Two identical silver sedans with the same dent — one labeled real, one AI-generated — both marked damage confirmed.

Artificial IntelligenceInsuranceFintech

Your Claims AI Can Spot Damage Perfectly. It Has No Idea If the Damage Is Real.

Ashutosh Singhal May 14, 202612 min read

I had two photos of the same silver sedan open on one screen. The left one was a real rear-quarter-panel dent from a parking-lot scrape. The right one had never been in an accident — someone had fed a clean photo to a diffusion model and asked it to add damage. The crease, the shadow under the lip, the way the paint caught the light: all generated, none of it physical.

I ran both through the damage-assessment model we were piloting. Both came back as genuine damage. Both got a severity score. Both got a repair estimate. The fake one, if anything, got a slightly cleaner read, because the generated damage was tidier than the real-world mess.

That was the morning I understood that insurance claims AI and deepfake detection are two completely different problems, and almost everyone in the market is solving the first one while quietly assuming it covers the second. It doesn't. A damage-assessment model asks what does this look like? It does not ask was this real? And in 2026, that gap is where the money walks out.

Your damage-assessment AI evaluates content. Fraud lives in authenticity. Those are not the same axis, and accuracy on one buys you nothing on the other.

The Threat Model Quietly Changed and the Tools Didn't

Most claims AI was designed in an era when the worst thing that could happen was a wrong number — an estimate that came in $400 too high or too low. That was the whole risk surface: accuracy of the estimate. Vendors competed on it, procurement teams scored it, and everyone got better at it.

Then the inputs got attackable. Anyone with a phone can now take a photo of an undamaged car and ask a freely available model to inject a smashed bumper, complete with plausible lighting and reflections. The scale of this is not theoretical. Deepfake fraud attempts rose 2,137% over three years, and they now account for 6.5% of all detected identity fraud in the financial and payments world. In insurance specifically, AI-enhanced fraud cases in the US went from under 20,000 in 2022 to more than 80,000 in 2025.

The most concrete number I've seen is from the UK. In April 2025, motor carriers there disclosed that fraudsters were using diffusion models to inject scratches and cracks into benign photos, inflating average payouts by roughly £13,000 per incident. That is not a rounding error on a book of business. That is a structural leak.

And consumers are not exactly resisting. Verisk's March 2026 fraud study found 36% of consumers would consider altering a claim image, and among Gen Z that figure climbs to 55%. Meanwhile 98% of insurers now report a surge in manipulated media tied to AI tools. The supply of tools is infinite, the moral hazard is now mainstream, and the assessment model on the other end is reading content as truth.

I Spent the First Stretch Building the Wrong Thing

Here's the part I'm not proud of. When we started, I framed the product as a better damage-assessment model. The market leaders were the bar, so I wanted to clear it. Tractable, which raised $185M and processes over a billion dollars in claims, advertises around 95% accuracy. CCC Intelligent Solutions runs an estimate-to-payment pipeline across 125-plus insurers and crossed a billion in revenue. The obvious move was to be a touch more accurate than that and sell on the delta.

I took that framing into a conversation with a claims leader at a mid-size carrier, and the response was a polite version of we already have one of those. And it was the right response. Another point of damage-assessment accuracy was a vitamin, not a painkiller. The thing that worried that team wasn't whether their estimates were 94% accurate instead of 96%. It was how many of the photos feeding those estimates were real in the first place.

That conversation cost me about a month of conviction. We had built toward the wrong axis entirely. The realization that paid for everything after it was simple and a little humiliating: a more accurate content model makes the fraud problem worse, not better, because it lends a more confident rubber stamp to a fabricated image. The better your model is at reading damage, the cleaner the payout on the fake.

So we stopped competing on accuracy and started building for authenticity. That meant treating every claims photo not as data to be scored, but as evidence to be authenticated — measured, and preserved.

Why Doesn't "Just Add a Deepfake Detector" Work?

Diagram: separate damage and deepfake vendors with a gap where fakes survive, versus one integrated forensic pipeline.

The first instinct everyone has — including ours — is to bolt a deepfake detector onto the front of the pipeline. There's a well-known forensic technique called PRNU, short for photo-response non-uniformity. Every camera sensor has a faint, unique noise fingerprint, and if an image was synthesized rather than captured, that fingerprint is missing or wrong. In a lab, it's elegant.

In a real claims pipeline, PRNU alone falls apart. Phone photos get compressed, re-saved, run through the messaging app the policyholder used to send them, and post-processed before they ever reach you. All of that smears the sensor fingerprint, and the technique is computationally heavy to boot. On its own, it simply isn't competitive with modern generation. The carriers know this is hard, which is why only 32% of insurers say they feel very confident detecting deepfakes, and 76% report that the manipulated submissions they see are getting more sophisticated.

The detection problem isn't "do we have a deepfake model." It's that detection sits in a separate product from assessment, so the authenticity check and the damage check never actually talk to each other.

This is the structural gap I'd point any carrier toward, and it's the reason we built forensic computer vision for the entire claims-evidence pipeline rather than a standalone detector. Verisk publishes excellent fraud research and runs strong analytics, but its detection is post-hoc — it fires after submission, separate from the damage tool. VAARHAFT does purpose-built image-fraud scoring with metadata analysis and adjuster heat-maps, but it does no damage assessment, so you're running two vendors who don't share a model. Tractable and CCC do the assessment beautifully and ship no deepfake detection at all. The carrier ends up stitching authenticity and assessment together across vendors, and the seam between them is exactly where a fabricated image survives.

The honest answer isn't one detector. It's an ensemble — sensor-level forensics, plus segmentation that reasons about whether the damage is physically consistent (the kind of check where a depth-estimation pass flags a dent whose geometry the lighting can't account for, which is exactly where a clean diffusion fake gives itself away), plus a real chain of custody — all inside the same system that produces the estimate.

