifact, and each artifact carried forensic fingerprints—typography, paper stock, signature dynamics, formatting inconsistencies—that a skeptical reviewer might catch. The presumption of genuineness was, in effect, a piece of economic reasoning embedded in professional standards: because forgery is costly, the marginal document is probably real, and the auditor's finite hours are better spent elsewhere.
The fraud data has always reflected how central fabricated paper is to concealment. In the Association of Certified Fraud Examiners' global casework, the single most common method fraudsters used to conceal their schemes was the creation of fraudulent physical documents, present in 39 percent of cases, with the alteration of documents and the creation of fraudulent electronic files close behind. The ACFE's most recent global study estimates that organizations lose 5 percent of revenues to fraud annually, that financial statement fraud is the least common category and by far the costliest at a median loss of $766,000 per case, and that more than half of all occupational frauds trace to absent or overridden internal controls.⁷ Concealment through fabricated documentation, in other words, is the historical norm of fraud. The only thing protecting the system was the price of the fabrication.
That price has now collapsed to approximately zero.
In late March 2025, OpenAI released an upgraded image-generation capability within GPT-4o whose defining improvement was the accurate rendering of text inside photorealistic images. Within days, users were publishing AI-generated restaurant receipts—wrinkled, stained, itemized, photographed at an angle on a wooden table—that were indistinguishable at a glance from the real thing. One widely circulated demonstration produced a complete receipt from a real San Francisco steakhouse, its author observing that verification workflows relying on photographed images as proof had effectively ended.⁸
Within six months, the demonstration had become operating data. By October 2025, the Financial Times was reporting a wave of AI-fabricated receipts moving through corporate expense systems: the software provider AppZen reported that AI-generated fakes accounted for roughly 14 percent of fraudulent documents submitted in September 2025, against zero a year earlier; the fintech Ramp flagged more than $1 million in fraudulent invoices within ninety days of deploying detection tooling; roughly 30 percent of surveyed finance professionals in the United States and United Kingdom reported an increase in falsified receipts since GPT-4o's release; and SAP Concur, which runs more than 80 million compliance checks per month, began telling its customers, "Do not trust your eyes."⁹
The trajectory since then should trouble any investor inclined to dismiss this as a niche problem. By mid-May 2026, according to AppZen platform data reported in the trade press, AI-generated receipts had gone from 0 percent of flagged fraudulent documents in March 2025 to 70.8 percent—1,471 fabricated receipts submitted by 745 employees across 174 companies, claiming $148,143 in reimbursements. The average AI-generated fake ran about $100, against $182 for older template-based forgeries, a sizing pattern that appears deliberate: small enough to slide beneath auto-approval thresholds and cursory review. In a separate survey published this June, 40 percent of U.S. employees admitted to having used AI to generate a fake receipt.¹⁰
Expense receipts are, in themselves, small. The cost curve behind them is the finding. The same generative capability that produces a $100 restaurant receipt produces a vendor invoice, a purchase order, a bill of lading, a bank statement, an insurance certificate, or a signed contract amendment—each rendered with correct logos, plausible reference numbers, and internally consistent arithmetic, in seconds, by a person with no design skill whatsoever. The identity-verification industry has been measuring this shift for longer than the accounting profession has. Entrust's global fraud analysis found that a deepfake attempt occurred every five minutes during 2024, and that digital document forgeries rose 244 percent year over year to become, for the first time, the dominant mode of document fraud at 57 percent of cases—a roughly 1,600 percent increase since 2021, when nearly all fraudulent documents were still physical counterfeits.¹¹
The United States Treasury's financial crimes unit has formally recognized the pattern. In November 2024, FinCEN issued an alert to financial institutions describing a surge in suspicious activity reports involving deepfake media, warning that criminals were using generative AI to create falsified documents, photographs, and videos specifically to defeat identity verification and due diligence controls, and establishing a dedicated reporting keyword to track the typology across the banking system.¹² Deloitte's Center for Financial Services has projected that generative AI could drive United States fraud losses from $12.3 billion in 2023 to $40 billion by 2027—a 32 percent compound annual growth rate.¹³
Even the executives building the underlying technology have moved from caution to alarm. In July 2025, sitting across from the Federal Reserve's Vice Chair for Supervision at a Federal Reserve conference in Washington, OpenAI chief executive Sam Altman warned, "I am very nervous that we have an impending, significant, impending fraud crisis." He singled out financial institutions that still accept a voiceprint to authenticate large money movements, describing voice-based authentication—and most other authentication short of passwords—as already defeated, with video calls indistinguishable from reality close behind.¹⁴
The professionals whose occupation is catching fraud describe themselves as outmatched. In the ACFE's 2026 benchmarking study with SAS, 75 percent of anti-fraud professionals reported an increase in generative AI document fraud and forgery over the prior two years, 77 percent reported growth in deepfake social engineering, and 55 percent expected significant further increases in the coming twenty-four months. Only 7 percent described their organizations as more than moderately prepared to detect or prevent AI-driven fraud.¹⁵
The economic reasoning embedded in the presumption of genuineness has therefore inverted. The presumption held that because forgery is costly, the marginal document is probably authentic. Forgery is now free, instant, and skill-less. A professional standard that treats documents as presumptively genuine has become, in substance, a subsidy to the people manufacturing them.
