Stopping Next-Gen Identity Fraud

The rise of generative and agentic AI is fueling a wave of identity fraud, creating new challenges for state and local agencies. Nation states, criminal gangs and others are using autonomous rogue AI agents to bypass identity protections, create synthetic identities and steal money from vital programs.

“There are fraud rings and nation state actors in all countries, and they’re finding ways to intercept and disrupt government benefit programs,” says Jordan Burris, public sector vice president with Socure. These attackers constantly change tactics to avoid detection and exploit new vulnerabilities. “You have to stay dynamic to curb this existential threat,” Burris says.1

Next-generation AI capabilities and holistic collaboration strategies address these threats, enabling agencies to strengthen protection of constituent data and taxpayer dollars.

Emerging Risks and Challenges

Organized global fraudsters accounted for 12% of incoming applications for government services and loans, according to a 2025 Socure report.2 A quarter of these attempts targeted multiple agencies.

“Attackers operate 24/7 at machine speed, and that’s likely to overwhelm traditional detection systems,” says Deborah Snyder, a senior fellow with the Center for Digital Government (CDG) and a longtime cybersecurity leader in state government.

The most pressing identity-based risks and challenges include:

Rogue AI agents: Adversaries are creating bots that operate at scale without human oversight. These autonomous agents can create deepfakes, establish phony credentials and dupe benefits programs.

“They’re used deliberately to perform more malicious activities to augment what a criminal would take on,” Burris says. “You’re looking at hundreds of thousands of attempts across the country.”

Synthetic identities: These identities are crafted using real and fake data to bypass legacy verification processes. GenAI tools and rogue agents simplify and accelerate the creation of these identities. While synthetic identities are on the rise, Socure data shows fraudsters are still four times more likely to rely on stolen identities, underscoring the need for holistic defenses that address both threats.

Remote-hiring exploits: Digital hiring of workers from around the world has become an attractive attack vector. Rogue AI agents help fraudsters impersonate legitimate job candidates to gain insider access and steal sensitive data or disrupt operations. Meanwhile, jobs that once attracted hundreds of applicants now attract thousands, creating new burdens and risks for recruiters sifting through resumes.

Pervasive compromised identity data: Personally identifiable information (PII) like a Social Security number, birth date or home address is no longer reliable for identity confirmation. “We should assume that just about everyone has already had their information stolen,” Burris cautions. This significantly lessens the effectiveness of knowledge-based authentication (KBA) in online transactions.

Outdated government systems: Legacy technologies often have weak identity-proofing mechanisms. Limited data sharing and collaboration capabilities also make it difficult to mount a common digital identity defense.

Unfair barriers for underserved populations. Recent immigrants or young people entering the workforce often have thin credit histories. Relying too much on narrow identity data like credit scores can lock underserved people out of digital services and government benefits.

Developing a Strategic Response

A modern and strategic approach to identity verification helps agencies preserve fairness and deter AI-enhanced fraud. Consider these best practices:

• Deploy AI-driven identity intelligence: Modern AI-enabled identity verification systems use a fraud risk-scoring system with behavioral analytics to unmask potential fraud attempts. These real-time systems collect device intelligence, check the geolocation of IP addresses and monitor the velocity of application attempts. AI-enabled identity verification is a crucial part of a multilayered fraud-protection technology stack.
• Modernize credentials: Secure digital credentials such as mobile driver’s licenses and verified digital wallets strengthen identity proofing. These credentials can be revoked instantly, making them useless if compromised. Physical credentials like passports or driver’s licenses are easy to fake and can stay in circulation for weeks or months if lost or stolen.
• Secure remote-hiring pipelines: Risk-based identity scoring can help agencies implement continuous identity verification from application through onboarding. These tools also create safeguards for contractors and third-party hires.
• Foster interagency and interstate collaboration: Agencies need fraud task forces and partnerships that share intelligence among agencies and across the public sector. Partners can pool updates on new fraud tactics and coordinate their efforts across jurisdictions to foil adversaries targeting multiple agencies. When leaders in health, labor, IT, the justice system and law enforcement work together, bad actors have a much harder time stealing sensitive data and benefit dollars.
• Balance security and access: Fraud prevention strategies must not exclude underserved populations and create unnecessary friction for legitimate users. States should measure and monitor the impacts of identity verification systems to make sure they’re promoting easy and fair access while preventing fraud.
• Prepare for what’s coming: Agencies must continuously update fraud detection systems to meet evolving threats. “This is really an arms race,” Burris says. Agencies must be proactive about discovering emerging identity threats and putting up effective defenses to limit the damage.

The Identity Imperative

Today’s AI-driven fraud threats underscore the importance of reliable and accurate digital identities. Adopting an effective identity strategy and investing in modern tools positions agencies to mitigate fraud risk and provide equitable access to government programs and resources.

“Adaptive identity verification and fraud analytics are foundational infrastructure,” Snyder says. Agencies that modernize identity systems, create layered defenses and prioritize intelligence sharing will be ready to counter sophisticated threats and foster public trust.

1. https://webinars.govtech.com/Fighting-Next-Generation-Fraud%3A-Rogue-AI%2C-Deep-Identity-Threats-and-Remote-Work-Exploits-143571

2. https://www.socure.com/news-and-press/socure-unveils-digital-identity-report-on-fraud-rings

This piece was written and produced by the Government Technology Content Studio, with information and input from Socure.