Lexi Addington co-authored this article.

Consider this hypothetical: An investigative team is reviewing a vendor relationship flagged for potential overbilling. The file contains dozens of invoices spanning three years, each formatted consistently, bearing the vendor’s letterhead, and supported by an approval email from a senior finance manager. The documents look clean.

But when the team contacts the vendor directly, the vendor has no record of issuing several of the invoices. The approval emails, as it turns out, were never sent by the finance manager. The documents were fabricated convincingly, quickly, and using tools that require no specialized technical knowledge.

This scenario illustrates an emerging challenge with the widespread use of artificial intelligence (AI) that may affect how internal investigations are evaluated and conducted, as well as conversations to be held with in-house counsel and the company at issue.

Reliability and Authenticity

Internal investigations typically involve the examination of financial records, such as bank statements, invoices, purchase orders, and general ledgers, communications such as emails or instant messages, contracts and legal agreements, and so forth. In addition to analyzing the content of such documents, investigators look for red flags with formatting inconsistencies in logos, fonts, letterheads, and more, against legitimate company documents.

If the authenticity of documents is questioned, document review, analytical trends, and measures such as a metadata analysis or audit trail review could be performed to identify fabrication. However, investigators and in-house counsel may now need to question how to confirm the authenticity of records given the ease of use of generative AI, which can create documentation that is difficult to distinguish from authentic materials while simultaneously stripping or altering metadata that would typically point to fabrication. Many AI-generated documents leave no obvious forensic trace that AI was used, and AI content detection tools have limitations in a forensic and legal context.1

What This Means in Practice

For documents material to the investigation’s conclusions, reviewers should be cautious about treating a document’s presence in a custodian’s files, or its consistency with surrounding communications, as sufficient evidence of authenticity. Its provenance may need to be verified, not assumed, through procedures appropriate to the document’s significance, risk, and investigative scope.

This may increase the importance of witness interviews, on-site inspections of data being exported from accounting and ERP systems, direct confirmations with vendors, and other corroborative actions. None of these approaches are new, but their relative importance may increase in an environment where the reliability of documentary records requires greater scrutiny.

Not only should the methods of the investigation be reevaluated, but the timing of such methods should be considered. Witness interviews, typically a complement to documentary review, may need to move earlier in the process. Similarly, confirmations with vendors, counterparties, and employees conducted before the documentary record is fully assembled provide a baseline against which later-produced documents can be evaluated.

Organizations and their counsel should consider whether existing protocols adequately address these risks before an investigation surfaces an evidentiary problem. That means revisiting document authentication protocols, updating custodian scoping and litigation hold language to account for AI-generated content, strengthening corroboration requirements for material documents, and reexamining how and when direct third-party confirmations and on-site verification steps are incorporated into investigative workflows. Companies that do this proactively will be in a substantially better position than those that discover the gap mid-inquiry, when the documents they have been relying on may no longer be trustworthy, and the window for independent corroboration may have already closed.

Conclusion

In summary, investigative techniques need to evolve in today’s age of AI. The tools required to produce convincing documentary evidence are widely available, require no specialized technical knowledge, and will continue to improve. Investigative frameworks and internal controls built on the assumption of uncorroborated document authenticity, particularly where material records are at issue, may warrant reassessment. 

  1. Connor Heaton (CivAI), Shay Cleary, and Michael Navin, AI-generated evidence is a threat to public trust in the courts, National Center for State Courts (Feb. 2026). https://www.ncsc.org/resources-courts/ai-generated-evidence-threat-public-trust-courts; The Problems with AI Detectors: False Positives and False Negatives, University of San Diego Legal Research Center. https://lawlibguides.sandiego.edu/c.php?g=1443311&p=10721367.