In September 2025, the Enforcement Directorate attached properties worth ₹15.41 crore belonging to a GST fraud syndicate in Kolkata and Howrah. The investigation revealed the scale of what it was dealing with: a single criminal network had created and operated 135 shell companies spread across Jharkhand, West Bengal, and Delhi to orchestrate the fraud.
One hundred and thirty-five companies. Three states. One criminal mastermind and a network of associates.
This is not an unusual case. It is a representative one.
India detected GST evasion worth ₹7.08 lakh crore across 91,370 cases over the five financial years from 2020-21 to 2024-25, according to data tabled in Parliament. Of this, ₹1.79 lakh crore was directly related to Input Tax Credit fraud, fake claims, bogus invoices, shell company structures, across 44,938 cases. In FY 2024-25 alone, the figure reached ₹2.23 lakh crore in a single year.
These numbers are not evidence of the system failing. They are evidence of the system working, finding evasion that exists at a scale that demands serious examination of how detection is done. Because for every ₹7.08 lakh crore detected, the question that should follow immediately is: how much was not?
That question is driving senior officials across India’s revenue intelligence apparatus toward a capability that has moved from the realm of emerging technology to genuine operational consideration: agentic AI.
The Shell Company Problem, Specifically
To understand why agentic AI is relevant here, you first need to understand what makes shell company fraud structurally difficult to detect, because the difficulty is not random. It is engineered.
A shell company, in its fraudulent form, is not a complex construction. It is a registered entity with minimal real activity, used to create the appearance of legitimate business transactions. A GST-registered firm that generates invoices without any actual movement of goods. A company whose director is a daily wage labourer whose Aadhaar card was misused for registration. An entity with a registered address that is, on inspection, an empty plot or a courier office.
Individually, these are detectable. The problem is that fraudulent shell company networks are not built around individual entities, they are built around interconnected structures where the fraud is distributed across many entities simultaneously, deliberately making no single transaction large enough to trigger a rule-based alert.
Consider how a typical network operates:
Entity A (a shell company) issues a fake invoice to Entity B (another shell company) for goods that were never manufactured. Entity B claims Input Tax Credit on that invoice and passes it to Entity C, a semi-legitimate business. Entity C uses the fraudulent ITC to reduce its actual tax liability. The money flows through multiple bank accounts, often opened with misused Aadhaar and PAN documents, and eventually reaches the orchestrator, several layers removed from any single transaction that would independently trigger scrutiny.
The MCA’s own data underscores the scale of structural risk: of the approximately 15 lakh registered companies in India, only 6 lakh file their annual returns. That means a large portion of registered corporate entities are, at any given time, either dormant or operating without regulatory visibility, a structural gap that fraudulent shell networks are built to exploit.
The FATF’s India Mutual Evaluation Report, published in September 2024, formally identified shell companies as one of the primary vehicles for money laundering in India, alongside hawala and cash couriers. This is an international assessment of a domestic problem that has reached systemic proportions.
Why Current Detection Has Limits, And What Those Limits Actually Are
Before discussing what agentic AI could offer, it is important to be honest about what current systems do well, and where the limits lie.
India’s revenue intelligence infrastructure has made significant strides. GSTN analytics has become increasingly sophisticated. CBDT and CBIC have invested in data matching and risk-based audit selection. These are real capabilities delivering real results, the ₹7.08 lakh crore detection figure is evidence of that.
The limits are not in the intent or the effort. They are structural, and they arise from three specific characteristics of how shell company fraud is designed:
Scale exceeds human processing capacity
The GSTN processes millions of returns, billions of transactions, and cross-references involving countless entities. The fraudulent signals within that data are real but they are distributed and subtle, patterns that emerge across hundreds of entities, not individual transactions. The ratio of investigators to entities requiring scrutiny makes comprehensive manual coverage impossible.
The connections are cross-database, not within-database
A shell company fraud typically leaves traces across at least four or five separate data environments: GST filings (GSTN), company registration and directorship data (MCA21), income tax returns (CBDT), banking transactions (FIU-IND/bank records), and potentially import-export data (DGFT). Each of these databases is managed by a different agency. Connecting the dots requires human investigators to query each system, export data, and manually correlate, a process that is time-consuming and that, at scale, cannot keep pace with the rate at which new shell networks are established.
The networks adapt faster than rule updates
Rule-based detection systems, including the most sophisticated algorithmic implementations, catch fraud that matches patterns they have been programmed to recognise. Shell company fraudsters study enforcement actions, adapt their structures to avoid the specific patterns that previous detections flagged, and return with modified approaches. The 2024 Chittoor case illustrated this adaptation in granular detail: shell companies registered in the names of economically vulnerable individuals, daily wage workers, marginal farmers, whose documents were misused specifically because such profiles do not match the risk indicators that rule-based systems are trained to flag.