Briefings on markets, governance, and our investment philosophy—delivered directly.
Documents form one layer of the evidentiary system; the other is authorization—the question of who actually instructed what. Most corporate payment fraud has historically traveled through business email compromise—the impersonation of an executive or vendor in writing—and the FBI's Internet Crime Complaint Center recorded $2.77 billion in business email compromise losses across 21,442 complaints in 2024 alone, the second-costliest category in a record $16.6 billion year.¹⁶ For two decades, the control that stopped these schemes was verification through a richer channel: call the person, hear the voice, see the face. The entire discipline of payment verification is built on the premise that a human being can recognize another human being.
The Arup case demonstrates the failure mode of that premise, and it is worth being precise about what failed. The employee did not skip verification. He performed it. He doubted the email, sought richer confirmation, and received it—from a counterfeit channel that looked and sounded exactly like the real one. The verification step itself was the attack surface.
The pattern is no longer isolated. In July 2024, an executive at Ferrari received WhatsApp messages purporting to come from chief executive Benedetto Vigna, describing an imminent confidential acquisition, urging the signing of a nondisclosure agreement, and asserting that Italy's market regulator and the Milan exchange had already been informed—a fraud that dressed itself in the costume of securities regulation to manufacture legitimacy. A live phone call followed, in a cloned voice that reproduced Vigna's southern Italian accent almost perfectly. The executive grew suspicious of slight mechanical intonations and said, "Sorry, Benedetto, but I need to identify you," asking which book Vigna had recommended to him days earlier. The caller hung up. Two months earlier, the chief executive of WPP had been targeted with a comparably elaborate scheme built around a fabricated Teams presence.¹⁷ These attempts failed on the alertness of a single individual—a control that does not scale, cannot be tested, and, per the ACFE data above, is already losing.
The same synthetic-identity machinery is being aimed at institutional controls, and at financial institutions' own systems, at the account level. At the police briefing announcing the Arup case, Hong Kong authorities disclosed arrests in similar deepfake schemes, in which a ring used eight stolen identity cards to file ninety loan applications and open fifty-four bank accounts, deploying deepfakes to trick facial recognition checks on at least twenty occasions.¹⁸
For investors focused on financial reporting, the implications run deeper than treasury theft. The auditing standards treat management override of controls as the apex fraud risk precisely because managers can direct subordinates and falsify records. Synthetic media creates a category the standards never contemplated: override without management. An outside actor—or an insider laundering intent through an apparently outside actor—can now issue instructions wearing the chief financial officer's face. And the same channels that move money are channels that manufacture audit evidence. A confirmation call with a counterparty, a video walkthrough of a warehouse, a screen-share of a banking portal during interim testing: each of these is a control that terminates in human perception, and controls that terminate in human perception now fail as a class.
While generative AI dissolves the evidentiary perimeter from the outside, it is simultaneously being installed at the center of the financial reporting process itself. KPMG's 2024 global study of 1,800 companies found that 72 percent were already applying AI in their financial reporting processes to some degree, with 99 percent expecting to be piloting or using it within three years; among United States respondents the three-year figure was 100 percent, and 83 percent of financial reporting leaders said it was important that their external auditors use AI in the audit.¹⁹ By this year, KPMG's follow-on survey of 1,013 senior finance leaders found more than three quarters of organizations using AI across financial planning, reporting, and analysis, with agentic deployments—systems that take actions inside workflows—emerging as the differentiator, and with a striking governance finding: organizations able to produce efficient "AI audit evidence" over their own systems reported significant improvement at three to six times the rate of those that cannot.²⁰
The audit firms are racing to the same destination. KPMG has described more than $2 billion of investment to embed AI capabilities across its business, alongside enhanced alliances with Microsoft and other technology providers.²¹ Deloitte has announced $3 billion in generative AI investment through fiscal 2030 and, in October 2025, a partnership making Anthropic's Claude available to more than 470,000 of its professionals.²² KPMG's Clara platform now scores 100 percent of transaction populations in the audit, an approach that retires sampling as the default.²³ We want to be plain about the upside: full-population analysis is a genuine advance, and it is precisely the kind of capability forensic analysts have long wanted pointed at the general ledger. The trouble is that the identical technology also collapses the cost of producing polished, internally consistent falsehood, and nothing guarantees the defensive application matures faster than the offensive one.
