#23: AI Agents Bypass Detection, Exposed GitHub Data Leaking Through Copilot, Tap-to-Phone Merchant Fraud

We’ve got plenty to dig into. AI-powered browsing agents are making fraud detection harder, a GitHub leak may be exposing fraud defenses, and Tap-to-Phone is redefining merchant fraud risks. Let’s dive in.

NATE'S TAKE - MARCH 4, 2025

Top Three This Week

1. AI Agents Are Reshaping the Fraud Landscape—Here’s How
2. Thousands of Exposed GitHub Repositories Are Still Leaking Data Through Copilot
3. What Does Tap-to-Phone Expansion Mean for Merchant Fraud?

1. AI Agents Are Reshaping the Fraud Landscape—Here’s How

Fraudsters are increasingly layering AI browsing agents into their attack scripts, making it easier to navigate login flows, complete transactions, and bypass step-up challenges—all while appearing eerily human.

I shared on my LinkedIn last week that a group of Estonian developers recently released a cloud-based tool that lets users automate web browsing with AI agents for just $30/month. While marketed as a productivity tool, its capabilities make it a goldmine for fraudsters, who can use it to:

• Complete guest checkouts at scale
• Bypass CAPTCHAs and fraud detection tied to device signals
• Automate registration flows and account takeovers

The project is open-source with over 34,000 stars on GitHub, meaning attackers can customize and scale fraud operations faster than ever. AI-powered bots aren’t just scraping content anymore—they’re acting like real users, making it harder for traditional fraud models to detect them.

At Spec, we’ve been tracking and stopping AI agent misuse using Journey Data, which allows us to spot behavioral patterns that reveal when AI agents are in play. Fraud teams need to adapt—real humans aren’t the only ones navigating the web anymore.

2. Thousands of Exposed GitHub Repositories Are Still Leaking Data Through Copilot

A major security lapse has surfaced: Thousands of GitHub repositories that were made private are still accessible through Microsoft’s Copilot AI, exposing API keys, sensitive endpoints, and internal workflows.

For fraud fighters, the concern isn’t just leaked credentials—it’s attackers using this data to manipulate fraud models. If bad actors gain access to API keys that interact with fraud vendors, they could:

• Inject junk data into fraud detection models, reducing accuracy
• Reverse-engineer security workflows to find weaknesses
• Exploit misconfigurations in internal fraud prevention tools

This isn’t just about exposed secrets—it’s about attackers gaining insight into how fraud defenses operate and using that knowledge to evade detection.

GitHub has since patched the issue, but if any fraud vendor APIs or internal security tools were exposed, they may already be compromised. Now is the time for fraud teams to audit API security, review internal endpoint usage, and ensure models haven’t been poisoned with bad data.

3. What Does Tap-to-Phone Expansion Mean for Merchant Fraud?

The rise of Tap-to-Phone technology is transforming commerce, allowing any mobile device to act as a payment terminal. While this expands access to digital payments, it also raises major concerns about merchant fraud.

Historically, accepting card payments required identity verification, business validation, and device-level security controls. But with Tap-to-Phone, nearly any smartphone can process payments, creating new fraud opportunities, including:

• Fake merchants using personal devices to process stolen cards
• Fraudsters setting up disposable "businesses" to conduct rapid chargeback fraud
• Increased risk of device tampering and skimming

When every mobile phone becomes a POS terminal, the entire fraud risk model shifts. Card networks and payment processors will need to rethink how they verify merchants, monitor transactions, and prevent fraud at scale.

Fraud teams should prepare for new fraud vectors emerging from this shift. As Tap-to-Commerce adoption grows, the line between consumer devices and merchant systems is disappearing—and fraudsters are already looking for ways to exploit it.