In October, Sardine introduced several updates to combat AI-driven fraud and help risk teams conduct more effective investigations. The new capabilities enable teams to detect deepfakes and Agentic AI automation, increase visibility through tracking links and connections graph enhancements, and streamline investigation workflows.

The highlights: 

• New AI-fraud defense: Deepfake and AI Agent detection signals surface real-time risks from manipulated media and AI-driven activity. 
• Full visibility: Tracking Links that capture device and behavioral intel without an SDK, extending coverage to third-party and external workflows.
• Faster investigations: Enhanced Connections Graph, a new In Progress alert status, and a unified alert view help streamline analysis and reduce duplicate work.
• Strong compliance workflows: Stay audit-ready and reduce false positives with improved Activity Report Search and direct sanctions resolution. 

Assess deepfake risk

AI-generated deepfakes are one of the fastest-growing threats to identity verification. Fraudsters now use manipulated selfies and videos to bypass KYC or remote liveness checks. 

Sardine’s new Deepfake Detection signal helps identify these risks in real time by assessing the likelihood of deepfake usage and classifying each session as low, medium, or high risk. Using this signal, risk teams can create rules that check if a user is spoofing or modifying their camera feed.

This feature is currently integrated in our DocKYC solution. The functionality can also be leveraged by integrating our Device and Behavior SDK into your DocKYC flow, or using Sardine’s tracking links.

Detect AI Agent automation

AI is changing how automation appears across onboarding, transactions, and customer interactions. Bots can now mimic human clicks, typing patterns, and responses well enough to bypass traditional defenses. 

Sardine’s enhanced AI Agent Detection signal identifies these AI-driven interactions in real time, returning a bot name, a confidence score that indicates detection certainty, and an AI classification that ranges from low to very high. The signal combines deterministic and behavioral analysis to separate genuine users from AI-driven activity. 

This can be used to detect automated account openings, scripted payment initiations, and AI-assisted scam chats that would otherwise appear legitimate. With these expanded insights, risk teams can make faster, more accurate decisions and keep their detection models aligned with the latest forms of AI automation.

Capture device and behavioral data with tracking links

Risk visibility often decreases in workflows without SDK integrations. Sardine’s new Tracking Link feature captures device and behavioral data through a one-time interstitial page before redirecting the user, providing full signal capture with no SDK required. 

This expands visibility to third-party portals, external web forms, and one-off verification links, giving teams the same behavioral intelligence used in Sardine’s SDK without additional engineering work. It’s a faster, lighter way to maintain complete risk coverage across every channel.

Focus on relevant entities with Connections Graph enhancements

Complex network views can make it hard to isolate the relationships that matter most. Sardine’s enhanced Connections Graph introduces interactive node expansion and visual connection badges that help analysts declutter views and focus on the most relevant entities. 

With a single click, analysts can expand or collapse connections to trace shared devices, IPs, or accounts, making it easier to uncover mule networks or fraud rings. Badges now show visible connection counts and color indicators that reflect node status, giving analysts faster insight into relationship depth and network activity. 

These improvements make link analysis clearer, faster, and more actionable, helping teams surface meaningful patterns in large, multi-entity investigations.

Avoid duplicate work with “In Progress” alert status

Previously, alerts under manual review often appeared unresolved, making it difficult to see which investigations were actively being worked on. The new In Progress status introduces clear visibility into alerts that are under review, helping teams track progress in real time and avoid duplicate efforts. 

This update improves collaboration between fraud and AML teams by showing exactly when an alert is being handled, and not just waiting in queue. It also enhances auditability by providing a complete record of investigation activity, making the review process more transparent and easier to manage end to end.

Easier resolution of sanctions screening hits

Analysts can now resolve sanctions screening results directly within the Sanctions screen, marking matches as True or False Positive and adding a resolution comment for context. This update streamlines reviews, eliminates duplicate work, and builds a clear, audit-ready record of every decision. 

By resolving false positives at the entity level, teams can focus on truly high-risk matches and maintain complete documentation. Each resolution includes an analyst’s comment, providing transparency and traceability across the entire sanctions review process.

Consolidate alerts tied to the same business

Alerts tied to the same business are now consolidated into a single view with the new Unified Business Alert Listing. This provides a holistic picture of entity-level risk and makes it easier to identify recurring or correlated activity across products and workflows. 

Analysts can view, assign, and make decisions on multiple related alerts at once, improving efficiency and ensuring more consistent outcomes. 

The consolidated view also supports batch assignments and faster prioritization of high-risk entities, helping analysts spend less time managing queues and more time assessing true risk.

Improved search to retrieve activity reports faster

The enhanced Activity Report Search now makes it faster to retrieve reports by subject name, TIN or EIN, and date range. These new filters improve accuracy during audits and investigations, making it easier to cross-reference data and locate the exact report needed. 

This update provides faster, more precise search so teams can quickly find and generate activity reports for regulators, internal audits, or historical lookbacks across multiple risk domains. This will reduce manual work and improve response times during reviews.

Advancing risk intelligence with Sardine

These updates reflect Sardine’s focus on staying ahead of AI-driven fraud. By enhancing identity verification, behavioral detection, and investigative efficiency, the platform gives teams the intelligence and visibility they need to adapt to a rapidly changing threat landscape — and act faster when it matters most.

Want to see these features in action? Get in touch for a demo. 

If you’re a current client, visit the release notes and changelog for more details.