Cybercrime Report

As agentic AI took over the digital world in 2025, so did synthetic identity fraud, a recent report by LexisNexis Risk Solutions found.

According to its latest Cybercrime Report based on more than 100 billion online transactions in 2025, LexisNexis said 11% of frauds now involve a synthetic identity, representing an eightfold global increase over 2024.

“While organizations are strengthening defenses across channels, cybercriminal networks are scaling automation, shifting tactics, and probing for any available weaknesses across the digital customer journey,” said Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions. “Increasingly, attackers rely on advanced bots and AI-driven tools to mimic human behavior and test defenses with unprecedented speed and accuracy.”

Synthetic fraud represents a shift in tactics away from short-term opportunism by fraudsters since it takes months to stitch together new identities from various stolen attributes to long-term goals, since they can take months to properly establish. Fraudsters stitch together new identities from various stolen identity attributes and use them to commit a variety of crimes.

There had been a clear line between human and automated bot traffic. But after first-quarter 2025, agentic artificial intelligence–agentic commerce traffic–grew rapidly. Agentic commerce accounted for 1,000 events in January and increased 450% in the fourth quarter.

The traffic, according to LexisNexis, was mostly related to credit card payments, but there was also some activity on gaming and gambling sites. Overall, gaming and gambling sites experienced a notable 76% rise in global attack rate in 2025, LexisNexis said.

Bot attacks were up 59% in 2025, with ecommerce and gaming and gambling bearing the brunt of the surge (attack volumes up 123% and 84%, respectively).

Bot attacks that targeted financial services were also up sharply, the report said, doubling the growth seen last year. “It remains to be seen how much of this increase in automated attacks is being orchestrated in the back end in some way by AI, even if this cannot yet be defined as agentic commerce.”

LexisNexis said that the most noticeable change in attacks in 2025 has been the 100% growth in attack rate via the desktop browser channel (rising to 4.3%), which was offset by a strong decline (down 56% YOY) in the attack rate via the mobile app channel (falling to 0.4%). The general shift away from mobile attacks has resulted in a nearly equal balance of attacks between mobile and desktop. There is no single reason for this, the report noted. “But as organizations have invested more in defenses for the mobile app channel, it’s likely acted as an impetus for fraudsters to revert back to the traditionally easier desktop browser channels for their attacks.” Plus, browser-based services are easier to attack for emerging AI agents used for malicious purposes.