Soups Ranjan
Founder & CEO
The Rise of Agentic Fraud Ops
Abstract: In this keynote on the future of AI-enabled fraud and fraud prevention, Soups Ranjan (CEO, Sardine) explored how fraud is evolving as synthetic IDs, deepfakes, device manipulation, mule rings, and autonomous AI agents become more sophisticated. Drawing on Sardine’s work with banks, fintechs, payment processors, and digital-first businesses, Ranjan explained why identity verification can no longer rely on selfies or document checks alone, and why strong device binding, richer telemetry, graph analysis, anomaly detection, and agentic AI workflows are becoming essential. The message was clear: as fraudsters move toward machine-speed attacks, financial institutions will need machine-speed fraud operations that can detect, investigate, and respond without waiting for humans to manually connect the dots.
👉 Check out the full VIDEO here.
Soups Ranjan: Morning everyone. I am Soups Ranjan, CEO and co-founder of Sardine. We are a global company based out of San Francisco, and we have a large team here in Toronto as well, with people across engineering, compliance, sales, and other disciplines.
We work with about 400 institutions globally, including banks, fintechs, payment processors, and digital-first businesses such as crypto exchanges, gift card exchanges, ticketing platforms, and other businesses where people are buying digital goods.
Today, I will be speaking about the rise of agentic fraud ops. I am a machine learning engineer by training, and at Sardine we are an agentic risk platform. We provide agentic solutions as well as machine learning-based solutions to fight both fraud and financial crime.
I will take you through what we are seeing in the industry when it comes to fraud and how we are using AI to fight back.
Soups Ranjan: I have spent pretty much my entire career fighting fraud. Before founding Sardine, I led fraud and financial crime for companies like Coinbase and Revolut, and we founded Sardine about six years ago.
The first question I want to pose is this: are we truly ready for fully autonomous AI agents perpetrating fraud?
We are already seeing bits and pieces of that in action. In the world of security, everyone is concerned about the capabilities of new AI tools that may be able to perpetrate cyberattacks that no one has thought of before.
In a similar vein, we are always asking: what happens if an AI agent goes out and perpetrates fraud end to end without a human in the loop?
That means an AI agent could buy stolen credit cards or stolen credentials online on the dark web, create a bunch of accounts, and perpetrate fraud without any human involvement at all.
In that world, what does fraud prevention truly look like?
That is one of the main questions I will answer today.
Soups Ranjan: With the rise of AI, one of the biggest growth industries of all time may be fraud. We are already seeing that when it comes to ID verification online.
The very concept of verifying identities online is at stake. In fact, the very concept of trust on the internet is at stake.
Our team has generated synthetic IDs using open-source tools, and you can see the progression from 2024 to 2026. By 2026, you can generate passports using publicly available tools that even include holograms.
We are also creating deepfakes using open-source tools, and it costs us zero dollars to create them. Six months ago, the video was still a little laggy and jarring. Now the motion is much smoother, and the performance of these deepfakes is improving very quickly.
We have also shown, in real time over a Zoom call, how we can deepfake someone using just one picture taken during the call. I have shown up in Zoom calls pretending to be the person who was actually joining the call.
Soups Ranjan: Let me take you through a fraud attack that my chief of staff created, using a type of vulnerability that exists in hundreds of platforms and is being used by attackers right now.
He created a Tinder profile for me without telling me. When he created the profile, he verified my identity. But there were lots of red flags.
He used a jailbroken iPhone. He installed active malware on that iPhone. He had already used the same device to create 10 other accounts. He also used a proxy. He was sitting in the United States, but the IP location of the proxy was South Africa.
He created the profile using images found online. Then, for the selfie verification step, he pretended to be Mona Lisa.
So the profile used my images, but the selfie was his picture looking like Mona Lisa. The mismatch was obvious: the selfie did not match any of the profile pictures.
But none of the other telemetry or device fingerprinting signals triggered either.
Soups Ranjan: The key message is that this type of vulnerability exists across systems today.
At a meta level, identity verification online cannot really be trusted anymore if you are only looking at whether a person is moving their face side to side. You have to tie identity verification online to strong device binding.
