From AI research at UC Berkeley and Microsoft to co-founding DataVisor, Fang Yu shares how AI is reshaping fraud detection and cybersecurity.
Fang, could you share your journey into AI and cybersecurity, including what inspired you to co-found DataVisor and focus on fraud detection?
I started my journey into AI and cybersecurity during my academic work in internet security. After earning my Ph.D. at UC Berkeley, I went on to join Microsoft Research’s Silicon Valley lab, an environment that’s at the forefront of innovation. There I was able to witness some of the best minds in computer science working on how to detect large-scale system abuse and emerging cyber threats.
Yinglian Xie, the co-founder of DataVisor, joined the lab after completing her Ph.D. at Carnegie Mellon. She and I had very similar research interests, specifically in identifying security threats by finding correlations between seemingly unrelated events. That work became foundational to how we think about fraud today. What we saw even back then was that attacks were becoming more coordinated, more subtle and harder to detect using traditional approaches. Fraud was no longer obvious anomalies; it was about hidden relationships and patterns across massive datasets.
From there, we knew that if we wanted to effectively combat fraud at scale, we needed to move from academic research to actually building systems that could operate in real-world environments. That’s what led us to co-found DataVisor in 2013. From its inception, our focus has been on proactively identifying fraud networks before they strike, using AI to uncover patterns that traditional systems simply cannot track.
How have you seen fraud detection evolve over the past decade, and why are traditional, rules-based systems no longer sufficient?
Over the past decade, fraud has become more sophisticated, coordinated and much faster. What used to be isolated incidents are now large-scale operations run by organized fraud networks. These networks are continuously adapting and testing new strategies that exploit gaps.
What once worked, such as traditional rules-based fraud prevention systems, are not designed for this level of complexity. These systems rely on predefined patterns and rules, which means they are always reacting to what has already happened. By the time a new rule is created, fraudsters have already adapted.
There has also been a dramatic increase in scale due to AI. Fraudsters can now automate attacks and generate synthetic identities, making detection even more challenging. At the same time, these legacy systems create operational strain. Analysts have to review hundreds of alerts each day, much of it repetitive work, leading to fatigue and missed signals. In this environment, legacy systems cannot keep up as they are too rigid and slow to respond to constantly evolving threats.
Could you explain what an adaptive, intelligence-led fraud detection system looks like, and how it differs from legacy approaches?
An adaptive, intelligence-led fraud detection system is designed to evolve alongside the threats it’s defending against. Instead of relying on static rules, as legacy systems do, it continuously learns from new data and identifies patterns that haven’t been explicitly defined. Meaning the system is proactive rather than reactive.
At DataVisor, this is powered by unsupervised machine learning, which can uncover hidden connections across users, transactions, and behaviors without needing labeled examples. That’s critical because many of today’s most sophisticated attacks are entirely new and without defined labels. With AI agent innovations, like our newest product Vera, we’re also introducing a new operating model where fraud teams can interact with AI using natural language. Teams can translate intent directly into action. This approach brings three key advantages: speed, intelligence, and adaptability. Teams can detect threats earlier, respond faster, and continuously refine their strategies as new patterns emerge.
With fraudsters increasingly leveraging AI to scale attacks, how is the “AI arms race” shaping the way organizations defend themselves?
We are in a real AI arms race, and right now it is a double-edged sword. Fraudsters are moving faster because they are not held back by regulation or legacy systems. They are testing, adapting, and scaling attacks faster, putting many organizations in a reactive position.
At the same time, most institutions are still figuring out how to use AI defensively at scale. They may have tools in place, but the bigger challenge is connecting systems to reduce manual work and building the infrastructure to act quickly.
What we need is governance in place, linking data across teams, and using AI to speed up decisions, not just improving detection. Fraudsters may have the edge today, but that will shift. The competitive difference comes down to how quickly organizations can operationalize AI and turn it into a real advantage.
How are approaches like anomaly detection, behavior modeling, and real-time intelligence sharing helping organizations stay ahead of sophisticated attacks?
