Why Footprint Stopped Fighting AI With AI and Started Cleaning Up Its Mess

Why Footprint Stopped Fighting AI With AI and Started Cleaning Up Its Mess

Most fraud teams still run on the same assumption they had a decade ago: a detection tool flags something suspicious, and a human investigates it. That model worked when fraudsters were people. It breaks the moment fraudsters get factories of cheap labor and a model that spins up a thousand fake identities before lunch.

Eli Wachs, co-founder and CEO of Footprint, watched that break in real time. Footprint started as identity verification and fraud detection, a vault that maps a real person to every transaction so they cannot hide in the shadows or keep minting new selves. Then AI changed who was on the other side of the table.

Here is how the threat changed, why Footprint refused to answer it the obvious way, and what it actually means to build investigation into the system instead of throwing more headcount at the alerts.

The Threat Stopped Being People

Wachs is blunt about the scale of the problem. Three to five percent of global GDP, somewhere between two and four trillion dollars, moves illicitly every year, and most of us badly underestimate how organized the other side is. We log off at the end of the day. The people running these schemes do not.

Before AI, the detection model held together. If Footprint flagged that someone might be on a sanctions list, or that a business might be fake, a human picked it up and worked the case. The volume was survivable. Then bad actors got the same generative tools everyone else did, and the math inverted: endless fake companies tied to one name, endless near-identical identities engineered to brush against a watchlist. The detection layer got noisier and less confident at exactly the moment the pile of paperwork exploded.

Why You Cannot Just Fight AI With AI

The instinctive answer is to bolt a bigger model onto detection and call it even. Wachs rejected that framing. His view is that you do not out-AI the attackers head on. You build the system that cleans up the byproduct they create.

That distinction is the whole strategy. When detection tools are no longer certain, the expensive work moves downstream, into investigation. A suspicious case can eat three hours of a team's time deciding whether it is real. So Footprint paired its detection tools with probabilistic language models: the model proposes that a person looks fake or that a case deserves a closer look, and the detection layer Footprint spent its first years building is what verifies whether the model is right. The LLM raises the hypothesis. The hard-won detection stack confirms or kills it.

The Gray Area Is Where the Money Is

The original business plan bet that the value lived in recognizing good actors: vault a legitimate customer once, recognize them at the next bank, save everyone forty-five seconds of re-onboarding. Useful, but not where the cost actually sits.

What Footprint learned is that the real spend is in the gray area, the ambiguous case that sends a team down a three-hour rabbit hole. Compressing that, turning days of investigation into minutes, is worth far more than shaving seconds off a clean signup. The roadmap follows that logic outward: the same investigation primitives that handle a sanctions hit today extend to account takeovers, scams, and elder abuse, and eventually close the full loop from onboarding to alert to a drafted suspicious activity report filed with the government.

The Operational Playbook

  • Audit where your team actually burns hours. It is almost never the clean signups. It is the ambiguous cases. Instrument that, then attack it first.
  • Stop treating AI as a magic detector. Use it to generate hypotheses about suspicious cases, and keep a verifiable system underneath that can confirm or reject what the model claims.
  • Build the boring detection infrastructure before the flashy layer. Footprint could trust its LLM outputs only because it spent years building the tools that check them.
  • Design for the full loop, not a single step. Detection that does not connect to investigation, resolution, and reporting just relocates the bottleneck.

AI did not just give your team better tools. It armed the other side, and it changed where the cost of fraud actually lands. The companies that win are not the ones with the loudest detection model. They are the ones who accepted that detection alone is no longer enough and built the investigation system to resolve what detection can no longer settle on its own.

The pile of ambiguous cases is coming for everyone. The question is whether you have built the system to clear it, or whether you are still planning to hire six people to read the paperwork.

If you enjoyed this article, subscribe to The Unordinary's Podcast.

Listen on Spotify

Watch on YouTube

Blogs

Why Footprint Stopped Fighting AI With AI and Started Cleaning Up Its Mess