What Agentic AI Offers, As Capability, Not as Deployed Solution
According to McKinsey, despite increasing spending on financial crime compliance by up to 10 percent annually in some markets between 2015 and 2022, the financial industry detects only about 2 percent of global financial crime flows. The gap between investment and detection outcome is a systemic problem globally, and agentic AI is increasingly being examined as the architectural shift that could change this ratio.
Here is what the capability offers, specifically:
Autonomous Cross-Database Investigation
The most immediate contribution agentic AI could make to shell company detection is removing the manual cross-database correlation burden from human investigators.
An agentic AI system assigned to investigate a flagged entity does not query one database and stop. It queries all relevant data environments, GSTN filings, MCA21 directorship records, income tax return data, banking records, import-export data, simultaneously and automatically. It identifies the connections between entities across these databases without requiring a human investigator to manually export, clean, and cross-reference each dataset.
The 135-entity network busted by ED in September 2025 involved connections across three states and multiple corporate entities. Mapping that network manually is a weeks-long exercise. An agentic system, given access to the relevant databases, could construct the entity relationship map, who is connected to whom, through which corporate structures, with what financial flows, as an automated investigative output.
This does not replace the investigator’s judgement. It eliminates the data assembly work that currently consumes most of the investigator’s time, so that judgement can be applied to a complete picture rather than assembled fragments.
Continuous Monitoring, Not Periodic Scrutiny
Current scrutiny processes are necessarily periodic, investigations are triggered by alerts, complaints, risk scores, or audit cycles. Between scrutiny cycles, new shell companies can be registered, new ITC fraud networks can be established, and fraudulent transactions can be processed before any detection mechanism engages.
Agentic AI monitors continuously. An agent assigned to watch for specific risk indicators across GSTN registration data, MCA21 filings, and transaction patterns does not wait for an audit cycle. It flags anomalies as they emerge, a new company registered with a DIN (Director Identification Number) that has already been associated with multiple struck-off entities, a pattern of invoice generation that mirrors the structure of previously detected fraud networks, a cluster of new GST registrations sharing an address or mobile number.
Multi-Agent Investigation Workflows
One of the most operationally significant features of agentic AI architecture is the ability to deploy multiple specialised agents working simultaneously on different aspects of the same investigation.
In a shell company investigation, this might look like: one agent mapping the corporate structure (all connected entities, common directors, shared addresses), a second agent tracing the financial flows (where money entered, how it moved, where it left), a third agent cross-referencing the individuals associated with the network against existing databases of known fraud actors, and a fourth agent compiling the structured investigation report from the outputs of the first three.
These four workstreams, which would require a team of investigators working in sequence over days, run simultaneously and produce a consolidated output in hours.
Pattern Recognition Across Historical Cases
Shell company fraud networks do not appear from nowhere. They share structural characteristics with previous networks, similar entity structures, common directorship patterns, comparable transaction flows. Human investigators who have worked multiple cases develop intuition about these patterns. That intuition is valuable, but it is not scalable and it is not transferable when the investigator moves to a new posting.
An agentic AI system trained on the characteristics of previously detected fraud networks can apply pattern recognition at scale, flagging entities that share structural characteristics with past frauds, even when the specific names, amounts, and locations are different. The pattern is what the system recognises, not the surface-level data.
This is the capability that addresses the “networks adapt faster than rules” problem. Rule-based systems are updated after patterns are identified manually. Agentic AI identifies patterns from historical data and applies them prospectively, adapting to new fraud structures without waiting for a human analyst to notice, document, and codify each adaptation.
The Investigation Workflow It Could Transform
The most concrete way to understand the operational potential of agentic AI for revenue intelligence is through the specific workflow it could transform.
A typical shell company investigation currently follows this approximate sequence: a flag is raised (through a tip, an audit, an algorithm alert, or a field observation), an investigating officer is assigned, the officer manually queries multiple databases, assembles the relevant data into a working picture, identifies the network connections through cross-referencing, prepares a preliminary report, shares it with relevant agencies for further inputs, and eventually produces a structured investigation document for action.
This process can take weeks for a moderately complex case. For a highly distributed network across multiple states and many entities, it can take months. During that time, the network continues to operate.
An agentic AI-assisted workflow compresses the data assembly, cross-referencing, and preliminary mapping phases significantly, delivering to the investigating officer a structured entity relationship map, a transaction flow analysis, and an identified set of high-priority investigative leads. The officer’s expertise is applied to the intelligence the system has assembled, not to the assembly process itself.