These approaches are critical because modern fraud is designed to look normal. Fraudsters are creating attacks that mimic legitimate user behavior, which makes traditional detection methods less effective.
To address this, organizations need to analyze patterns over time across users, transactions and connected entities rather than relying on isolated signals or events. This is especially important as fraud becomes more coordinated and harder to detect at the surface level.
Unsupervised machine learning is particularly effective in this environment. When combined with real-time intelligence and execution, these systems enable teams to detect threats, deploy countermeasures, and adapt defenses faster, without the bottlenecks of manual workflows.
Why is it critical for fraud and cybersecurity teams to work closely together, and what are the tangible benefits of this alignment?
It’s critical for fraud and cybersecurity teams to work together because the threats they face are connected. Cybersecurity breaches produce the stolen credentials and compromised identities that fraudsters then exploit, so having a gap between the two is an open surface area for fraudsters to attack.
When cyber and fraud teams share a centralized view of account lifecycle events, suspicious patterns that would be invisible to either team in isolation become detectable. Shared tooling stretches resources further and cross-training helps both teams recognize threats that overlap, like bot activity or account takeovers.
The bottom line is that siloed security is incomplete. A fraudster who cannot break through the front door will find a way in through a window, and a fraudster who can break in will make sure the fraud detection system doesn’t notice. Closing that gap requires both teams thinking and working as one.
What infrastructure and data strategies do organizations need to implement to effectively combat AI-driven fraud?
Fragmented data is one of the biggest vulnerabilities banks and FIs face against AI-driven fraud. The only way to solve for that is with a unified data layer so you can see the entire customer lifecycle – think transactions, device logins and behaviors all in one place.
Fraud prevention also must adapt. Static, rules-based models cannot keep pace with attackers who are using AI to constantly shift tactics. Not only that, but fraud prevention must leverage the help of AI agents to keep pace, keeping human-in-the-loop elements at the most critical decision points. It’s the only way to triage alerts, tune rules, and automate regulatory filings at a scale that keeps pace with fraudsters.
Many financial institutions are struggling with AI readiness. What are the main challenges you see, and how can organizations bridge this gap?
What we’re calling “the AI readiness gap,” one of the biggest challenges we’re seeing right now. According to our 2026 Fraud and AML Executive Report, 74% of FI leaders see AI-driven fraud as a top threat, but 67% say they don’t have the AI infrastructure to defend against it. Because of this, fraud prevention remains reactive versus proactive. Closing the gap comes down to unified data, adaptive machine learning, and real-time operating models by leveraging AI end-to-end. When done right, AI can increase detection, reduce false positives and cut down on investigation times.
Looking ahead, what emerging trends or technologies do you believe will have the greatest impact on fraud prevention over the next 3–5 years?
Fraud prevention is going to continue to become more proactive, powered by AI technologies, including agents that now execute across the full fraud and AML lifecycle, from detection to investigation and reporting.
We will also see greater convergence between fraud and AML. Many institutions are already moving toward a more unified FRAML approach, recognizing that fragmented systems limit visibility and slow response. Shared data and workflows will help create a more complete view of risk.
At the same time, governance will become more important as AI plays a larger role in decision-making. Transparency and control, in order to establish trust, need to be built in from the start.
What advice would you give to executives and decision-makers looking to strengthen their organization’s fraud and cybersecurity defenses in an AI-driven world?
My advice is to recognize that this is not just a technology upgrade but a fundamental shift in how fraud prevention operates.
Executives should focus on breaking down silos, investing in adaptive AI-driven platforms, and building strong governance frameworks. They should also prioritize reducing manual workflows. Fraud teams today are overwhelmed, and that limits their ability to respond effectively. By automating repetitive tasks, organizations can free up analysts to focus on higher-value work. Most importantly, organizations need to move quickly. The threat landscape is evolving rapidly, and those that hesitate risk falling further behind.
Stay Ahead of the Financial Curve with Our Latest Fintech News Updates!
