I was fortunate enough to spend several days last week at the Aspen Institute’s Crosscurrent summit on AI and national security in San Francisco. My first takeaway: I very much recommend being in sunny (at the moment, at least) San Francisco rather than slushy, raw New York in early March. The second took a little longer to form.
The AI threat costing Americans $16.6 billion a year
AI is already a weapon of mass fraud.
The conference was full of former national security officials, cybersecurity executives, and AI leaders, and the conversation mostly went where you’d expect: the Anthropic-Pentagon fight, the role of AI in the Iran conflict, the coming of autonomous weapons. But the panel that stuck with me was about something less dramatic. It was about something almost old-fashioned, now supercharged by AI: scams.
At one point, Todd Hemmen, a deputy assistant director in the FBI’s Cyber Division’s Cyber Capabilities branch, described how North Korean operatives are using AI-generated face overlays to pass remote job interviews at Western tech companies — then working multiple remote positions simultaneously, funneling the salaries and any intelligence back to the regime in Pyongyang. They fabricate résumés with AI, prep for interviews with AI, and use AI to wear the “face of someone who’s not the person behind the camera,” Hemmen told the audience. Some of the most proficient actors are holding down several full-time jobs at once, all under fake identities, all enabled by tools that didn’t exist two years ago.
That detail has been rattling around in my head since, not the least because it made me wonder how these industrious operatives can manage multiple jobs when I find just one taxing enough. But Hemmen’s story captures something deeper about the moment we find ourselves in. The AI risks getting the most airtime right now are speculative and cinematic — killer robots, AI panopticons. But the AI threat that’s here right now is a foreign agent wearing a synthetic face on a Zoom call, collecting a paycheck from your company. And almost nobody is treating it with the same urgency.
How cybercrime got worse than ever
Cybercrime has been a problem since the days of dial-up, but the scale of what’s happening now is staggering. The FBI reported that the US suffered $16.6 billion in known cybercrime losses in 2024 — up 33 percent in a single year, and more than doubled over three years. Americans over 60 lost nearly $5 billion. And those are just the reported numbers; Alice Marwick, director of research at Data & Society, told the Aspen Institute audience that only about one in five victims ever reports a scam. The real number is unknowable, but it’s much worse.
And now comes generative AI to make all of this faster, cheaper, and more convincing. Phishing emails no longer arrive riddled with typos from supposed Nigerian princes; LLMs can produce fluent, regionally specific language. AI image generators can create entire synthetic identities — dozens of photos of a person who doesn’t exist, complete with vacation shots and designer handbags.
Voice cloning has enabled heists that were science fiction five years ago: In early 2024, a finance worker at the Hong Kong office of UK engineering firm Arup transferred $25 million after a deepfake video call in which the company’s CFO and several colleagues seemed to appear on screen. All of them, it turns out, were fake. CrowdStrike’s 2026 Global Threat Report found that AI-enabled attacks surged 89 percent year-over-year, while the average time from initial breach to being able to spread throughout a network dropped to just 29 minutes. The fastest observed breakout: 27 seconds.
Will AI cyberoffense beat AI cyberdefense?
Why is this problem so comparatively neglected? Partly because we’ve normalized it. Cybercrime has been growing for years, driven by the professionalization of criminal syndicates, cryptocurrency, remote work, and the industrialization of scam compounds in Southeast Asia. (My Vox colleague Josh Keating wrote a great story a couple of years ago on these so-called pig butchering scams.)
We’ve absorbed each year’s record losses as the cost of doing business online. But the curve is steepening: Deloitte projects that generative AI-enabled fraud losses in the US alone could hit $40 billion by 2027. “In the same way that legitimate businesses are integrating automation, so are organized crime,” Marwick said.
That so much of this goes unsaid and unreported adds to the toll. Marwick’s research focuses on romance scams — people targeted during periods of loneliness or transition, slowly bled of their savings by someone they believe loves them. She told the audience that victims often refuse to believe they’re being scammed even when confronted with direct proof. AI makes the emotional manipulation far more persuasive, and no spam filter will protect someone who is willingly sending money.
Can defense keep up? Marwick drew a hopeful comparison to spam, which nearly broke email in the 1990s before a combination of technical fixes, legislation, and social adaptation tamed it, at least to a large extent. Financial institutions are deploying AI to catch AI-enabled fraud. The FBI froze hundreds of millions in stolen funds last year.
But the consensus at the conference was largely grim. “We’re entering this window of time where the offense is so much more capable than the defense,” said Rob Joyce, former director of cybersecurity at the National Security Agency. Marwick was blunter: “I would say generally I’m pretty pessimistic.”
So am I. As I was writing this story, I received an email from a friend with what appeared to be a Paperless Post invitation. The language in the email looked a little odd, but when I clicked on the invite, it took me to a page that seemed very similar to Paperless Post, down to the logo. Still suspicious, I emailed my friend, asking if this was real. “Yes, it is legit,” he wrote back.
That was enough proof for me, but I got distracted and didn’t click on the next step of the invite. Good thing — a few minutes later, my friend emailed me and others to tell us that, yes, he had been hacked.
A version of this story originally appeared in the Future Perfect newsletter. Sign up here!
