Rogue states are putting AI agents to work on sanctions evasion(theregister.com)

Which agents are they actually running, off-the-shelf Claude or fine-tuned open models like Qwen? The detection story changes completely depending on that.

Our compliance team is four people for a 600-person company, and last quarter they flagged a vendor whose "founder bio" was clearly LLM-generated boilerplate stitched to a real LinkedIn headshot. Took them about a week of back-and-forth to confirm the entity was a shell. If a small SaaS deal trips that wire, I can't imagine what a sanctioned actor with actual agent tooling looks like on the other side. The asymmetry between attacker speed and reviewer headcount is what scares me.

We added a sanctions screening step to our agent pipeline two weeks ago after our compliance lead flagged it, and it caught 3 false positives in customer onboarding that the old keyword filter missed. Cost us about 40 engineering hours to wire up the OFAC list refresh job and the audit logging, but the legal team stopped CC'ing me on every edge case.

sanctions screening still runs on fuzzy name matching from 2014

shell companies spinning up faster than our compliance vendor can ingest filings