The AI arms race is here, and it’s not just about clever bots pretending to be humans. It’s about an entire ecosystem of fraud that has learned to harness AI as a force multiplier. Australia’s financial regulator, ASIC, is reporting a record surge in takedowns—nearly 12,000 scam websites dismantled in 2025, a jump of about 90% from the year before. What we’re seeing is not simply more scammers, but smarter, more scalable operations that leverage the accessibility and speed of AI to lure, enroll, and fleece victims at a scale that would have been unthinkable a few years ago. Personally, I think this should reset our expectations about how quickly online crime can scale when the underlying tools become commoditized.
The takeaway isn’t that scammers suddenly discovered some new moral compass; it’s that AI has transformed fraud into a service industry with a menu of plug-and-play tools. AI can instantly create convincing websites, generate tailored copy, and assemble multi-channel campaigns at a fraction of the cost and time. What makes this particularly fascinating is not just the speed, but the precision. Scammers can optimize messages for specific audiences, surfacing landing pages, “investor education” content, and testimonials that feel authentic to a targeted demographic. In my opinion, this isn’t a bug in the system—it’s a feature of the new fraud economy. And it’s a feature that’s harder to regulate because it borrows legitimacy from the same AI-enabled tools that drive legitimate business innovation.
The ASIC strategy—combining automated surveillance, human verification, and rapid takedown—illustrates a practical playbook for digital risk management. The regulator uses a third-party web-crawling service to flag potential scams, then cross-checks and pulls the plug. From my perspective, this is a necessary first line of defense, but it’s not a sustainable shield on its own. The “AI supermarket aisle” for scammers is a moving target; as soon as one tactic is shut down, another appears. A detail I find especially interesting is the dual role AI plays: it both creates scam pages and fabricates credible investment narratives to persuade victims. This duality makes regulatory responses more complex because you’re fighting on two fronts at once—the surface (landing pages) and the messaging underneath (the pitch).
To understand the scale, you only need to look at what 12,000 takedowns represent in human terms. The financial cost is staggering, but the human cost—the erosion of trust, the fear of digital finance, and the skepticism toward online advice—may be the deeper, longer-lasting damage. Australians reported $2.18 billion in losses for 2025, a reminder that even with aggressive takedowns, the problem isn’t going away on its own. The numbers also reveal a paradox: as losses shrink slightly in percentage terms, the absolute reach of scams widens. This is a classic sign of success at scale for criminals and a wake-up call for regulators and platform operators alike.
New laws aim to close gaps by assigning liability to ad platforms, banks, and telecoms for scams launched through those channels. The idea is straightforward: raise the cost of bad behavior by increasing the penalties for enabling scams. What makes this development compelling is its recognition that fraud today is not a lone offender in a dark alley but a cross-industry threat that exploits the interconnected nature of modern information ecosystems. If you take a step back and think about it, this is less about policing a single bad actor and more about redesigning the incentives that govern how money, identity, and attention move across digital layers. In my view, the key question is whether these obligations will be enforceable in practice and how quickly technology platforms can integrate robust, scalable verification without stifling legitimate innovation.
The pace of AI progress guarantees that the frontier won’t stay still. As Professor Paul Haskell-Dowland puts it, we’ve entered an era where generating and distributing persuasive content is nearly frictionless. The comparison to earlier scams is stark: a few years ago, cruder attempts required real effort and some luck to fool people. Today, the same process can be automated and optimized to target individuals, sometimes even at the level of high-net-worth prospects. This isn’t just a nuisance; it reframes risk management as a continuous, adaptive defense rather than a one-off compliance checkbox. In my opinion, the most important shift is cultural: we must treat credibility online as something earned and continually audited, not assumed because a website looks shiny or a testimonial sounds plausible.
The cat-and-mouse dynamic will persist. Regulators will chase new exploits, platform operators will patch vulnerabilities, and scammers will recalibrate faster than most organizations can react. The real challenge is crafting a resilient ecosystem where users are less susceptible and institutions are more accountable without choking innovation. A provocative thought: what if the next generation of fraud defense isn’t just about shutting down bad sites but about building trusted digital channels—where verified identities, accountable ads, and transparent provenance become the norm? That would require coordinated action across government, industry, and civil society, plus a data-driven approach to measure effectiveness and adapt in real time.
In the end, what this all signals is a turning point in our relationship with AI-enabled risk. It’s not about demonizing technology but about rejiggering incentives, strengthening defenses, and rethinking how we educate and protect citizens in a world where fraud can look indistinguishably legitimate at glance. If we embrace that challenge with clear responsibility and sustained investment, we might at least tilt the odds in favor of ordinary people over exploitative actors. What this really suggests is that the battle against online scams will be ongoing, iterative, and inseparable from how we design digital markets in the first place.