Sarvagata AI, Innefu Labs’ sovereign agentic AI platform, is built for precisely this kind of multi-database, multi-agent investigative workflow, with the critical architectural requirement that it operates entirely within the deploying organisation’s secure perimeter. For revenue intelligence agencies handling sensitive taxpayer data and ongoing investigation records, this is not optional. The data cannot leave the agency’s boundary. Sarvagata’s air-gapped, on-premise deployment ensures it does not.
The Bottom Line
₹7.08 lakh crore in detected GST evasion over five years is not a number that represents the full problem, it represents the fraction of the problem that current detection methods have been able to surface. The structural characteristics of shell company fraud, distributed across hundreds of entities, spread across multiple databases and jurisdictions, continuously adapting to enforcement patterns, are specifically designed to stay below the detection threshold of conventional approaches.
Agentic AI does not solve this problem by working harder. It solves it by working differently, autonomously pursuing the cross-database, multi-entity, pattern-recognition investigation that the scale and structure of this fraud demands, at a speed and comprehensiveness that human-led processes cannot match at volume.
For India’s revenue intelligence agencies, CBDT, CBIC, GSTN, SFIO, ED, DRI, the question is not whether this capability will become part of serious fraud detection infrastructure. It is when, and what the architecture of that deployment needs to look like to meet the data sovereignty requirements of the job.
The answer to the second question is unambiguous: sovereign, on-premise, air-gapped. The data stays in the building.
Frequently Asked Questions
1. What is agentic AI, and how is it different from the AI already used in tax fraud detection?
Existing AI in tax fraud detection, including analytics platforms, risk scoring systems, and rule-based anomaly detection, identifies patterns and generates alerts for human review. These are powerful tools that have produced significant detection outcomes. Agentic AI goes a step further: rather than flagging an anomaly and waiting for a human investigator to follow up, an agentic system autonomously pursues the investigation, querying multiple databases, mapping entity relationships, tracing transaction flows, and generating a structured investigative report. The distinction is between AI that surfaces a signal and AI that investigates what the signal means, end to end.
2. Why are shell companies particularly difficult to detect using conventional methods?
Shell company fraud is specifically designed to distribute itself across multiple entities, databases, and jurisdictions so that no single transaction is large enough to trigger a standard alert. The fraud is visible only in aggregate, across hundreds of connected entities, multiple data environments, and often multiple states. Conventional detection, which processes each data environment separately and requires human investigators to manually cross-reference across them, cannot maintain this aggregate view at the scale of India’s GST and corporate registration systems. Agentic AI addresses this by autonomously querying and correlating across all relevant databases simultaneously.
3. How would agentic AI handle a multi-state shell company network investigation?
In a multi-state shell company investigation, an agentic AI system would deploy specialised agents simultaneously across the relevant data environments: one mapping the corporate structure through MCA21 directorship and registration data, one tracing financial flows through transaction records, one cross-referencing individuals against existing fraud intelligence databases, and one correlating GST filing patterns across all connected entities. The outputs of these parallel workstreams are consolidated into a structured entity relationship map and investigation brief, reducing the data assembly phase of the investigation from weeks to hours, so that investigating officers can focus on analysis and action.
4. What data sovereignty requirements must agentic AI meet for revenue intelligence use?
Revenue intelligence agencies handle some of the most sensitive data in government, taxpayer returns, investigation records, informant intelligence, and financial transaction data. Any agentic AI deployment on this data must run entirely on-premise, within the agency’s own infrastructure, with no external data calls, no cloud processing, and no telemetry. This rules out standard commercial cloud-based agentic AI platforms. Sovereign, air-gapped deployment, where every component of the system runs on hardware owned and operated by the agency, is the only architecture that meets the data security requirements of this context.
5. Is agentic AI currently deployed in Indian revenue intelligence agencies?
Agentic AI for revenue intelligence is an emerging capability that Indian agencies are actively evaluating. It is not yet in widespread operational deployment in this sector in India. What is driving the evaluation is a combination of factors: the demonstrated inadequacy of current detection rates relative to the scale of GST fraud, the structural limitations of rule-based systems against adaptive fraud networks, and the maturation of on-premise agentic AI platforms that can meet the data sovereignty requirements of government deployment. The current stage is evaluation and pilot readiness, not operational deployment at scale.
6. How does agentic AI differ from Robotic Process Automation (RPA) in investigation workflows?
RPA follows fixed, predefined process scripts, it moves data between steps in exactly the sequence it was programmed to follow, every time. It cannot adapt when a result is unexpected, handle unstructured data intelligently, or make contextual decisions about which investigative thread to pursue next. Agentic AI reasons about the investigation: it plans which data sources to query based on what it has found, adapts its approach when results change the picture, handles unstructured data including document text and scanned records, and makes contextual decisions about prioritisation. In a shell company investigation, RPA might automate a specific data export; agentic AI conducts the investigation.
