Scammers are using agentic AI to commit commercial fraud at unprecedented speed and scale, according to a recent QBE survey of 400 small to medium-sized business leaders in IT, administration and insurance.
The report, "
"Agentic AI represents a step-change in how threat actors operate by compressing timelines and expanding capabilities in ways organizations have never faced before," said Ian Walsh, vice president and U.S. cyber product leader of QBE North America.
According to QBE's research, threat actors are using
Agentic AI also lowers the barrier for entry for the less sophisticated or experienced attackers, according to the report. The technology allows threat actors to not only use existing threats and attack pathways, but to also create new attack vectors to exploit system vulnerabilities and steal data. Because these models can maintain long-term goals and use APIs to search internal databases, scammers can leverage the technology for rapid decisionmaking. Such threat actors may also communicate with agents through natural-language prompts, rather than learning new interfaces and tools.
Humans still play an important role in overseeing critical decision points during cyber attacks and campaigns, the report notes. QBE suggests that a "back-to-basics" layered security approach — focused on identification access management, behavioral monitoring and AI-enabled threat-detection tools — offers the best protection in mitigating and preventing threats.
"The human element remains central in mitigating risk and building resilience," said Walsh. "To stay ahead of evolving threats, organizations must act with speed, combining security fundamentals with AI-enabled defenses and comprehensive coverage."