Was this a real device being used to create the identity? In this case, no. He used a proxy. He was sitting in the United States but pretending to be in South Africa. He used a jailbroken device. There was malware on the device. The same device ID had been used to create 10 other accounts.
The truth is that before you even look at ID verification, you should be asking whether this is a real device.
When banks and fintechs use ID verification, it is not enough to look at whether someone can move their face side to side. You also need to know whether they are presenting that selfie from a real device, or whether it is an emulator, a face-down device, or a setup where someone is injecting video back into the webcam.
The bottom line is that identity verification online needs strong device binding together with ID.
Soups Ranjan: With the rise of AI, fraud and scams have skyrocketed. At the same time, banks are being asked to cut costs. Something has to change.
One of the questions I posed earlier was: what happens if there is a truly autonomous AI agent perpetrating fraud?
We had an example from one of our customers, an HSA provider in the United States. Their CISO called us on a Friday evening because they were seeing a massive spike in account signups.
The identities of employees at thousands of employers had been stolen. About 150,000 accounts were being created in a matter of days.
The question I posed to my AI team was this: with attacks like this, could you detect and prevent the attack without waking up a human?
In that case, every fraudster had a tell. The tell was that they used the same device fingerprint to create all of these accounts. The second tell was that their true location, behind the proxy or VPN, was outside the United States.
At Sardine, with device fingerprinting, we can pierce through proxies and VPNs and identify the true location behind them.
Soups Ranjan: In the past, I could have woken up a data scientist on a Friday night and asked them to identify other device fingerprints that looked the same.
Instead, our AI team had been building a data analyst agent, so I prompted the agent to do that investigation for us.
I gave it the attack pattern: one device fingerprint being reused to create accounts, and the true location behind a proxy or VPN being outside the United States. Then I asked it to find other fingerprints that looked the same.
The data analyst agent wrote queries and identified the device fingerprints that mattered. It also avoided the ones that did not matter, because some shared devices were legitimate. For example, doctors and nurses in nursing homes may truly share a device.
The AI was able to identify the fingerprints that mattered, and we quickly blocked the attack.
That investigation could have taken a data scientist a couple of days or even weeks. AI did it in 5 minutes.
With the rise of AI-generated fraud and scams, we should be able to fight back. We reduced the investigation time from weeks to minutes. But our goal at Sardine is to remove the human from the loop entirely.
We want to fight fraud without waking up any humans.
Soups Ranjan: We also have other types of AI agents.
One example is an agent investigating a money mule ring for one of our largest bank customers. Every fraudster has a tell. In this case, the fraudster had created hundreds of accounts using one device, and then used another device that they thought was separate. But by moving through multiple hops, the agent found another 100 users connected to that same pattern.
That allowed us to quickly block the ring.
We also have a graph analyst agent. You can give it a prompt, and it analyzes connection graphs. It can connect identities through phone numbers, devices, accounts, and other relationships.
Then there is a rule recommender or rule assistant agent. Fraud analysts do not always know every feature available to them to create rules quickly. Inside Sardine, we have 10,000 features, and no one can remember all of them.
The rule assistant agent lets you talk to it in natural language. It creates a rule, back-tests the rule, tells you how many times it will fire, and gives you precision and recall without requiring you to know SQL.
Soups Ranjan: The key question is how to connect these building blocks so that we can fight fraud at machine speed.
First, you have to get all your data in one place. No AI model will succeed at fraud investigation unless it has access to all your data.
Second, you need agents with very well-defined, narrowly scoped jobs. The rule assistant agent, data analyst agent, graph agent, and other agents all have narrow scopes. If you give an agent too wide of a scope, it may hallucinate.
Third, you need a workflow tool that chains these agents together.
An anomaly detection agent can automatically discover tells and anomalies. It can hand those anomalies to a data analyst agent, which writes SQL and finds other users who look the same. That can then go to a graph agent for graph analysis, and finally to a rule assistant agent to write and apply rules.
That is how you can create an end-to-end fraud investigation that does not need to wake up humans.
We are not quite there yet, but we are getting there.
Soups Ranjan: One question fraud ops and compliance ops teams often ask is how they can stay ahead and maintain job security with the advent of AI.
My view is that the jobs are not going away. This is a new skill set that fraud investigators now get access to.