What the record of the past three years shows is that the institutions deploying these tools have repeatedly failed at the one discipline that matters most in an environment of synthetic content: verifying that cited evidence exists. The courts saw it first. In Mata v. Avianca, lawyers filed a brief built on six judicial opinions that ChatGPT had invented—complete with fabricated quotations, docket numbers, and internal citations—then doubled down by submitting the fake opinions themselves after opposing counsel could not locate them, drawing a $5,000 sanction and an order to send corrective letters to every judge falsely named as an author. By mid-2025, a federal court in Alabama had concluded that monetary sanctions were failing to deter the practice and disqualified the offending counsel instead.²⁴
Then the pattern reached the accounting profession's own publications. In October 2025, Deloitte Australia agreed to refund part of an AU$440,000 fee after its assurance review for a federal department was found to contain citations to nonexistent academic works attributed to a real law professor and a fabricated quotation attributed to a real Federal Court judgment; the corrected version disclosed, for the first time, that a GPT-4o tool chain had been used in the work.²⁵ In May 2026, EY Canada withdrew a 44-page cybersecurity report after researchers at GPTZero found that 16 of its 27 cited sources were fabricated, misattributed, or nonfunctional; by then, the report had circulated in client-facing materials, and its invented claims had traveled, through a syndicated article, into more than sixty newspapers. GPTZero's researchers coined a term for the pattern, "vibe citations," and documented the fabrications resurfacing in the answers of AI assistants: counterfeit evidence feeding the training data for the next generation of counterfeit evidence.²⁶ In June 2026, KPMG pulled its flagship report on agentic AI after a forensic review found that only five of its forty-five citations pointed to real, intact sources, and after UBS, the National Health Service, Swiss Federal Railways, and Transport for London disputed the report's claims about their AI deployments in comments to the Financial Times.²⁷ The law firms have not been spared: Sullivan & Cromwell recently apologized to a New York court for a filing containing inaccurate citations and misquoted provisions of the bankruptcy code.²⁸
None of these documents was an audit opinion, and the distinction matters. It also offers limited comfort. These are organizations whose commercial product is verification, publishing under their own brands, failing at source verification under ordinary deadline pressure, using the same class of tools now entering the close process and the audit file. A reader is entitled to ask a simple question: if fabricated evidence can survive review all the way into a Big Four firm's flagship publication, what is the basis for confidence that it cannot survive review into a workpaper?
The regulatory response is underway, and its timeline is the most important fact in this article.
The PCAOB has modernized its evidence standard for the age of electronic information. Amendments adopted in June 2024 and approved by the SEC that August—effective for audits of fiscal years beginning on or after December 15, 2025, which is to say the audits underway right now—clarify auditors' responsibilities when performing technology-assisted analysis, including a new requirement, AS 1105.10A, addressing the reliability of external information provided by the company in electronic form. The adopting release states expressly, however, that the amendments do not address other technology applications used in audits, such as artificial intelligence.²⁹ The Board's staff, in a July 2024 outreach publication, found generative AI use in audits still concentrated in administrative and research activities, with the firms themselves flagging the technology's capacity to generate false or misleading content.³⁰ The fraud standard itself, AS 2401, remains in its relevant paragraphs substantively the text adopted a generation ago; the Board maintains an open research project evaluating whether it should be revised to reflect developments in practice.³¹
The definitive acknowledgment came from the international standard-setter. In July 2025, the IAASB issued ISA 240 (Revised), its rewritten fraud standard, effective for audits of financial statements for periods beginning on or after December 15, 2026.³² Buried within that revision is the change this article has been building toward: the sentence permitting auditors to accept records and documents as genuine absent contrary indications is gone. The IAASB removed it, its explanatory materials make clear, specifically to press auditors toward investigating conditions that suggest a record may be inauthentic or altered.³³ The general principle survives elsewhere in the standards, and the IAASB has been careful to note that auditors are not expected to presume every document inauthentic; the deletion is targeted at the fraud context, where the cost of a false presumption is highest. The AICPA has proposed the parallel change for the standards governing audits of private United States companies.³⁴
Read plainly, the sequence is this. The international standard-setter has concluded that, in the context of fraud, the presumption of genuineness can no longer stand unexamined, and it has stripped the sentence from its fraud standard—with an effective date. For calendar-year companies, audits conducted under the old text will continue to be signed into 2027. The technology broke the presumption sometime around 2023. The gap between those two dates is not a technicality. It is the period during which fabrication is cheap, authentication is optional, and the auditor's report reflects an assumption the international standard-setter has already voted to remove from its fraud standard.
The supervisory findings on the audit firms' own AI adoption do not suggest the profession is ahead of its regulators. In June 2025, the United Kingdom's Financial Reporting Council published its first guidance on AI in the audit alongside a thematic review of the six largest firms, finding "no formal monitoring performed by the firms to quantify the audit quality impact" of the automated tools already embedded in their audits, with five of the six maintaining no performance indicators for those tools at all; a second round of guidance, addressing generative and agentic AI specifically, followed in March 2026.³⁵
There is also a second-order effect, and it may prove the more corrosive one. Legal scholars Robert Chesney and Danielle Citron, writing in 2019, named it the "liar's dividend": as the public learns that any recording can be fabricated, genuine evidence becomes deniable.³⁶ In capital markets terms, the dividend accrues to whoever has the most to hide. A recorded call in which an executive gives revenue guidance he later regrets, a whistleblower's tape, a damaging internal video—each can now be met with a plausible-sounding claim of synthesis, and the claim grows more plausible with every deepfake headline. This lands in a market whose external fraud-detection capacity was already contracting. As we documented earlier this year, the activist short sellers who historically surfaced fabricated-evidence frauds—Wirecard's missing billions, Nikola's rolling truck—are disappearing, and the gap they leave was dangerous before the evidence itself became synthetic.³⁷
The response to a structural change in the cost of fabrication cannot be confined to the audit file. It runs through portfolio-company governance, auditor oversight, and the investor's own analytical process. Five adjustments follow directly from the record above.
