Public Benefits: When Generative AI Outpaces Government Controls

Fake welfare files: AI outpaces controls

This article draws on data published by HCFiPS, the US Government Accountability Office, Entrust, InScribe, and the OECD. It synthesizes findings drawn from public sources and from common use cases observed in European social-protection workflows.

Information note — The statistical data cited in this article comes from third-party public sources referenced at the bottom of the page. DeepForgery does not guarantee the accuracy or completeness of this data. The scenarios and cases described in this article are provided for illustrative purposes only; they do not constitute a guarantee of results and do not engage DeepForgery's responsibility regarding performance in any specific deployment. Actual results from a detection system depend on each organization's conditions, the volume and nature of files processed, and the chosen configuration parameters.

A case enters your EDMS (Electronic Document Management System). Pay slip, bank statement, proof of address, employer letter—everything fits together. The amounts match, the address is consistent, the layout is impeccable.

Your caseworker reviews it. Approves it. The benefit is paid out.

What no one saw: the four documents were generated in less than an hour by a generative AI tool available online for eleven euros per month. [Qlarant — AI Generated Fraud to Keep an Eye On in 2026 (2026)]

This scenario is not hypothetical. It is the reality documented by control teams in benefits offices, pension bodies, minimum-income case services, and labor-market operators in France and across Europe.

Document fraud in social benefits has changed scale — the data confirms it

For a long time, making a forged document required a scanner, letterhead paper, and hours of retouching. That time is over. AI-assisted digital falsifications now represent 57.46% of global document fraud [Entrust — 2025 Identity Fraud Report (2025)], surpassing physical counterfeits for the first time.

This share has increased by 1,600% since 2021 [Entrust — 2025 Identity Fraud Report (2025)], and by 244% in 2024 alone. This is not a trend — it is a structural break.

Social agencies are directly feeling the consequences. In France, detected fraud in management leading to an overpayment notice amounted to 1.3 billion euros in 2024 [HCFiPS — Fraude sociale 2024, infographie (2024)], of which only 0.6 billion could be recovered. The undetected portion is, by definition, impossible to quantify.

Internationally, US federal programs lose between $233 and $521 billion each year due to public-benefit fraud, i.e., about 2% of US GDP [Booz Allen — Deepfakes Targeting Benefits with AI-Generated Claims (2025)]. In the United Kingdom, the Department for Work and Pensions estimates that £9.5 billion was overpaid in social benefits for the 2024–2025 fiscal year [GOV.UK — Fraud and error in the benefit system, Financial Year Ending 2025 (2025)].

These amounts do not reflect a multiplication of isolated fraudsters. They reflect a structured criminal organization, equipped with tools accessible to anyone.

Why social agencies have become the priority target for document-fraud networks

Case volumes incompatible with systematic manual checks

A mid-sized organization processes several tens of thousands of files per year. Each file can include four to seven different supporting documents. No human team can examine every document within regulatory processing timelines.

Fraudsters know this and calibrate their strategy accordingly. They are not trying to fool a forensic expert — they are trying to pass through the flow, where volume pressure outweighs individual vigilance.

Public eligibility criteria and perfectly documented document formats

Eligibility conditions are published. Pay-slip models, bank-statement templates, and regulated proof-of-address formats are all available online. A generative AI tool can reproduce any of these formats in a few minutes, with a level of precision that is hard to detect with the naked eye.

The observed fraud rate is nearly uniform regardless of document type: it ranges between 4% and 7% for bank statements, pay slips, and tax forms [GovInfoSecurity — Documentation Fraud: a Verification Architecture Failure (2026)]. This uniformity is not a coincidence — it suggests fraudsters algorithmically test the weaknesses of each document type and exploit them with comparable efficiency.

Complete packages that neutralize siloed controls

Fraud is no longer limited to a single forged document. The share of files simultaneously showing identity manipulation and financial manipulation rose from 40.2% in 2024 to 59.8% in 2025 [GovInfoSecurity — Documentation Fraud: a Verification Architecture Failure (2026)].

Fraudsters build files with artificial internal coherence: the pay slip shows a fictitious salary, the bank statement displays deposits of the same amount, the employer letter confirms the contract, and the proof of address completes the set. These packages are explicitly designed to defeat administrative systems that assess each document in isolation, without cross-checking information between them.

