• Ledger Lowdown
  • Posts
  • One-Third of Auditors Can't Tell If They've Been Hit by AI Fraud

One-Third of Auditors Can't Tell If They've Been Hit by AI Fraud

AI-powered fraud is so sophisticated that 34% of senior audit leaders don't even know if their organizations have been targeted. Here's what CPAs need to do.

Author

Emily Asher
February 19, 2026

One-Third of Auditors Can't Tell If They've Been Hit by AI Fraud

AI-powered fraud has gotten so good that 34% of senior internal audit leaders don't even know if their organizations have been targeted.

Let that sink in.

Not "we got hit and caught it." Not "we got hit and didn't catch it until later."

"We legitimately don't know if we've been attacked."

That's the headline from a new poll by the Institute of Internal Auditors. And it gets worse: 18% confirmed at least one AI-enabled fraud attempt in their organization. Which means more than half of senior audit professionals are either dealing with AI fraud or can't rule it out.

The Fraud Tactics Are Evolving Fast

Here's what auditors are watching for:

  • AI-powered phishing — 88% cited this as a major risk

  • Fabricated invoices or financial documents — 65%

  • Automated social engineering — 58%

  • Deepfake audio or video impersonations — 45%

  • AI-generated malicious code — 41%

But here's the scary part: auditors are missing the fastest-growing fraud type.

Only 27% flagged synthetic identity fraud as a major concern. Meanwhile, it's the fastest-growing financial crime in the U.S., costing an estimated $5 billion a year.

The IIA report put it bluntly: "Some AI-enabled fraud risks remain underrecognized, specifically those more difficult to detect."

Most Auditors Admit They're Not Ready

When asked if they're prepared to handle AI-enabled fraud, the answers were brutally honest:

  • Only 2% feel "very prepared"

  • 34% feel "moderately prepared"

  • 46% feel "minimally prepared"

  • 16% are "not prepared at all"

That means 62% of auditors know they're not equipped to deal with this.

Why They're Behind

It's not that auditors don't care. It's that they're blocked:

  • 57% lack the right technology or tools

  • 55% don't have staff with relevant AI skills

  • 46% are hitting budget constraints

  • 43% say there are too many competing priorities

  • 43% don't have time to dedicate to AI-specific risk management

Translation: Everyone knows AI fraud is real, but nobody has the resources to fight it.

The Irony: Auditors Are Using AI Too

Here's the twist — auditors see AI as both the problem and the solution.

They're already using AI extensively for:

  • Reporting and audit planning — 35%

  • Risk assessment — 25%

  • Field work — 19%

And 83% plan to increase their use of AI over the next year.

So auditors are deploying the same technology that's enabling fraud. Makes sense — if you want to catch AI fraud, you probably need AI to do it.

This Isn't Theoretical — It's Already Happening

A recent study from cybersecurity firm Ironscales found that 88% of organizations experienced at least one AI-driven security incident in the past 12 months. Finance teams were flagged as the highest-risk targets.

Another analysis from Cybernews tracked 346 "AI incidents" in 2025 — 179 involved deepfakes. When you drill down to fraud specifically, 81% of cases used deepfake technology.

The World Economic Forum's 2026 Global Cybersecurity Outlook surveyed 873 executives and found that 73% said they or someone in their network was affected by "cyber-enabled fraud" in the past year. The most common? Phishing (62%), payment/invoice fraud (37%), and identity theft (32%).

What CPAs Should Do

1. Assume you're a target. If senior auditors don't know whether they've been hit, neither do you. Act like it's already happening.

2. Train your team on AI fraud. Deepfake invoices, voice impersonations, and synthetic identities aren't sci-fi anymore. They're Tuesday.

3. Double-check unusual requests. If a "client" emails asking to update their bank account info, call them. Not email. Not Zoom. Phone. Old school verification just became the new best practice.

4. Invest in detection tools. 57% of auditors say they lack the right technology. Don't be part of that stat.

5. Talk to your clients about this. They're getting targeted too. A quick heads-up about AI-powered invoice fraud could save them six figures.

The Bottom Line

AI fraud isn't coming. It's here. And it's so sophisticated that experienced auditors can't tell when they've been hit.

If your firm hasn't had a conversation about AI-enabled fraud detection, you're behind. And if you think "we haven't been targeted," you might just be part of the 34% who don't know for sure.

Time to close that gap.