When Anthropic revealed that its new AI model, Mythos, had autonomously identified thousands of zero-day vulnerabilities across every major operating system and web browser, regulators on both sides of the Atlantic took immediate notice. Emergency meetings were convened, central bank governors gave speeches and the financial industry began asking urgent questions about the security of its core infrastructure.
Those questions are the right ones to ask. But there is a parallel threat already in motion that has received far less attention: the use of AI to manipulate the payment dispute system itself. Not by breaking in, but by exploiting the rules from within, and unlike a software vulnerability, those rules cannot simply be patched.
The dispute layer is uniquely exposed
Financial infrastructure has two distinct attack surfaces. The first is technical: the code, the systems, the software that banks and processors run. This is what Mythos has made legible at speed, surfacing vulnerabilities that human researchers might take months to find. It is alarming, but it is at least a known category of risk with a known response: find the flaw, patch the flaw.
The second attack surface is structural: the rules, thresholds, policies, and behavioral assumptions that govern how the payments ecosystem operates. Chargeback rules, dispute reason codes, evidence standards, time limits – these are features, deliberately designed into the system. And a sufficiently capable AI model can learn to reverse-engineer every one of them.
What makes this exposure so difficult to address is precisely that there is no patch available. You cannot update a Visa reason code the way you update a browser. The rules that govern the dispute process are structural features of the global payments ecosystem, negotiated and standardized across card networks, issuers, acquirers, and merchants. They evolve slowly and by committee but AI does not have that limitation.
AI-fabricated evidence is already a live threat
The practical exploitation of this vulnerability is here today as generative AI is being used to fabricate the evidence that underpins refund and chargeback claims. The quality of these fabrications now routinely overwhelms standard manual review.
Research published in 2026 found that 59 percent of consumers agree that AI supercharges refund abuse, and the market data supports that assessment. Card-not-present fraud losses are estimated to reach $28.1 billion by 2026, a 40 percent increase from 2023. Global chargeback volume is projected to rise from 238 million disputes in 2023 to 337 million by 2026. The trajectory was already steep before Mythos but AI-assisted fraud accelerates it further.
What Mythos introduces is a step-change in the sophistication and scale at which this kind of exploitation can be automated. The same autonomous, multi-step reasoning that allows Mythos to chain minor software vulnerabilities into complete exploits can be applied to chargeback rules: identifying which combinations of claim type, evidence format, and reason code are most likely to succeed, and executing them at machine speed across thousands of transactions simultaneously.
Agentic commerce is creating a new category of dispute
Alongside the threat of AI-assisted fraud, a shift in how commerce itself works is introducing a new category of dispute that the existing frameworks were simply not designed to handle. Agentic commerce, where AI systems execute purchases autonomously on behalf of consumers, is moving into the mainstream.
Visa has confirmed it has already completed secure AI-initiated transactions with partners and is positioning 2026 as a key year for agent-driven commerce. Mastercard is expanding infrastructure for agent-initiated payments through its Agent Pay initiative. Research from PSE Consulting found that 85 percent of UK shoppers planning to use AI for holiday purchases said they would trust an AI system to place orders and execute payments on their behalf.
For the dispute system, this creates a fundamental challenge. Chargeback frameworks have always relied on the click as the signal of consumer intent. When an agent executes a purchase automatically, there is no click, so no clear moment of human decision. When the customer sees a charge they do not recognize or agree with, the first reaction is often a dispute. And the traditional evidence that resolves disputes, authentication confirmations, delivery records, customer communications, simply does not map onto how agent-initiated transactions work.
For years, chargebacks have fallen into three categories: fraud, merchant error, and buyer’s remorse. Agentic commerce is creating a fourth that does not fit neatly into any existing reason code or resolution process. And the industry has not yet agreed on how to handle it.
What the industry needs to do now
The lesson from Mythos is not simply that AI can find vulnerabilities faster than humans can patch them. It is that any rule-based system, including the payment dispute process, is now subject to the same kind of autonomous, rapid reverse-engineering. The window between a new AI capability becoming available and its exploitation in the wild is narrowing and organizations that wait for the threat to become visible before responding will already be behind.
Most merchants and financial institutions currently lack the tools and visibility to monitor dispute activity in real time, identify emerging patterns early, or respond at the speed the threat now demands. Many still rely on manual review processes and static rule sets that predate this generation of AI tools by years.
Three things need to happen across the industry. First, dispute monitoring must become continuous rather than periodic. Static models reviewed quarterly are no longer sufficient when threat patterns can evolve in days. The evidence standards that govern chargeback resolution need to be updated to account for AI-generated content, specifically image and document fabrication, which existing review processes were not designed to detect. Finally, card networks, issuers, acquirers, and merchants need to agree on a framework for agent-initiated disputes before volume makes the problem impossible to manage retrospectively.
The good news is that AI works as well in defense as in attack. Continuous, AI-driven performance measurement across the dispute lifecycle, combining machine learning pattern detection with real-time operational data, can identify anomalies and emerging fraud vectors long before they become systemic losses. Organizations investing in that capability now will be significantly better positioned than those responding after the fact.
The back door is already open
The debate around Mythos has been set up almost entirely as a cybersecurity story: can AI break into bank systems? That is an important question. But the payment dispute system is a softer target, less visible, less defended, and structurally harder to harden, and the exploitation of it is already underway.
Mythos has not created the threat but it has clarified the direction of travel and compressed the timeline. The financial industry has a narrow window to extend the urgency it is rightly applying to cybersecurity infrastructure into the dispute layer as well. But that window will not stay open for long.
