AI tools capable of generating near-perfect fake receipts are now outpacing both humans and detection systems – and even the AI models themselves can’t reliably spot the fraud.

A new study has found that OpenAI’s image model, GPT-Image-2, can convincingly alter documents using a technique known as “inpainting” – effectively editing images by replacing small sections with newly generated pixels that match lighting, texture and formatting.

Researchers created more than 3,000 forged documents, including retail receipts and business forms across multiple languages, targeting key fields such as totals, dates and transaction IDs.

When tested, human participants were only able to correctly identify the fake documents 50.1% of the time – no better than a coin toss.

GPT-2 Text Generation: Mastering the Art of AI Creativity | by MLOps Playbook | Medium

Detection tools performed only marginally better. Leading forensic systems TruFor and DocTamper scored just 0.599 and 0.585 respectively when analysing AI-generated forgeries, highlighting a significant drop in effectiveness compared to traditional “cut-and-paste” edits, where accuracy remains high.

Perhaps more concerning, the AI model used to create the forgeries struggled to detect its own work. GPT-Image-2 classified fake images as genuine nearly 85% of the time, with researchers noting that more detailed prompting actually worsened results by introducing false reasoning.

The findings reinforce growing concerns in Australia about AI-driven fraud. Local experts have already warned that generative AI is “democratising” document forgery, making it accessible to anyone with a smartphone.

Incidents involving manipulated invoices and expense claims are rising, with banks and businesses increasingly exposed.

The core issue lies in how AI generates images. Unlike traditional edits that leave detectable traces, AI inpainting creates entirely new pixels that blend seamlessly into the original image – removing the inconsistencies forensic tools rely on.

While safeguards such as metadata tagging and safety filters exist, researchers found they are easily bypassed or stripped out. In testing, OpenAI’s own filters blocked only around 10% of suspicious requests.

Experts say businesses can no longer rely on visual inspection alone. Instead, they recommend verifying documents against original transaction systems and adopting end-to-end authentication methods.

As AI tools continue to improve, the report warns, trust in digital documents will increasingly depend not on detection, but on verification.