AI Surfaces Stronger Fraud Signals, But Security Leaders Still Own The Harder Decisions

The first wave of AI fraud detection deployments inside large enterprises has produced a consistent pattern: impressive prototypes, uneven production performance, and a growing list of governance questions no one team owns. Security organizations under pressure to counter modern threats like phishing, vishing, and AI-assisted attacks have moved quickly on generative tools, often faster than the cross-functional guardrails around them can adapt. The underlying tension is structural, since AI cuts horizontally across the enterprise while most companies are still organized vertically, by function and business unit. The result is a familiar set of outcomes: technical debt, uncalibrated outputs, and false-positive churn that ultimately undermines trust in the tools themselves.

Taka Ariga has spent his career navigating exactly these structural bottlenecks. As Founder of Sol Imagination, where he provides independent AI advisory services to public and private sector clients, Ariga brings 25 years of enterprise readiness experience to the question of how AI moves from prototype to production. He is also a Senior Fellow at the Data Foundation, a former Chief AI and Data Officer at the U.S. Office of Personnel Management, and the first Chief Data Scientist and Director of the Innovation Lab at the U.S. Government Accountability Office, where he served as the lead author of the GAO's AI Accountability Framework.

"We typically throw out the term 'human in the loop' as some sort of panacea toward hallucination and all of these AI slips. I caution against that. Be careful who's actually in the loop. You probably want an expert in the loop, not just any human in the loop," says Ariga. The need for that expert becomes clearer when you map AI's cognitive limits. Generative models handle routine, pattern-based tasks like transcription and summarization well, but anything requiring defensible reasoning, particularly fraud cases or unique medical determinations that hinge on intent, runs into a boundary that historical training data struggles to clear. Without calibration tailored to specific stages of the mitigation lifecycle, generative models tend to scale operational noise rather than deliver targeted solutions, which is exactly when an expert in the loop becomes non-negotiable.

From experience gap to operational gap

Generative models also offer a practical answer to a workforce problem the audit profession has been wrestling with for years. With the sector facing a well-documented shortage of accountants and experienced forensic investigators, Ariga points to recent empirical evidence showing AI can close the experience gap at one end while amplifying expert output at the other. "Interns given access to gen AI actually outperformed experienced auditors without access to it. That tells me AI has the potential to mitigate this experiential gap. When experienced auditors were given access to gen AI, they could generate twice as much high-quality and highly relevant fraud risk," he says. The caveat is that surfacing fraud risk is the easy part, and translating volume into prioritized, defensible action is where most operations stall. "It's one thing to surface potential risk exposures, but then we need to prioritize them and couch them as a likelihood of exposure. That requires intent, integration, and a lot of nuance that I don't think AI is quite good at," Ariga notes.

Ariga argues organizations should rethink where they place human oversight in the workflow, anchoring it at the end of the chain rather than the middle. He cautions against the industry's default reliance on performative human-in-the-loop workflows, where non-experts are dropped into automated processes and slow detection without improving accuracy. For machine-speed threats, the more effective configuration is fully automated detection paired with downstream expert review, since the alternative leaves attack windows open longer than the controls can tolerate. "If you're having an AI model continuously go through network logs, do you really want a human to periodically go in and evaluate certain risk indicators?" Ariga says. "By the time the human gets around to it, it may not have been fast enough to prevent certain types of attacks."

The rush to close those talent gaps has also produced a parallel problem: AI adoption driven by market pressure rather than a clear value proposition. Mandates to deploy AI quickly often push developers to stand up conversational prototypes without the architectural rigor required for production environments, leaving behind technical debt that compounds over time. The Office of Management and Budget's inventory of thousands of federal AI deployments illustrates the pattern, with Ariga noting the vast majority remain in prototype and have yet to demonstrate operational value. "We see a lot of keeping up with the Joneses. These are more FOMO-type AI implementations where companies are finding little to no value," Ariga notes. "Be very intentional on how you're implementing AI solutions and don't just expect magic now that you have some foundation models in place."

Governance as the accelerator

Escaping the prototype phase requires a pivot toward resilient infrastructure and the kind of cross-functional collaboration AI's horizontal nature actually demands. Establishing data reliability typically pulls in legal, HR, procurement, compliance, and domain experts alongside the usual technology owners, since organizations attempting to solve horizontal challenges from inside traditional vertical silos tend to stall. The questions that determine production readiness are also less glamorous than the ones that drive prototype excitement, with workforce training and data integrity often outweighing model selection. "I once had a CISO ask me how to scan their AI for bias. I don't think you can buy a scanner to perform such an activity. This to me is more of a data governance issue," Ariga says. "I see a lot of focus on the boring questions. Is your data reliable enough to actually leverage the benefits of AI? Are the governance guardrails in place so that you don't have developers running way ahead and creating additional risk that needs to be walked back?"

The payoff is that properly designed governance functions as an accelerator instead of a brake. Implementing rigorous oversight early in the adoption lifecycle reduces the friction of technical debt, keeping teams from scrapping and rebuilding projects that should have been scoped differently from the start. Distributing accountability across legal, procurement, HR, unions, compliance, investigators, and the COO, CFO, CIO, and CDO equips organizations to make fast tactical decisions while systematically addressing the broader production challenges that no single function owns. "If you structure the governance dimension and the mechanics appropriately, governance can actually be an accelerator to innovation because then you're avoiding all of this tech debt down the road," Ariga concludes. "AI adoption will only happen at the speed of confidence, not at the speed of innovation. I think a lot of organizations are really focusing on what those building blocks might look like so that they can scale and productionalize accordingly."