The first adjustment belongs to portfolio-company boards, and institutional investors should be raising it in every governance engagement: treat evidence integrity as an internal-control domain rather than an information-technology purchase. The exercise is an inventory. Identify every control in the organization that terminates in a human being perceiving an artifact—a voice on a callback, a face on an approval call, an emailed PDF invoice, a scanned bank statement—and ask what happens to that control when the artifact is synthetic. Payment authorization above meaningful thresholds should verify through channels that do not depend on perception at all: out-of-band confirmation to independently sourced contact details, system-to-system verification against the counterparty's records, cryptographic provenance where the infrastructure supports it, and challenge protocols built on shared non-public knowledge, which is the control that saved Ferrari. FinCEN's recommended mitigations—phishing-resistant multifactor authentication and live verification checks—describe a floor, and boards should hear management explain how the disbursement stack has been tested against the Arup pattern specifically.¹²
The second adjustment concerns disclosure: investors should demand to know where AI sits inside the financial close. Adoption is headed toward effectively universal within the planning horizon, so the useful questions concern placement and verification.¹⁹ Which reconciliations, estimates, and disclosure drafts touch generative tools. What map exists from those touchpoints to the company's internal control over financial reporting. Who reviews machine output, against which system of record, before it enters the reporting chain. How errors and incidents escalate. The survey evidence indicates that organizations able to produce governance evidence over their own AI report materially better operational outcomes; investors should treat the ability to produce that evidence, on request, as the standard.²⁰
The third adjustment is auditor interrogation, through the audit committee and directly where access permits. How does the engagement team authenticate high-risk evidence in an environment where fabrication is costless. What share of confirmations flows through controlled electronic platforms rather than through documents supplied by management. How is AS 1105.10A being implemented on this engagement. Will the firm adopt the authenticity-investigation requirements of ISA 240 (Revised) ahead of the effective date, which the IAASB has explicitly encouraged.³² What indicators does the firm maintain for the effect of its own AI tools on audit quality—recalling that the United Kingdom's regulator found essentially none.³⁵ And, given the record of fabricated citations reaching the profession's own flagship publications, what specific verification stands between a generative tool's output and the audit file.²⁵ ²⁶ ²⁷
The fourth adjustment is analytical, and it is the one closest to this firm's own practice: reprice documentation quality as a signal. Forensic analysis has traditionally treated a complete, consistent, well-organized paper trail as comfort. When paper is free, immaculate documentation deserves less evidentiary weight, and triangulation deserves more. The instruments that remain expensive to fake at scale are the ones to anchor on: cash actually converting and clearing through third-party institutions, taxes actually paid to governments, counterparties approached through channels the company does not control, externally observable operations—shipments, headcount, power consumption, foot traffic—and consistency across regulatory filings that would have to be co-falsified across multiple agencies and jurisdictions. In an environment where accounting errors are already migrating into quieter severity classifications³⁸ and going-concern warnings routinely arrive at the door of the bankruptcy court or later,³⁹ the artifact layer beneath the financial statements is the last thing an investor can afford to take on faith.
The fifth adjustment is collective. Institutional investors should support the verification infrastructure the market is going to need: content-provenance standards for corporate documents and media, disclosure norms for deepfake incidents involving corporate treasuries—which today surface mainly through police briefings and investigative journalism rather than through issuer disclosure—and engagement with the fraud-standard modernization now open at the PCAOB, where investor comment is likely to be outnumbered by preparer comment.³¹ The activist short sellers who once performed external verification for free are fewer each year.³⁷ The verification does not perform itself.
For roughly a century, the financial reporting system priced documents at the cost of forging them. The presumption of genuineness was never naivety. It was arithmetic—an accurate judgment that fabricating convincing evidence was expensive enough to be rare, and that the scarce hours of auditors and analysts were better spent on judgment than on authentication. Every input to that arithmetic has now changed. A convincing document costs nothing. A convincing voice costs nothing. A convincing face on a live video call costs very little, and the price is falling.
The standard-setters have conceded the point in the most explicit way available to them: by deleting the presumption from the fraud standard. The deletion takes effect for fiscal years beginning on or after December 15, 2026. The technology did not wait for the effective date, and the people using it offensively are not waiting either—the expense-fraud data, the FinCEN typologies, and the anti-fraud profession's own surveys all describe an escalation already in progress.
