When Traditional Fraud Detection Beats AI

The Incident

For almost two years, a small Google Cloud Platform (GCP) project quietly stored a few files and generated a monthly bill of about $0.15.

Then suddenly, in a single day, the bill jumped to $19,000.

A service account that had been inactive for two years was somehow misused. The attacker enabled Gemini APIs and began making a large number of requests from multiple endpoints and locations, rapidly consuming resources.

Over a 12‑hour window, Google charged my American Express card nine times. AMEX detected suspicious activity and blocked the transactions.

Why AMEX Flagged the Fraud

AMEX didn’t rely on complex AI reasoning. It simply looked at the spending history and detected a massive anomaly.

• Historical monthly spend was under $1
• Sudden jump to thousands of dollars
• Multiple high‑value transactions in a short period
• Behavior far outside the established baseline

Signals Google Had

Google actually had far more signals available than AMEX:

• Dormant service account suddenly becoming active
• Unexpected enablement of an expensive AI service
• High‑volume API usage from unknown IP addresses
• Thousands of concurrent API calls
• Billing pattern jumping from cents to thousands

Despite these signals, no preventive control or alert stopped the usage before the charges accumulated.

The Irony

A traditional fraud detection system from a credit card company caught the anomaly faster than the AI company selling advanced AI models.

This highlights an important reality: AI systems are powerful, but security still depends on simple guardrails and anomaly detection.

Key Learnings

Final Takeaway

The lesson is not that AI is ineffective. The lesson is that AI alone is not enough.

The strongest security systems combine traditional anomaly detection, rule‑based safeguards, and AI‑driven analysis.