In March 2025, OpenAI upgraded ChatGPT’s image-generation capabilities. Within days, finance teams discovered employees were using it to create fake receipts. Not doctored receipts. Not slightly altered receipts. Completely fabricated receipts that looked identical to real ones, complete with wrinkled paper, itemized breakdowns, and merchant logos.

The technology that was supposed to eliminate fraud just industrialized it.

According to recent data from expense management platforms, fake AI-generated receipts now account for 14% of fraudulent document submissions in some organizations, up from essentially zero two years ago. One software provider flagged more than $1 million in fraudulent invoices within 90 days at a single client. Nearly 70% of CFOs reported that employees were using AI to attempt to falsify travel expenses or receipts, with about 10% admitting they were certain it had happened at their company.

We built AI to catch bad actors. Now the bad actors are using better AI.

The Old Fraud Was Easy to Catch

Traditional expense fraud followed predictable patterns. Employees would submit duplicate receipts, slightly inflate amounts, or claim personal expenses as business-related. Finance teams caught these through random audits, pattern analysis, and occasionally just remembering they’d seen that receipt before.

The numbers were always troubling—the Association of Certified Fraud Examiners estimates organizations lose 5% of revenue to fraud annually, with 86% involving asset misappropriation including falsified expenses. But the fraud was manageable because it was manual, slow, and left obvious traces.

A receipt that’s been physically altered looks different. A duplicate submission shows up in basic searches. Unusual spending patterns trigger alerts. The system wasn’t perfect, but it worked well enough that most organizations audited only a small sample of transactions—typically 5-10%—and accepted the rest on trust.

That model is dead.

The New Fraud is Invisible

Here’s what changed: generative AI democratized forgery.

Creating a convincing fake receipt used to require Photoshop skills, time, and knowledge. Now it requires a text prompt. “Create a receipt from Joe’s Steakhouse in Chicago for $127.43, dated October 15, 2025, with itemized details for dinner meeting.” Thirty seconds later, you have a receipt that includes proper tax calculations, realistic item names, and even subtle printing artifacts that make it look authentic.

The expense management platform Rydoo reported seeing receipts demonstrated to the Financial Times by expense management platforms that included wrinkled paper, itemization that matched real menus, and signatures that looked hand-signed. Research by SAP Concur found that nearly 70% of chief financial officers believed employees were using AI to falsify travel expenses.

An employee at a major university was caught stealing millions by making authorized purchases below approval thresholds. When the university audited 100% of spend using AI detection tools, they found more than $50,000 in fraudulent expenses from that single employee. The fraud wasn’t sophisticated—it was volume.

This isn’t about a few bad actors. This is about AI lowering the barrier to fraud so much that previously honest employees are now testing boundaries.

The Detection Problem

Fighting AI fraud with AI sounds logical. Every major expense management platform now touts AI-powered fraud detection. AppZen claims to audit 100% of expenses in 42 languages across 97 countries. Oversight promises 95% risk detection accuracy and 99% duplicate payment prevention. DetectX uses “agentic AI” with neural networks instead of legacy rules. Rydoo’s Smart Audit flags AI-generated receipts before they reach approvers.

These tools work. Sort of.

They catch obvious fakes—receipts with impossible merchant categories (a hospital bill classified as “conference food”), duplicate submissions, and spending patterns that deviate from norms. Companies using these systems report 85% reductions in expense report submission time and 70% reductions in audit effort.

But they’re playing catch-up. The same AI that creates fake receipts gets better every month. The detection tools improve quarterly. It’s an asymmetric game where the offense has all the advantages.

Detection also creates new problems. False positives generate audit fatigue. Employees submitting legitimate receipts from unusual merchants get flagged. A street named “Gin Street” triggers alcohol policy violations. Finance teams drowning in alerts start ignoring them. The system becomes noise.

And here’s the uncomfortable reality: AI detection works best on volume fraud, not sophisticated fraud. It catches the employee submitting 20 fake receipts a month. It misses the executive submitting two perfect fakes per quarter for high-value dinners that never happened.

The Compliance Nightmare Gets Worse

Expense fraud isn’t just about stolen money—it’s about compliance risk.

The Foreign Corrupt Practices Act (FCPA) holds companies responsible for bribes and improper payments, even if executives didn’t know about them. The Sunshine Act requires tracking healthcare professional interactions. China’s fapiao compliance has specific receipt requirements. Companies operating globally have to comply with dozens of regulatory frameworks, all of which assume receipts are trustworthy primary documents.