Investors should be clear-eyed about what this means for the frauds to come. Frauds once betrayed themselves through missing paper—the invoice that could not be produced, the confirmation that never arrived, the file that was always about to be sent. The coming generation will arrive over-documented: every invoice crisp, every approval logged, every reference internally consistent, every voice on the call familiar. The tell is inverting. Analysts trained to hunt for the missing document will increasingly need to question the flawless one.
For a century, the paper itself was the proof. That era ended quietly, in a Hong Kong conference room, on a video call where every face was manufactured—and the market has not yet repriced what it can no longer verify.
June 10, 2026
Read
June 4, 2026
Read
June 2, 2026
Read
Briefings on markets, governance, and our investment philosophy—delivered directly.
Referenced Sources:
[1] CFO Dive, "Scammers siphon $25M from engineering firm Arup via AI deepfake 'CFO'" (May 17, 2024), reporting the Financial Times' identification of Arup as the previously unnamed Hong Kong deepfake victim, with transfers totaling HK$200 million (approximately $25 million) sent to five Hong Kong bank accounts.
[2] Hong Kong Police Force account of the incident, delivered in press briefings by Senior Superintendent Baron Chan Shun-ching and summarized in, e.g., Eftsure, "Arup deepfake CFO scam: Finance worker loses $25m," and PurpleSec, "Arup Deepfake: How an AI-Generated Video Stole $25 Million," documenting the initial phishing email purporting to come from the UK-based chief financial officer, the video conference in which every participant other than the victim was AI-generated from publicly available video and audio, and the execution of fifteen transfers.
[3] World Economic Forum, "Cybercrime: Lessons learned from a $25m deepfake attack" (February 2025) (interview with Arup Chief Information Officer Rob Greig, confirming that no Arup systems were compromised and no data was affected).
[4] Buxton Helmsley, "Powered by Artificial Intelligence, Built on Artificial Claims: How AI Washing Became America's Newest Securities Fraud—and How Forensic Investors Can Detect It," Insights (March 17, 2026). See also "The Useful Life Question," Insights (April 28, 2026); "The Circular Bargain," Insights (May 28, 2026); "Off the Balance Sheet, On the Hook," Insights (June 2, 2026) (examining the financing and accounting architecture of the artificial intelligence build-out).
[5] AICPA, AU-C Section 240, Consideration of Fraud in a Financial Statement Audit, paragraph .13; see also IAASB, ISA 240 (extant), paragraph 14 (containing the equivalent presumption in the international standards).
[6] PCAOB, AS 2401, Consideration of Fraud in a Financial Statement Audit, paragraph .09.
[7] Association of Certified Fraud Examiners, Occupational Fraud 2022: A Report to the Nations (2022) (creation of fraudulent physical documents the most common concealment method, present in 39 percent of cases); Association of Certified Fraud Examiners, Occupational Fraud 2024: A Report to the Nations (2024) (analyzing 1,921 cases across 138 countries; estimating that organizations lose 5 percent of revenues to fraud annually; finding financial statement fraud the least common but costliest category, at a median loss of $766,000 per case; and attributing more than half of occupational frauds to a lack of internal controls or an override of existing controls).
[8] TechCrunch, "ChatGPT's new image generator is really good at faking receipts" (March 31, 2025), documenting photorealistic AI-generated receipts, including for a real San Francisco restaurant, following the March 25, 2025 release of GPT-4o image generation.
[9] PYMNTS, "Phony AI-Created Receipts Become Real Problem for Businesses" (October 26, 2025), summarizing Financial Times reporting (AppZen: AI-generated fakes at approximately 14 percent of fraudulent documents submitted in September 2025, against none the prior year; Ramp: more than $1 million in fraudulent invoices flagged within ninety days; Medius survey: approximately 30 percent of U.S. and U.K. finance professionals reporting an increase in falsified receipts since GPT-4o's release; SAP Concur: more than 80 million compliance checks per month). See also ICAEW Insights, "Expenses fraud: how to spot an AI-generated receipt" (November 13, 2025); Fox Business (October 28, 2025) (noting OpenAI's statement that its generated images carry identifying metadata and that it acts on violations of its usage policies).
[10] PYMNTS, "AI-Generated Fake Receipts Now Make Up 71% of Expense Fraud" (June 2026), citing AppZen platform data reported by Accounting Today (AI-generated share of flagged fraudulent receipts rising from 0 percent in March 2025 to 70.8 percent by mid-May 2026, comprising 1,471 receipts submitted by 745 employees at 174 companies and claiming $148,143; average AI-generated fake of approximately $100, versus $182 for template-based forgeries) and an Emburse survey (40 percent of U.S. respondents admitting to generating a fake receipt with AI).
[11] Entrust Cybersecurity Institute, 2025 Identity Fraud Report (November 19, 2024) (a deepfake attempt every five minutes in 2024; digital document forgeries up 244 percent year over year, comprising 57 percent of document fraud and surpassing physical counterfeits for the first time; an approximately 1,600 percent increase since 2021).