When I led fraud teams at Coinbase and Revolut, I had both data scientists and fraud ops people. The data scientists were great at data analysis, but they did not have the sixth sense to find fraud. The fraud ops people had an amazing sixth sense to fight fraud, but they could not write SQL.
With AI agents like the data analyst agent, fraud ops teams get a superpower they did not have before. They can become SQL ninjas without needing to know SQL.
If you give people who already have the sixth sense to catch fraud the best tools, imagine what they can do.
The jobs are not going away. Everyone is going to get smarter.
Audience Question: How do you anticipate the next evolution of fraud that you have not seen yet?
Soups Ranjan: I strongly believe the next major fraud ring will be fully automated. I do not know if the 150,000-account fraud ring was fully automated, but I strongly believe the next one will be.
An AI agent will go to the dark web, find stolen identities and stolen cards, and start creating accounts autonomously.
Audience Question: When you cannot wake the data scientist overnight, how much does your false positive rate increase? And in the 150,000-account incident, were there CAPTCHAs involved to add friction to the account creation process?
Soups Ranjan: The false positive and detection rate has to be thought through very carefully. The rule assistant agent calculates the rule fire rate as well as precision and recall.
Precision and recall can only be calculated if customers are giving us feedback data. Most of our customers give us historical feedback data. For signups, they tell us which accounts they froze after signups. For logins, they tell us which accounts successfully entered their password or failed. For card transactions, they tell us which transactions led to disputes.
Because we have that feedback data, we can tell you precision and recall before you push a rule live to production.
For the 150,000-account incident, some sites definitely had CAPTCHAs. But what we are finding is that AI is getting pretty good at solving CAPTCHAs.
Audience Question: Do you think the threat of fraud in onboarding and verification will ever get so severe that banks investing in digital capabilities start to pull back because it is getting too difficult to fight?
Soups Ranjan: No, I do not think that will ever be the case.
Fraud, at the end of the day, is a numbers game. You do want to have a little bit of fraud. If you had zero fraud, you probably added so much friction that nobody loves your customer experience.
Most banks we speak with are comfortable having some amount of fraud. Fraud is a cat-and-mouse game. There will always be new tools that fraudsters have access to. Hopefully, what I showed today is a reflection of what the fraud-fighting industry is capable of doing as well to prevent those types of fraud attacks.
Here are 10 key insights from the keynote:
1. Fraud is moving toward autonomous AI agents
Ranjan warned that the next major evolution of fraud may involve AI agents independently sourcing stolen credentials, creating accounts, and executing attacks without human involvement.
2. Online identity verification is under pressure
Synthetic IDs, deepfakes, and open-source tools are making it harder to rely on traditional document checks and selfie-based verification.
3. Deepfakes are becoming cheaper, smoother, and easier to deploy
Ranjan showed how deepfakes can now be created with free tools and very limited source material, including a single image captured during a video call.
4. Device binding is now essential to identity verification
The keynote emphasized that lenders must understand whether an identity check is coming from a real, trusted device—not just whether the person can move their face on camera.
5. Fraudsters still have tells
Even sophisticated attackers make mistakes, such as reusing device fingerprints, hiding behind proxies, or creating multiple accounts from related infrastructure.
6. AI can compress fraud investigation from weeks to minutes
In one example, an AI data analyst agent identified attack patterns and helped block a large-scale account creation attack in about five minutes.
7. Agentic fraud ops depends on connected data
AI agents cannot investigate effectively unless identity data, device data, transaction data, workflow data, alerts, and feedback data are brought together.
8. Narrowly scoped AI agents reduce risk and improve performance
Ranjan argued that agents should have clearly defined jobs, such as anomaly detection, graph analysis, data analysis, or rule recommendation, to reduce hallucination risk.
9. Fraud operations can move toward machine-speed response
By chaining anomaly detection, data analysis, graph analysis, and rule-writing agents together, institutions can move closer to end-to-end fraud response without waking up humans.
10. AI gives fraud investigators new superpowers
Rather than replacing fraud ops teams, AI can help investigators apply their fraud instincts with tools that allow them to analyze data, write rules, and investigate patterns without needing to know SQL.
Sign up for the CLA Finance Summit Series
“`