By 2025-2026, AI-powered identity theft had emerged as a major and growing threat category, representing a structural shift in how identity fraud and credential theft are conducted at scale. Key developments documented by the Identity Theft Resource Center (ITRC), Okta, and industry researchers: (1) Synthetic identity fraud — AI generates complete fake identities combining real SSNs obtained from data breaches with generated names, addresses, and photos, enabling new account fraud at financial institutions; (2) Deepfake KYC bypass — generative AI video and voice tools defeat liveness detection at banks, crypto exchanges, and identity verification services (Jumio, Onfido, Sumsub) enabling account takeover and fraudulent account creation; (3) AI voice cloning enables highly convincing vishing calls impersonating bank fraud departments, CEOs (BEC), and customer service agents, bypassing voice authentication systems used by major banks; (4) AI-generated phishing emails achieve higher click rates by personalising content using data scraped from social media and data breach dumps; (5) Deepfake impersonation of executives for wire transfer fraud (BEC 2.0) — video call fraud where a fake CFO or CEO authorises fraudulent transactions in real-time video meetings. Verified incidents include the 2024 Arup Engineering deepfake CFO video call fraud ($25M lost in Hong Kong), multiple crypto exchange KYC bypass incidents confirmed by Chainalysis, and a documented AI voice fraud against a major European energy company ($243,000 stolen). ITRC reports that data breach-enabled identity theft complaints exceeded 1.4 million in 2025. The UK NCSC, US FTC, and ENISA all issued 2025-2026 advisories on AI-enabled identity threats.