How agentic AI accelerates commercial espionage: QBE

Visualization created with AI assistance.

Scammers are using agentic AI to commit commercial fraud at unprecedented speed and scale, according to a recent QBE survey of 400 small to medium-sized business leaders in IT, administration and insurance.

Processing Content

The report, "Reimagining Commercial Espionage and Fraud in the Era of Agentic AI," found that 29% of businesses in the U.S. experienced at least one cyber incident where AI was used as part of the attack within the past year. Between 2021 and 2026, the finance-and-insurance sector made up 8% of all commercial espionage incidents.

"Agentic AI represents a step-change in how threat actors operate by compressing timelines and expanding capabilities in ways organizations have never faced before," said Ian Walsh, vice president and U.S. cyber product leader of QBE North America.

According to QBE's research, threat actors are using agentic AI systems — which, unlike mainstream chatbots, can act autonomously — to commit widescale fraud via large-scale extortion, deepfake impersonation scams and advanced phishing or business email compromise (BEC) attacks. Generative AI has enabled scammers to perform these types of attacks over the last few years, but agentic AI now allows them to further manage these activities simultaneously and across multiple platforms. 

Agentic AI also lowers the barrier for entry for the less sophisticated or experienced attackers, according to the report. The technology allows threat actors to not only use existing threats and attack pathways, but to also create new attack vectors to exploit system vulnerabilities and steal data. Because these models can maintain long-term goals and use APIs to search internal databases, scammers can leverage the technology for rapid decisionmaking. Such threat actors may also communicate with agents through natural-language prompts, rather than learning new interfaces and tools.

Humans still play an important role in overseeing critical decision points during cyber attacks and campaigns, the report notes. QBE suggests that a "back-to-basics" layered security approach — focused on identification access management, behavioral monitoring and AI-enabled threat-detection tools — offers the best protection in mitigating and preventing threats.

"The human element remains central in mitigating risk and building resilience," said Walsh. "To stay ahead of evolving threats, organizations must act with speed, combining security fundamentals with AI-enabled defenses and comprehensive coverage."


For reprint and licensing requests for this article, click here.
Agentic AI Data security Cyber Security
MORE FROM DIGITAL INSURANCE
Load More