º¬Ðß²ÝÉçÇø

Artificial intelligence has evolved from a mere auxiliary tool into a core piece of business infrastructure, embedded across operational, marketing and risk management processes and dramatically boosting efficiency. Yet, as the technology spreads and use cases deepen, the avenues for criminal activity expand in parallel. AI-related economic crimes are becoming more intelligent, more context-specific, and harder to detect.

Infringers have already permeated offences ranging from fraud to the misappropriation of trade secrets and the sabotage of computer information systems. This shift challenges both the liability logic of traditional criminal law and corporate risk control systems still reliant on manual review. It also signals the emergence of a ¡°new frontier¡± of crime, one that centres on technology but is defined by harm to legal interests.

Such risks cluster around three main domains: cybersecurity, data security and model security. Cyberattacks designed to seize assets, alongside data breaches infringing personal information or corporate secrets, represent today¡¯s principal criminal risk patterns. In local judicial practice, crimes committed using AI or deepfake technologies have now been identified as targets for intensified enforcement. The response to these risks has thus moved beyond theoretical warning into the realm of judicial reality.

AI-driven economic crimes

Economic crimes triggered or intensified by AI are expected to emerge in four typical forms.

(1) Deepfake-enabled real-time interactive fraud. This is currently the most prevalent and direct criminal pattern. AI has taken deepfakes beyond static identity impersonation, enabling situational deception through live, interactive audio and video. By accurately mimicking a specific person¡¯s voice, micro-expressions and speech habits, fraudsters can conduct scams or extortion during video-conferences, crimes that are highly deceptive and harmful.

(2) Big data-driven spear phishing and supply chain fraud. AI can automatically extract and analyse vast quantities of both lawful and illicit data, such as supply chain details or executives¡¯ social media footprints, to construct finely targeted models of social engineering. It then manipulates victims¡¯ psychology asymmetrically, undermining established trust mechanisms and decision-making patterns to achieve fraudulent ends.

(3) Algorithmic market manipulation and structural financial fraud. In the financial sector, AI may be deployed to manipulate securities markets, for example, by generating fake research reports to sway public sentiment or to execute high-frequency trading scams and design complex, deceptive or discriminatory financial products. The opaque, ¡°black box¡± nature of such algorithms poses serious challenges for proving intent and ensuring effective regulatory oversight.

(4) Automated, large-scale intellectual property infringement and unfair competition. AI can be programmed as an automated infringement engine, crawling the internet for copyrighted content to rewrite or recompose, or mass-producing counterfeit trademarks and packaging designs. These low-cost, distributed acts of infringement and unfair competition can seriously disrupt market order.

Dilemmas and dynamics

When AI agents become entangled in criminal conduct, judicial practice encounters complex scenarios that traditional criminal law theory was never designed to anticipate. The main difficulties fall into four areas.

(1) Can an AI agent bear criminal liability? Current criminal law recognises only natural persons and corporate entities as subjects of liability. AI systems themselves lack criminal capacity. The prevailing judicial view attributes culpability to the developers, deployers or users behind the technology, treating them as indirect perpetrators, or those who employ AI as a tool. However, when AI produces unpredictable ¡°hallucinations¡± or autonomous actions, the causal chain breaks, leaving the question of responsibility blurred.

(2) Proving joint offence and subjective knowledge. It is difficult to establish shared criminal intent among multiple actors such as technology providers, model trainers and end users. Determining whether a technology platform had ¡°knowledge¡± of a user¡¯s criminal activity is key to distinguishing between aiding cybercrime and engaging in neutral technological conduct.

(3) Technical barriers to evidence preservation and fact finding. AI-related crimes are highly virtualised and automated. Evidence is primarily digital and easily altered. This complicates the authentication of AI-generated forgeries and the tracing of automated scripts. As a result, judicial authorities often depend heavily on external technical experts for forensic verification and fact finding.

(4) Balancing criminal regulation and technological innovation. Criminal law must remain restrained: excessive enforcement risks stifling innovation, while inaction breeds impunity. Ongoing judicial experiments aim to align R&D risks with legal responsibility, and to balance technological particularities with the values protected by law, carefully delineating the proper boundaries of criminal intervention.

Action and defence

As AI-driven crime surges beneath the surface, companies must shift from passive response to proactive defence, building comprehensive compliance and risk management systems for the age of AI.

To bridge the gap between law and technology, and strengthen compliance review, in-house counsel need a basic command of AI fundamentals, the workings of large models and intelligent agents, and the legal significance behind technical terminology.

They should ensure that AI training data is sourced lawfully and manage the entire data lifecycle, from collection and storage to use and destruction, to avoid infringements of personal information laws. At the same time, firms should establish algorithmic impact assessment mechanisms to detect and eliminate bias or discrimination, reducing risks of unfair competition or ¡°big data-based¡± consumer fraud.

From a technology protection perspective, companies should adopt an integrated strategy combining patents, trade secrets and copyright, while predefining the ownership and usage rules for core algorithms and AI-generated outputs. For high-risk scenarios such as deepfake-enabled fraud, they should implement dual-track verification systems for financial approvals and conduct regular anti-fraud training across all staff.

In addition, closer collaboration with forensic institutions can strengthen capabilities in identifying AI-generated forgeries and reverse engineering algorithms, enabling faster responses to disputes. Ultimately, enterprises should take part in drafting industry standards and refining the legal framework, using experience sharing and rulemaking advocacy to balance innovation with robust risk control.

Ethan Zhang is a senior partner at Joint-Win Partners