Why your current defenses are no longer enough

Visual checks by a trained caseworker remain useful for detecting crude alterations — an obviously inconsistent font, a layout that is clearly improvised. They are insufficient against a document generated from scratch by an LLM (Large Language Model) or a specialized image generator.

OCR (Optical Character Recognition) tools integrated into verification workflows ensure text is readable and matches an expected format. They do not verify whether the file was fabricated from zero. EDMS platforms like OpenText or Alfresco organize and route documents — they are not designed to detect pixel manipulations or inconsistencies in the technical structure of files.

The deepfake threat further complicates the situation. These techniques now represent 40% of all video biometric fraud attempts [Entrust — 2025 Identity Fraud Report (2025)]. Remote identity-verification procedures based on a selfie or a video interview can be exposed to a synthetic face injected directly into the camera feed.

Statistically, about 1 document out of 16 processed by financial and government institutions shows signs of manipulation, fabrication, or misrepresentation [GovInfoSecurity — Documentation Fraud: a Verification Architecture Failure (2026)]. This ratio is high enough that manual sampling checks are no longer a proportionate response to the threat.

Legal and compliance framework: what matters most

The legal consequences of a forged document always depend on the facts, the sector involved, the applicable qualification, and the competent jurisdiction. In practice, the main issue for an organization is to be able to demonstrate a proportionate, traceable, and well-documented verification process, with human review whenever a decision may have a significant effect.

The controls described here should therefore be understood as risk-management, compliance, and evidence-preservation measures. Any final blocking decision, report, contractual sanction, or legal action should still be validated by the relevant legal or compliance teams.

FAQ — What control teams ask most often

Can DeepForgery Documents analyze all types of documents submitted in our files, including foreign or translated documents?

The engine is designed to analyze digital files independently of their language or country of origin, because detection is based on the technical structure of the file and the mathematical properties of pixels — not on semantic reading of the text. For translated or certified documents, the engine is also designed to analyze consistency between the source document and its translated version, including digital signatures of sworn translators when present. Actual capabilities may vary depending on document types and issuers.

How is DeepForgery Documents different from verification features already integrated into our EDMS or our case-management software?

OCR tools and EDMS document-control modules verify that data is readable and matches an expected format. They do not analyze whether a file was fabricated or manipulated. DeepForgery Documents operates on the file's forensic layer — pixels, structure, metadata, generation consistency — where EDMS platforms do not intervene. The two approaches are complementary: one organizes and routes documents, the other is designed to analyze their physical integrity.

Does integration into our existing EDMS require a long IT project or a redesign of our workflows?

API-based integration is designed not to require changes to your EDMS architecture or existing workflow rules. It fits as a metadata-enrichment step when a document enters the system. Actual deployment timelines depend on the complexity of existing workflows and on each body's integration parameters. Agents do not need specific training: the analysis result is designed to appear directly in their usual interface.

What control teams can concretely gain

Broader coverage where manual checks are structurally hard to sustain. Each document entering the EDMS can be analyzed without depending on available resources on the day of processing or on the variable vigilance of a caseworker at the end of the day or during peak periods. The effective scope of this coverage depends on the chosen configuration.

Forensic traceability usable before audit bodies. Each flagged file can generate a structured technical report, timestamped and archived in the EDMS. In the event of an audit by the Cour des comptes or a supervisory inspection, the organization can have elements to demonstrate the nature and level of its detection system.

Prioritization of human controls. Caseworkers can be refocused on flagged files, where their added value is real: contextual assessment, adversarial exchange with the applicant, and the final administrative decision with reasoning.

Potential reduction of the delay between detection and decision. The forensic report can be available in the EDMS when the caseworker opens the flagged file, with no waiting related to externalized analysis or a request for counter-expertise.

Conclusion

Document fraud targeting social benefits has reached a level of industrialization that control systems inherited from the 2010s struggle to absorb. Entire files, technically coherent and designed to slip into institutional workflows without triggering an alert, are produced in minutes by tools accessible to anyone — at a marginal cost that lowered the barrier to entry for organized criminal networks.

The legal and operational framework is evolving in parallel. For managing bodies, the key issue is to review regularly whether controls remain proportionate to the threat, properly documented, and aligned with applicable obligations.

When a fraudulent package is identified and blocked before it reaches the processing stage, it generates neither a paid benefit, nor an uncertain recovery procedure, nor a formal observation in an audit report.