[12] Financial Crimes Enforcement Network, Alert FIN-2024-Alert004, "FinCEN Alert on Fraud Schemes Involving Deepfake Media Targeting Financial Institutions" (November 13, 2024) (describing criminals' use of generative AI to create falsified documents, photographs, and videos to circumvent identity verification and due diligence controls, and establishing the "FIN-2024-DEEPFAKEFRAUD" key term for suspicious activity reporting).
[13] Deloitte Center for Financial Services, "Generative AI is expected to magnify the risk of deepfakes and other fraud in banking" (May 2024) (projecting that generative AI could enable United States fraud losses to reach $40 billion by 2027, from $12.3 billion in 2023, a compound annual growth rate of 32 percent).
[14] CNN, "OpenAI CEO Sam Altman warns of an AI 'fraud crisis'" (July 22, 2025); see also Fortune, "Sam Altman says financial industry faces a massive 'fraud crisis' as AI impersonates people's voices to trick security" (July 23, 2025) (reporting Altman's remarks, delivered in an interview with Federal Reserve Vice Chair for Supervision Michelle Bowman, that some financial institutions still accept voiceprints to authenticate large transactions and that AI has defeated most authentication methods other than passwords).
[15] Association of Certified Fraud Examiners & SAS, 2026 Anti-Fraud Technology Benchmarking Report (March 2026) (75 percent of surveyed anti-fraud professionals reporting increases in generative AI document fraud and forgery over the prior two years; 77 percent reporting increases in deepfake social engineering; 55 percent expecting significant further increases within twenty-four months; only 7 percent describing their organizations as more than moderately prepared to detect or prevent AI-driven fraud; AI/machine learning adoption in anti-fraud programs at 25 percent, up from 18 percent in 2024).
[16] Federal Bureau of Investigation, Internet Crime Complaint Center, 2024 Internet Crime Report (April 2025) (business email compromise losses of $2.77 billion across 21,442 complaints; record total reported losses of $16.6 billion, up 33 percent year over year).
[17] Bloomberg, "Ferrari Narrowly Dodges Deepfake Scam Simulating Deal-Hungry CEO" (July 26, 2024); Fortune, "Ferrari exec foils deepfake attempt by asking the scammer a question only CEO Benedetto Vigna could answer" (July 27, 2024) (also noting the May 2024 deepfake scheme targeting WPP chief executive Mark Read via a fabricated Teams presence).
[18] CNN, "Finance worker pays out $25 million after video call with deepfake 'chief financial officer'" (February 4, 2024) (reporting Hong Kong police disclosures, made alongside the announcement of the Arup case, of arrests in similar deepfake schemes: eight stolen Hong Kong identity cards used in ninety loan applications and fifty-four bank account registrations, with AI deepfakes used to trick facial recognition programs on at least twenty occasions); see also Eftsure, supra note 2.
[19] KPMG International, AI in financial reporting and audit: Navigating the new era (2024) (survey of 1,800 companies across ten countries: 72 percent applying AI in financial reporting to some degree; 99 percent expecting to pilot or use AI in financial reporting within three years). See also Center for Audit Quality, "Transforming the audit experience with AI" (October 2024) (100 percent of U.S. financial reporting leaders expecting to pilot or use AI in financial reporting within three years; 83 percent viewing auditor use of AI in analysis as important).
[20] KPMG International, Global AI in Finance Report (2026) (survey of 1,013 senior finance leaders with revenues above $250 million, fielded March 2026; more than three quarters of organizations using AI across financial planning, reporting, and commercial analysis; organizations able to produce AI audit evidence efficiently reporting rates of significant improvement three to six times higher than those that cannot).
[21] KPMG, "AI and Financial Reporting Survey" (describing investment of more than $2 billion to embed AI capabilities across its business, alongside enhanced alliances with Microsoft, Google, ServiceNow, and MindBridge).
[22] Fortune, "Deloitte was caught using AI in $290,000 report to help the Australian government crack down on welfare after a researcher flagged hallucinations" (October 7, 2025) (noting Deloitte's announced $3 billion investment in generative AI development through fiscal year 2030 and the partnership announced with Anthropic making Claude available to more than 470,000 Deloitte professionals).
[23] Center for Audit Quality, supra note 19 (describing KPMG Clara Transaction Scoring analyses performed across 100 percent of transactional populations, spanning general ledger and subledger data).
[24] Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. June 22, 2023) (imposing a $5,000 sanction on the attorneys and their firm jointly and requiring corrective letters to each judge falsely identified as the author of a fabricated opinion, after counsel filed a brief citing six nonexistent decisions generated by ChatGPT). See also Johnson v. Dunn, 792 F. Supp. 3d 1241 (N.D. Ala. July 23, 2025) (concluding that monetary sanctions had proven inadequate to deter AI-fabricated citations and disqualifying the responsible attorneys).
[25] TechCrunch, "Deloitte goes all in on AI — despite having to issue a hefty refund for use of AI" (October 6, 2025); see also Fortune, supra note 22 (assurance review of approximately AU$440,000 for the Department of Employment and Workplace Relations containing citations to nonexistent academic works attributed to a real law professor and a fabricated quotation attributed to a Federal Court judgment; corrected version disclosing use of an Azure OpenAI GPT-4o-based tool chain; Deloitte repaying the final installment of the contract).
