Artificial intelligence has quickly reshaped service offerings and the ways of working in numerous industries, including financial services. Financial advice businesses grappling with the opportunities, challenges and risks presented by AI must pay particular attention to emerging cybersecurity issues.
Wayne Cleghorn, cybersecurity, data protection and AI Partner at Excello, wrote an explainer article for The Financial Times FT Adviser highlighting the key points for financial advice firms to consider and action. A short summary of the article follows below.
What are the key AI cybersecurity risks?
AI is rapidly reshaping the cyber threat landscape, with bad actors using it to scale attacks and create more convincing social engineering, such as AI‑driven voice phishing. This raises the risk of regulatory and reputational scrutiny, should AI systems fail or client data and communications become compromised.
AI-era cyber risks are more complex than anything the financial services sector has previously faced, shifting the threat surface towards human language, intent and behaviour.
Five of the most likely AI cybersecurity dangers include:
- Prompt injection attacks, when a threat actor or user creates an input that is designed to make an AI model behave in a malicious or unintended way.
- Data poisoning attacks, when a threat actor or user manipulates or tampers with an AI model’s training data to produce undesirable outputs.
- Supply chain shadow prompting, when malicious instructions are hidden in the data, documents or AI models provided by third-party suppliers.
- Cross-AI model inconsistency, when different AI models respond inconsistently to the same prompt, creating gaps in controls and oversight.
- Social engineering and ransomware, when threat actors mimic trusted individuals, authorities or organisations to manipulate victims into revealing confidential information or performing unauthorised actions. Also, where malware is used to unlawfully enter and encrypt data systems and then hackers use extortion to get ransom payments.
How can firms identify, minimise and overcome AI cybersecurity risks?
As Wayne explains in detail in FT Adviser, safeguarding against these threats and risks requires security by design and careful controls across the business and supply chain. Internally, this includes IT teams as well as legal, procurement, HR, communications and other disciplines. The oversight of senior leadership is mission critical.
Read the full article for insight on best practice responses to the five threats above and deploying a comprehensive and dynamic cybersecurity strategy for AI.
