Faking Receipts with AI (www.schneier.com)

AI image-generation tools are now producing hyper-realistic fake receipts—complete with paper wrinkles, plausible itemizations and even signatures—so convincing that expense platforms shown examples by the Financial Times say human reviewers can’t reliably spot them. In response, companies have turned to AI for fraud detection, scanning images for telltale metadata (EXIF), image-forensic artifacts and contextual inconsistencies across an employee’s expenses—such as repeated server names, odd timestamp patterns or mismatches with travel itineraries. But attackers can easily strip metadata by photographing or screenshotting a generated image, forcing detectors to rely on subtler signals. For the AI/ML community this escalates a classic offense-versus-defense cycle: generative models are good enough to create consumable fraud at scale, while detection systems must combine multimodal forensics, anomaly detection and cross-record context to keep up. Technical implications include the need for robust, adversarially hardened forensic models, larger labeled datasets of synthetic fakes, provenance and cryptographic signing or watermarking standards, and operational pipelines that correlate receipts with backend booking or point-of-sale data. This arms race raises practical and policy questions about trust, privacy and how to deploy durable provenance mechanisms before fake content outpaces detection.