When AI makes receipts unreliable, the entire compliance infrastructure collapses.

Consider a pharmaceutical company with sales reps entertaining doctors. Under the Sunshine Act, these interactions must be reported. An AI-generated receipt showing dinner with Dr. Smith at Restaurant X creates a false compliance record. The company reports it to federal regulators. The IRS accepts the deduction. Everyone downstream trusts the document.

Except the dinner never happened.

Now multiply this across thousands of employees, dozens of countries, and years of potential violations. The liability isn’t just fraud—it’s systematic compliance failure that companies didn’t even know was happening.

The Monaco Memo refined DOJ’s approach to FCPA enforcement. Companies are evaluated on their compliance programs’ effectiveness. If your expense system can’t reliably detect AI-generated fake receipts, you don’t have an effective compliance program. You have a legal time bomb.

What Actually Works

100% auditing sounds expensive until you compare it to the cost of fraud and compliance violations.

The platforms that are working deploy layered detection: AI algorithms analyze receipt metadata, validate merchant information against external databases, check price ranges against known norms, flag duplicates across systems (expense reports, card transactions, invoices), and watch for policy violations before submission rather than after.

But technology alone doesn’t solve this. The companies getting ahead of AI fraud are implementing organizational changes:

Segregation of duties. No employee can approve their own expenses. No executive assistant should have the same system access as the executive. These basics get violated constantly.

Real-time enforcement. Flag issues at submission, not at month-end close. Prevention beats detection.

Clear policies. If employees don’t know what’s allowed, they’ll test boundaries. Make the rules obvious and accessible.

Culture changes. Organizations that tolerate “creative” expense reporting get more of it. Make fraud culturally unacceptable, not just against policy.

Continuous monitoring. The fraudsters aren’t taking breaks. Neither should your systems.

One company implemented automated reviews with Oversight and found that 30% of US and UK finance professionals had seen a rise in falsified receipts after GPT-4’s launch. They weren’t catching more fraud because they were better at detecting it—they were catching more because there was more to catch.

The Market Reality

The global expense management software market is growing, but not because companies love buying software. They’re buying it because the alternative is worse.

Companies using advanced AI audit systems report savings of $10 billion and 27.5 million hours across implementations. But those numbers only work if you actually implement them properly. Most organizations are still auditing 5-10% of expenses and hoping for the best.

That strategy worked when fraud was manual and rare. It fails catastrophically when fraud is automated and easy.

The platforms themselves are consolidating. AppZen, Oversight, DetectX, Expensify, Ramp, Rydoo, and Safebooks are all competing for the same problem. The winners will be the ones that can prove ROI not in prevented fraud—which is hard to measure—but in reduced audit time and compliance confidence.

For CFOs, the calculus is straightforward: spend money on prevention, or spend more money on fraud losses, compliance violations, and reputation damage. The prevention is cheaper.

What This Means for Your Organization

If you’re still spot-checking expenses or relying on manager approval as your primary control, you’re exposed.

Audit coverage matters. Move toward 100% automated review. The cost of computing has dropped enough that this is now feasible for mid-sized organizations.

Policy enforcement happens at submission. Waiting until month-end to flag issues means the fraud has already occurred. Real-time policy checks prevent problems before they enter your books.

Integration is everything. Your expense system needs to see corporate card transactions, invoice payments, and expense reports in one place. Fraud migrates to the gaps between systems.

External validation is crucial. Don’t just analyze the receipt—validate the merchant exists, the prices are reasonable, and the timing makes sense. AI can generate perfect-looking receipts for restaurants that don’t exist.

Training won’t solve this. Telling employees “don’t commit fraud” doesn’t work when the fraud is easy and consequences are rare. Build systems that make fraud difficult and detection certain.

The Forecast

AI-generated expense fraud will get worse before it gets better. The technology to create fake receipts will improve faster than detection tools. More employees will test boundaries. More organizations will discover fraud only after it’s been happening for months or years.

But this is solvable. The companies that treat expense management as a compliance and control issue rather than an administrative function will pull ahead. They’ll have cleaner books, lower fraud losses, and better regulatory standing.

The companies that keep treating this as a spot-check problem will keep getting spot-check results—with AI-scale fraud hiding in the gaps.

The fraud is here. The question is whether your controls are.