AI-Enabled Sanctions Evasion: New IT Risk
Sanctions evasion, aided by intelligence, is no longer just a small problem for those who enforce the rules. It is now something that happens at the intersection of computers, money, fake identities, and weapons. There is a report from the Royal United Services Institute called Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing. This report says that North Korea and Iran are making intelligence models to help them get around sanctions and pay for things they are not supposed to have.
This is a concern for those who study defence. The same computer systems that move money around can also be used to pay for missile, nuclear, and computer attack programs. Sanctions evasion, aided by intelligence, is a problem that directly affects those who study defence. Artificial intelligence is used for sanctions evasion. This issue is something that people who study defence need to think about.
Importance of AI-Enabled Sanctions Evasion
Proliferation financing is when people use money or financial services to buy, make, move, or help weapons of destruction. Banks are not the ones that should worry about AI-enabled sanctions evasion. This issue also affects groups such as cloud providers, recruiters, payment teams, cryptocurrency exchanges, defence contractors, and software vendors. RUSI warns that bad actors are moving from using AI for tasks to using AI, to coordinate lies across entire businesses. The difference between AI-assisted and AI-enabled sanctions evasion is important.
AI-assisted evasion uses intelligence for one job, like writing phishing emails or making fake profiles. However, AI-enabled sanctions evasion is more complex. It connects identities, fake companies, payment routes, crypto wallets, and other things into one chain of lies. Proliferation financing and AI-enabled sanctions evasion are issues. They involve different groups and require a lot of coordination. Using AI for tasks is different from using it to coordinate across businesses. AI-enabled systems can link things together to hide the truth. Such behaviour makes it harder to catch actors.
Fake Documents, Real Legitimacy
The RUSI report says that Artificial Intelligence can make many documents that look real and do the office work for big groups of shell companies. This means people do not have to work hard and they make fewer mistakes. It also helps people who are not allowed to do business create paperwork that looks real. They can do it faster. For example, Artificial Intelligence can help create fake identities. The report says that people from North Korea have used names and tricks to obtain information from Western companies.
Occasionally a job applicant from another country, a vendor, or a technician might not be a person. In the past, people thought that only humans would try to trick them, and they would do it slowly and in a way that could be seen. That idea is not true anymore. The RUSI report is talking about Artificial Intelligence. How it is changing things. Artificial Intelligence is making it easier for people to create documents and fake identities, such as those used by North Korean operators.
Adaptive Crypto Laundering
AI-enabled sanctions evasion makes it harder to monitor cryptocurrency. RUSI warns that AI systems can look at blockchain patterns awry and change crypto-mixing methods to avoid detection tools. This does not make laundering invisible. It can make suspicious flows harder to tell apart from legitimate activity. Compliance teams need to be aware that old rules and slow manual checks will miss red flags. So defenders need to use analytics that track how users behave, including their identity, payments, login behaviour, wallet activity, and workflow abuse. They have to connect all these things to stay ahead. Defenders need behaviour-based analytics to catch this activity. This way they can separate flows from legitimate activity.
Remote Hiring as Security Risk
People in charge of computers at companies should consider hiring people from other places as a big problem for security. Dr. Aaron Arnold from RUSI said that companies should make sure they really know who they are hiring, teach their staff things, use special computer programs to protect themselves, and watch what people are doing on the computers. He also said that if companies use a lot of computer tools, they might need to have a way to stop things quickly if something strange happens and lots of things are happening at the same time.
Dr. Aaron Arnold, from RUSI wants companies to be careful when they are hiring people from places and using computers. This advice fits the broader cybersecurity picture covered by Defense News Today’s Cyber Security section. Attackers no longer need one spectacular breach. Instead, they can build legitimacy gradually and then use that trust to access payroll systems, software repositories, payment approvals, cloud platforms, or customer data.
CIOs Face Governance Gaps
The challenge is not technical; it’s also about trust. Companies usually handle areas separately, like checking for sanctions, vetting employees, bringing on new vendors, securing cloud data, controlling finances, and monitoring APIs. Attackers don’t care about those boundaries. They focus on getting what they want. As a result, Chief Information Officers, Chief Information Security Officers, compliance officers, and boards need one governance plan. They should bring together data analysis, controlled access to data, detailed audit trails, legal protections, and clear ownership of model risks. A NIST-style approach to managing AI risks can help by promoting transparency, making systems more resilient, ensuring accountability, and regularly evaluating risks. Guidance alone is not enough.
The RUSI also wants to take the discussion beyond just updating compliance. It suggests creating rules for AI systems used to prevent proliferation, setting up secure data centres for sensitive transaction data, checking cloud computing, establishing liability standards, and certifying AI systems through adversarial testing. It also urges organizations to create standards for understanding APIs and to update guidance on combating money laundering to address autonomous AI risks. For companies, this means improving defences against deepfakes, monitoring cloud data better, and using AI to detect inconsistencies in trade documents.
Defence Assessment: AI Arms Race
Sanchit Vir Gogia of Greyhound Research discussed a difference in the way things work. Bad people can get information from records, leaked data, and other places like court filings and procurement notices. They can also learn from onboarding forms and compliance thresholds. On the one hand, the people who are trying to stop them have to manage privacy rules and fragmented data. They also have to work with systems and explain things in a way that is easy to understand.
This difference in power provides people an advantage when they use artificial intelligence to get around rules. It does not create crimes, but it makes old methods better and faster. We already had problems like documents, hidden owners, and fake companies. We had phishing and fake identities. Artificial intelligence just makes these things worse by making them happen faster and on a scale.
Conclusion
People who plan for defence and security will probably see a competition between bad people and good people who use artificial intelligence. Bad people will keep trying to find points in the systems that companies use to trust each other. The good people will try to stop them by using artificial intelligence, better analytics, and stronger controls on who can do what.
Companies should not worry too much about artificial intelligence being used in a big and scary way. The real danger is in the things that we do. When we hire people from away or work with new vendors or approve payments or review documents or use cloud services or work with APIs, there are already ways for bad people to take advantage of us.
In strategic terms, Defense News Today’s Strategic coverage should track this closely. AI-enabled sanctions evasion can help sanctioned regimes fund WMD programs, sustain cyber campaigns, and bypass export controls. Therefore, the next three to five years will demand faster detection, stronger governance, and closer cooperation between IT, finance, legal, HR, and national security teams.
References
- https://my.rusi.org/resource/algorithms-of-evasion-the-rise-of-ai-enabled-proliferation-financing.html
- https://orca.security/resources/blog/nist-ai-risk-management-framework-ai-rmf/
- https://www.fatf-gafi.org/en/topics/proliferation-financing.html
- https://static.rusi.org/algorithms-of-evasion-rp-may-2026.pdf
- https://www.cio.com/article/4177854/another-it-governance-headache-ai-enabled-sanction-evasion.html
- https://www.bbc.com/news/technology-52415775
About the Author