[26] GPTZero, "Investigation: Hallucinations in Ernst & Young Report on Loyalty Fraud" (May 14, 2026); ACS Information Age, "EY retracts cyber report littered with AI errors" (May 2026); Sherwood News, "AI hallucinations appear to be creeping into consulting reports" (May 18, 2026) (finding 16 of 27 cited sources in EY Canada's late-2025 report Points of Attack fabricated, misattributed, or nonfunctional; the report was withdrawn following publication of the findings, after circulating in client-facing use and after its claims were carried, via a syndicated article, into more than sixty newspapers and into the responses of AI assistants).
[27] Technology.org, "KPMG Pulls AI Report Riddled With Hallucinations" (June 16, 2026), summarizing Financial Times reporting and GPTZero's forensic review of KPMG's October 2025 report Total Experience: Redefining Excellence in the Age of Agentic AI (five of forty-five citations pointing to real, intact sources; UBS, the National Health Service, Swiss Federal Railways, and Transport for London disputing the report's claims regarding their AI deployments).
[28] The Global Legal Post, "Sullivan & Cromwell apologises for AI hallucinations in letter to US court" (April 2026) (letter from the co-head of the firm's restructuring group to Chief Judge Martin Glenn of the U.S. Bankruptcy Court for the Southern District of New York, disclosing that an April 9, 2026 emergency motion contained several inaccurate citations and misquoted the U.S. Bankruptcy Code, errors the firm attributed in part to AI hallucinations).
[29] PCAOB Release No. 2024-007, Amendments Related to Aspects of Designing and Performing Audit Procedures That Involve Technology-Assisted Analysis of Information in Electronic Form (adopted June 12, 2024; approved by the SEC on August 20, 2024; effective for audits of fiscal years beginning on or after December 15, 2025), amending AS 1105 and AS 2301 and adding paragraph .10A to AS 1105; the adopting release states that the amendments are focused on technology-assisted analysis and do not address other technology applications used in audits, such as artificial intelligence. See also Journal of Accountancy, "PCAOB publishes guidance related to Audit Evidence amendments" (October 3, 2025).
[30] PCAOB Staff, Spotlight: Staff Update on Outreach Activities Related to the Integration of Generative Artificial Intelligence in Audits and Financial Reporting (July 2024) (observing that generative AI use in audits remained concentrated in administrative and research activities, and that firms acknowledged the technology's capacity to generate false or misleading content and the corresponding need for strong supervision).
[31] PCAOB, standard-setting research agenda, Consideration of Fraud in a Financial Statement Audit (evaluating whether AS 2401 should be revised to better align auditors' responsibilities with developments in practice). See also Paul Munter, SEC Office of the Chief Accountant, "The Auditor's Responsibility for Fraud Detection" (October 11, 2022).
[32] IAASB, "IAASB Revises Fraud Standard to Enhance Public Trust" (July 8, 2025); ISA 240 (Revised), The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements, effective for audits of financial statements for periods beginning on or after December 15, 2026, with early adoption encouraged.
[33] PwC, "IAASB Approved Standard: International Standard on Auditing (ISA) 240 (Revised)" (In depth, 2025) (explaining that the IAASB concluded the sentence from paragraph 14 of extant ISA 240 permitting the auditor to accept records and documents as genuine should be removed from the revised standard in order to emphasize the importance of investigating conditions suggesting that a record may not be authentic or may have been altered; noting that the principle itself remains in ISA 200 and that the auditor is not expected to start from a presumption that every document encountered in an audit is inauthentic).
[34] AICPA, Exposure Draft, Proposed Statement on Auditing Standards, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements (July 2, 2025); see RSM US, "AICPA issues exposure draft and IAASB issues new standard on fraud" (2025).
[35] Financial Reporting Council, "FRC publishes landmark guidance providing clarity to audit profession on the uses of AI," with accompanying thematic review of the six largest UK firms' processes to certify audit technology (June 26, 2025); Accountancy Age, "Big accountancy firms fail to monitor AI's impact on audit quality, says FRC" (June 27, 2025) (reporting the review's finding of no formal monitoring quantifying the audit-quality impact of automated tools, and that five of the six firms maintained no key performance indicators for such tools). See also Financial Reporting Council, guidance on generative and agentic AI in audit (March 2026).
[36] Chesney, R. & Citron, D.K., "Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security," 107 California Law Review 1753 (2019) (introducing the "liar's dividend": as awareness of synthetic media spreads, dishonest actors benefit by dismissing authentic evidence as fabricated).
[37] Buxton Helmsley, "The Last Line of Defense: How the Disappearance of Activist Short Sellers Is Leaving Corporate Fraud Undetected—and What Institutional Investors Must Do About It," Insights (March 10, 2026).