Facts Only
The Aspen Institute hosted a Crosscurrent summit on AI and national security in San Francisco in early March.
Todd Hemmen, a deputy assistant director in the FBI’s Cyber Division, spoke about North Korean operatives using AI-generated faces to pass remote job interviews at Western tech companies.
These operatives work multiple remote jobs simultaneously under fake identities, funneling salaries and intelligence to North Korea.
The FBI reported $16.6 billion in U.S. cybercrime losses in 2024, a 33% increase from the previous year.
Americans over 60 lost nearly $5 billion to cybercrime in 2024.
Only about one in five scam victims reports the crime, according to Alice Marwick of Data & Society.
Generative AI enables more convincing phishing emails, synthetic identities, and voice cloning for fraud.
A finance worker in Hong Kong transferred $25 million after a deepfake video call impersonating company executives in early 2024.
CrowdStrike’s 2026 Global Threat Report found an 89% surge in AI-enabled cyberattacks year-over-year.
The average time from breach to network spread dropped to 29 minutes, with the fastest observed at 27 seconds.
Deloitte projects U.S. generative AI-enabled fraud losses could reach $40 billion by 2027.
Rob Joyce, former NSA cybersecurity director, stated that cyberoffense is currently more capable than defense.
Financial institutions are using AI to detect and freeze stolen funds, with the FBI recovering hundreds of millions in 2024.
Executive Summary
The Aspen Institute’s Crosscurrent summit on AI and national security highlighted a growing but underdiscussed threat: AI-enabled fraud and cybercrime. While discussions often focus on speculative risks like autonomous weapons, panelists emphasized the immediate danger of AI-powered scams, including North Korean operatives using AI-generated faces to secure remote jobs and funnel salaries back to Pyongyang. Cybercrime losses in the U.S. reached $16.6 billion in 2024, a 33% annual increase, with older adults losing nearly $5 billion. Generative AI has amplified these threats, enabling more convincing phishing emails, synthetic identities, and deepfake heists—such as a $25 million fraud involving a fake video call. Experts warn that AI-driven cyberoffense is outpacing defense, with criminal syndicates leveraging automation to industrialize scams. While some progress has been made in fraud detection and recovery, the consensus remains grim, with projections suggesting losses could hit $40 billion by 2027. The psychological toll is also significant, as victims of romance scams often refuse to acknowledge deception even when confronted with evidence.
The challenge lies in the normalization of cybercrime as an inevitable cost of digital life, despite its escalating scale. Financial institutions and law enforcement are deploying AI to combat fraud, but the speed and sophistication of attacks—some spreading through networks in under 30 seconds—suggest a widening gap between offense and defense. The human element complicates matters further, as emotional manipulation and social engineering tactics exploit trust and loneliness. While historical parallels, like the eventual containment of email spam, offer some hope, the current trajectory points to a worsening crisis without coordinated intervention.
Full Take
The strongest version of this narrative is its focus on the immediate, tangible harms of AI-enabled fraud—a threat that is often overshadowed by more speculative or cinematic risks. The article effectively highlights the scale of the problem, from the $16.6 billion in annual losses to the psychological manipulation of victims, and grounds these concerns in concrete examples, such as North Korean operatives exploiting remote work or deepfake heists. It also acknowledges countermeasures, like AI-driven fraud detection, without overstating their effectiveness. This balanced approach avoids alarmism while underscoring the urgency of the issue.
However, the narrative leans into a pattern of **emotional exploitation** (ARC-0012) by emphasizing the vulnerability of victims—particularly older adults and those targeted in romance scams—to evoke concern. While this is not inherently manipulative, it risks framing the issue as one of helplessness rather than agency. Additionally, the article’s focus on the "normalization" of cybercrime could inadvertently reinforce a **false framing** (ARC-0024) of inevitability, potentially discouraging proactive solutions. The historical comparison to email spam is a useful counterpoint, but it’s underdeveloped—what specific lessons from that era could apply today?
The root cause here is the collision of technological acceleration with human trust systems. AI lowers the barrier to entry for fraud, while remote work and digital communication create new vulnerabilities. The unstated assumption is that defense will always lag behind offense, but this ignores the potential for adaptive resilience—both technological and social. The paradigm echoes past disruptions, like the early internet’s Wild West era, where norms and safeguards evolved only after significant harm.
The implications for human agency are profound. While AI democratizes fraud, it also democratizes defense—individuals and institutions can leverage the same tools to detect scams. Yet the psychological toll, particularly in cases of emotional manipulation, suggests that technical solutions alone are insufficient. The second-order consequences include erosion of trust in digital interactions, economic strain on victims, and the weaponization of AI by state actors like North Korea.
Bridge questions: How might we design systems that preserve trust while mitigating fraud? What role should platforms play in verifying digital identities without compromising privacy? Would a coordinated public-private response, akin to anti-spam efforts, be feasible today?
Counterstrike scan: If this were part of an influence campaign, the playbook would amplify fear of AI’s uncontrollable risks while downplaying human adaptability. The actual content avoids this trap by presenting both threats and responses, though it skews toward urgency. No structural alignment with a manipulative narrative is detected.
Sentinel — Human
The article exhibits strong human stylistic markers, including personal voice, erratic rhythm, and specific attributions, with no significant signs of synthetic generation.