The Threat I Didn't See Coming Was Us

For a while I thought the whole problem was external — fraudsters on the outside, our pipeline on the inside, a wall between them. Then we caught ourselves doing the damage.

A policyholder had uploaded a photo of a dented rear quarter panel through a mobile app. Our image pipeline, like a lot of pipelines, ran an "enhancement" pass to clean up phone-camera noise before assessment. The upscaler, trained to make images look better, interpreted the dent as noise and smoothed part of it away. The adjuster saw a cleaner, less-damaged car than the policyholder had actually photographed. We hadn't been attacked. We had quietly altered the evidence ourselves.

That's when the legal dimension landed on me, and it's the expertise I now lead every carrier conversation with. Under US law, altering evidence relevant to a legal proceeding is spoliation, and intent doesn't save you. The test isn't "did you mean well by enhancing the photo." The test is whether synthetic pixels — pixels the camera sensor never captured — got introduced before anyone preserved the original. If a denied claim goes to litigation and your workflow overwrote the original with an AI-modified version, you're looking at adverse-inference instructions, sanctions, or summary judgment.

Any pipeline where generative AI touches a claims image — upscaling, denoising, "enhancement" — carries this exposure, and most carriers have never audited for it. The fix in our system became a rule we don't break: the original, sensor-captured image is preserved, hashed, and never overwritten; every transformation happens on a copy with a logged provenance trail. The enhancement can still happen. It just can't happen to the only copy a court will ever ask for.

The Regulators Are Done Accepting "The Vendor's Black Box Did It"

The two threats — synthetic fraud coming in, evidence spoliation going on inside — collide with a compliance environment that got teeth fast.

The NAIC Model Bulletin, now adopted by 24 states, requires documented AI governance, explainable claim decisions, and ongoing model monitoring. Colorado's AI Act takes effect June 30, 2026, and a violation is treated as an unfair or deceptive trade practice. The EU AI Act classifies insurance AI as high-risk with an August 2026 enforcement deadline and penalties up to €35 million or 7% of global turnover. And the NAIC is expected to introduce a model law on third-party vendor oversight this year.

That last one is the quiet earthquake. A carrier is liable for a third-party AI's outcomes — "our SaaS vendor's model decided it" is not a defense a regulator or a court accepts. A carrier using a black-box score to deny a claim can't produce the explanation regulators now demand. A carrier whose pipeline altered the evidence can't produce the original a court demands. Both of those are the same failure wearing two costumes: you don't control, can't explain, and didn't preserve.

This is also why I'm skeptical of the route where a big systems integrator runs the whole thing. The large firms are genuinely good at Guidewire and Duck Creek integration and at writing risk frameworks. But they recommend and integrate platform vendors; they don't build custom forensic computer vision. Their AI work is LLM-centric — copilots and agentic triage — and an engagement runs $500K to $5M with a six-to-eighteen-month runway before any model touches a live claim. You can spend a year and a seven-figure budget and still be holding a black box you can't explain to Colorado.

"But Doesn't This Slow Down Straight-Through Processing?"

This is the objection I get most, and it's a fair one. The whole industry is pushing toward straight-through processing — leading auto insurers are targeting 70–90% STP on basic personal-auto claims, and IDC projects a 65% STP rate across auto and homeowners by this year. Adjusters are expensive; the point of the AI is to keep humans off the routine claims.

People assume forensic authentication is friction that drags STP back down. It's the opposite. The fastest way to kill a straight-through program is one publicized fraud ring or one spoliation sanction — after that, every claim gets a human second look "just to be safe," and your automation rate craters. Authentication is what lets you keep the gate open. When the system can certify that an image is real, unaltered, and provenance-logged, that's the claim you can safely auto-approve. You're not adding a checkpoint; you're earning the right to skip one.

A claim you can prove is real is a claim you can safely pay without a human ever touching it.

And the economics are not subtle. Auto fraud already adds roughly $900 a year to every policyholder's premium, and computer vision done right is projected to cut claim-processing costs by $12 billion annually. None of that materializes if the images going in are fabricated and the originals going out are altered.

What Should a Claims Leader Actually Test For?

Vendor scorecard with accuracy, integration, deployment and price filled in, and the deepfake-detection column blank for every vendor.

A claims VP once walked me through her vendor evaluation grid — a tidy scorecard of accuracy, integration, deployment, price. The "deepfake detection" column was blank across every shortlisted vendor. Not low-scored. Blank. Nobody had built it, so nobody got graded on it, so it fell out of the evaluation entirely. That's the trap: you can run a rigorous procurement and never once test for the threat that's actually growing.

So the column I'd add asks something the accuracy score can't: can the tool tell you whether an image is authentic, not just what it depicts? From there the questions stop being about performance and start being about proof. Will it expose its reasoning — the segmentation mask, the forensic signals — or just hand you a number to trust? The original sensor image needs to survive with a provenance trail you could put in front of a judge. And underneath all of it sits the ownership question: are you running your own model and data, or renting a shared, un-fine-tuned model you can't tune to your book or explain to your regulator?

The carriers who get through the next two years won't be the ones with the most accurate damage estimates. They'll be the ones who can stand in front of a regulator, an adjuster, and eventually a judge, and prove that the pixel they paid out on was real when the shutter fired — and that they never touched it after. If you'd like to see how we built forensic computer vision for exactly that, it's all there.

I keep those two photos of the silver sedan on my desktop. One was a real accident. One never happened. The model couldn't tell them apart, and for most of the industry it still can't. The whole job, it turns out, was never about seeing the damage better. It was about being able to say, with proof, which one was true.