[38] Buxton Helmsley, "The Vanishing Restatement: How America's New Clawback Rules Created a Perverse Incentive to Bury Accounting Errors—and What Institutional Investors Must Do About It," Insights (February 26, 2026).
[39] Buxton Helmsley, "Going Concern, Going Missing: How the Auditor's Most Important Opinion Disappeared as Bankruptcies Climbed," Insights (May 18, 2026).
This publication is one of the Insights commentaries of Buxton Helmsley USA, Inc. (“Buxton Helmsley”). It reflects the opinions, analysis, and interpretations of Buxton Helmsley as of the date of publication, and it is based upon information that Buxton Helmsley believes to be accurate and that is derived from public sources or from other sources believed to be reliable. Buxton Helmsley does not represent or warrant that such information is accurate or complete, and it should not be relied upon as such. The views expressed are subject to change at any time, and Buxton Helmsley undertakes no obligation to update this publication or to correct any information contained within it.
Except for statements expressly attributed to an identified source or to a public filing, the statements in this publication constitute the opinions and good-faith analysis of Buxton Helmsley and are not statements of objective fact. Buxton Helmsley’s analysis may rest upon assumptions, estimates, and interpretations that could prove to be incorrect. Any reference to a potential violation, misstatement, impropriety, or deficiency reflects Buxton Helmsley’s analytical conclusions and opinions, and does not represent a finding by any court, regulator, or other authority. Readers should conduct their own investigation and analysis of any company, security, or matter discussed. Any company or person referenced that believes any statement in this publication to be inaccurate is invited to contact Buxton Helmsley at general@buxtonhelmsley.com, and Buxton Helmsley will give good-faith consideration to any correction supported by credible evidence.
This publication is provided for informational purposes only. It does not constitute, and should not be construed as, investment advice, a recommendation, or the provision of any individualized investment advisory service to any person, nor an offer or solicitation to buy, sell, or hold any security. Nothing in this publication takes into account the particular investment objectives, financial situation, or needs of any reader. No reader should construe this publication as creating any advisory, fiduciary, or other relationship between Buxton Helmsley and such reader. Readers should consult their own legal, tax, accounting, and financial advisers before making any investment decision.
As of the date of this publication, Buxton Helmsley, the funds and accounts that it manages or advises, and its principals hold no position in the securities of the companies mentioned in the article. Buxton Helmsley and the foregoing persons may, at any time and without further notice, purchase, sell, cover, or otherwise change any position in any security discussed in this publication, including in a manner inconsistent with the opinions expressed herein, for various reasons, including but not limited to new research discoveries. Buxton Helmsley may realize gains in the event that the price of any security discussed moves in a direction consistent with a position that it holds.
A principal of Buxton Helmsley provides investment management, on an informal basis and without compensation, to a separate account that is not managed by, advised by, or affiliated with Buxton Helmsley. That account holds a long position in the securities of Alphabet Inc. (NASDAQ: GOOGL/GOOG). Neither Buxton Helmsley nor any principal of Buxton Helmsley receives any fee, profit share, or other compensation, or holds any ownership or other economic interest, in respect of that account or its holdings. That account may purchase, sell, cover, or otherwise change its position at any time and without notice.
Buxton Helmsley has not received, and will not receive, any compensation from any third party—including any issuer discussed in this publication or any person holding an interest in any such issuer—in connection with the preparation or publication of this commentary, except as expressly disclosed in this publication. Buxton Helmsley was not engaged or compensated by any third party to publish this commentary, except as expressly disclosed in this publication.
This publication is not, and shall not be construed as, an offer to sell or a solicitation of an offer to buy any security or any interest in any fund or other investment vehicle managed or advised by Buxton Helmsley or any of its affiliates, nor is it an advertisement for any such fund, vehicle, or advisory service. Any such offer or solicitation will be made only by means of definitive offering documents, and only to eligible investors, in accordance with applicable law.
This publication is intended only for distribution to, and use by, persons in the United States. It is not directed to, intended for, or to be relied upon by, any person located in any jurisdiction outside the United States, and it does not constitute an offer, solicitation, or provision of any service in any such jurisdiction. Persons who access this publication from outside the United States do so on their own initiative and are responsible for compliance with the laws applicable to them.
This publication may contain forward-looking statements that reflect Buxton Helmsley’s current expectations and that are subject to risks and uncertainties that could cause actual results to differ materially from those expressed. Past performance is not indicative of, and does not guarantee, future results. No representation is made that any investment will achieve, or is likely to achieve, results comparable to those discussed.
To the fullest extent permitted by applicable law, neither Buxton Helmsley nor any of its affiliates, nor their respective principals, members, officers, employees, or agents, shall have any liability to any person for any direct, indirect, incidental, consequential, or other loss or damage arising from any use of, or reliance upon, this publication or any information contained within it.
If any provision of these disclosures is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
© 2026 Buxton Helmsley USA, Inc. All rights reserved. This publication may not be reproduced or redistributed, in whole or in part, without attribution to Buxton Helmsley.
Briefings on markets, governance, and our investment philosophy—delivered directly.